Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2013-2503)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.123731

Categoría: Oracle Linux Local Security Checks

Título: Oracle: Security Advisory (ELSA-2013-2503)

Resumen: The remote host is missing an update for the 'kernel-uek' package(s) announced via the ELSA-2013-2503 advisory.

Descripción: Summary:
The remote host is missing an update for the 'kernel-uek' package(s) announced via the ELSA-2013-2503 advisory.

Vulnerability Insight:
[2.6.39-300.28.1]
- kmod: make __request_module() killable (Oleg Nesterov) [Orabug: 16286305]
{CVE-2012-4398}
- kmod: introduce call_modprobe() helper (Oleg Nesterov) [Orabug: 16286305]
{CVE-2012-4398}
- usermodehelper: implement UMH_KILLABLE (Oleg Nesterov) [Orabug: 16286305]
{CVE-2012-4398}
- usermodehelper: introduce umh_complete(sub_info) (Oleg Nesterov) [Orabug:
16286305] {CVE-2012-4398}
- KVM: x86: invalid opcode oops on SET_SREGS with OSXSAVE bit set
(CVE-2012-4461) (Jerry Snitselaar) [Orabug: 16286290] {CVE-2012-4461}
- exec: do not leave bprm->interp on stack (Kees Cook) [Orabug: 16286267]
{CVE-2012-4530}
- exec: use -ELOOP for max recursion depth (Kees Cook) [Orabug: 16286267]
{CVE-2012-4530}

[2.6.39-300.27.1]
- xen-pciback: rate limit error messages from xen_pcibk_enable_msi{,x}() (Jan
Beulich) [Orabug: 16243736] {CVE-2013-0231}
- Xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS guests.
(Frediano Ziglio) [Orabug: 16274171] {CVE-2013-0190}
- netback: correct netbk_tx_err to handle wrap around. (Ian Campbell) [Orabug:
16243309]
- xen/netback: free already allocated memory on failure in
xen_netbk_get_requests (Ian Campbell) [Orabug: 16243309]
- xen/netback: don't leak pages on failure in xen_netbk_tx_check_gop. (Ian
Campbell) [Orabug: 16243309]
- xen/netback: shutdown the ring if it contains garbage. (Ian Campbell)
[Orabug: 16243309]
- ixgbevf fix typo in Makefile (Maxim Uvarov) [Orabug: 16179639 16168292]

Affected Software/OS:
'kernel-uek' package(s) on Oracle Linux 5, Oracle Linux 6.

Solution:
Please install the updated package(s).

CVSS Score:
5.2

CVSS Vector:
AV:A/AC:M/Au:S/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-4398
55077
http://secunia.com/advisories/55077
55361
http://www.securityfocus.com/bid/55361
RHSA-2013:0223
http://rhn.redhat.com/errata/RHSA-2013-0223.html
RHSA-2013:1348
http://rhn.redhat.com/errata/RHSA-2013-1348.html
SUSE-SU-2015:0481
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html
[linux-kernel] 20120207 [PATCH 5/5] kmod: make __request_module() killable
http://lkml.indiana.edu/hypermail/linux/kernel/1202.0/03340.html
[oss-security] 20120902 CVE Request -- kernel: request_module() OOM local DoS
http://www.openwall.com/lists/oss-security/2012/09/02/3
http://www.kernel.org/pub/linux/kernel/v3.x/linux-3.4.tar.bz2
https://bugzilla.redhat.com/show_bug.cgi?id=853474
openSUSE-SU-2015:0566
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html
Common Vulnerability Exposure (CVE) ID: CVE-2012-4461
51160
http://secunia.com/advisories/51160
56414
http://www.securityfocus.com/bid/56414
RHSA-2013:0882
http://rhn.redhat.com/errata/RHSA-2013-0882.html
SUSE-SU-2012:1679
https://www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html
[oss-security] 20121106 CVE-2012-4461 -- kernel: kvm: invalid opcode oops on SET_SREGS with OSXSAVE bit set
http://www.openwall.com/lists/oss-security/2012/11/06/14
http://article.gmane.org/gmane.comp.emulators.kvm.devel/100742
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git%3Ba=commit%3Bh=6d1068b3a98519247d8ba4ec85cd40ac136dbdf9
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.6.9
https://bugzilla.redhat.com/show_bug.cgi?id=862900
openSUSE-SU-2013:0925
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html
Common Vulnerability Exposure (CVE) ID: CVE-2012-4530
SUSE-SU-2013:0674
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00018.html
[oss-security] 20121019 Re: CVE Request -- kernel stack disclosure in binfmt_script load_script()
http://www.openwall.com/lists/oss-security/2012/10/19/3
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b66c5984017533316fd1951770302649baf1aa33
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.2
https://bugzilla.redhat.com/show_bug.cgi?id=868285
https://github.com/torvalds/linux/commit/b66c5984017533316fd1951770302649baf1aa33
Common Vulnerability Exposure (CVE) ID: CVE-2013-0190
57433
http://www.securityfocus.com/bid/57433
RHSA-2013:0496
http://rhn.redhat.com/errata/RHSA-2013-0496.html
USN-1725-1
http://www.ubuntu.com/usn/USN-1725-1
USN-1728-1
http://www.ubuntu.com/usn/USN-1728-1
[oss-security] 20130116 Xen Security Advisory 40 (CVE-2013-0190) - Linux stack corruption in xen_failsafe_callback for 32bit PVOPS guests.
http://www.openwall.com/lists/oss-security/2013/01/16/8
[oss-security] 20130116 [PATCH] xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS guests.
http://www.openwall.com/lists/oss-security/2013/01/16/6
https://bugzilla.redhat.com/show_bug.cgi?id=896038
Common Vulnerability Exposure (CVE) ID: CVE-2013-0216
MDVSA-2013:176
http://www.mandriva.com/security/advisories?name=MDVSA-2013:176
[oss-security] 20130205 Xen Security Advisory 39 (CVE-2013-0216,CVE-2013-0217) - Linux netback DoS via malicious guest ring.
http://www.openwall.com/lists/oss-security/2013/02/05/12
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=48856286b64e4b66ec62b94e504d0b29c1ade664
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.8
https://bugzilla.redhat.com/show_bug.cgi?id=910883
https://github.com/torvalds/linux/commit/48856286b64e4b66ec62b94e504d0b29c1ade664
openSUSE-SU-2013:0395
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00004.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-0217
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7d5145d8eb2b9791533ffe4dc003b129b9696c48
https://github.com/torvalds/linux/commit/7d5145d8eb2b9791533ffe4dc003b129b9696c48
Common Vulnerability Exposure (CVE) ID: CVE-2013-0231
52059
http://secunia.com/advisories/52059
57740
http://www.securityfocus.com/bid/57740
89903
http://osvdb.org/89903
DSA-2632
http://www.debian.org/security/2013/dsa-2632
[oss-security] 20130205 Xen Security Advisory 43 (CVE-2013-0231) - Linux pciback DoS via not rate limited log messages.
http://www.openwall.com/lists/oss-security/2013/02/05/9
xen-pcibackenablemsi-dos(81923)
https://exchange.xforce.ibmcloud.com/vulnerabilities/81923

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.123731
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2013-2503)
Resumen:	The remote host is missing an update for the 'kernel-uek' package(s) announced via the ELSA-2013-2503 advisory.
Descripción:	Summary: The remote host is missing an update for the 'kernel-uek' package(s) announced via the ELSA-2013-2503 advisory. Vulnerability Insight: [2.6.39-300.28.1] - kmod: make __request_module() killable (Oleg Nesterov) [Orabug: 16286305] {CVE-2012-4398} - kmod: introduce call_modprobe() helper (Oleg Nesterov) [Orabug: 16286305] {CVE-2012-4398} - usermodehelper: implement UMH_KILLABLE (Oleg Nesterov) [Orabug: 16286305] {CVE-2012-4398} - usermodehelper: introduce umh_complete(sub_info) (Oleg Nesterov) [Orabug: 16286305] {CVE-2012-4398} - KVM: x86: invalid opcode oops on SET_SREGS with OSXSAVE bit set (CVE-2012-4461) (Jerry Snitselaar) [Orabug: 16286290] {CVE-2012-4461} - exec: do not leave bprm->interp on stack (Kees Cook) [Orabug: 16286267] {CVE-2012-4530} - exec: use -ELOOP for max recursion depth (Kees Cook) [Orabug: 16286267] {CVE-2012-4530} [2.6.39-300.27.1] - xen-pciback: rate limit error messages from xen_pcibk_enable_msi{,x}() (Jan Beulich) [Orabug: 16243736] {CVE-2013-0231} - Xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS guests. (Frediano Ziglio) [Orabug: 16274171] {CVE-2013-0190} - netback: correct netbk_tx_err to handle wrap around. (Ian Campbell) [Orabug: 16243309] - xen/netback: free already allocated memory on failure in xen_netbk_get_requests (Ian Campbell) [Orabug: 16243309] - xen/netback: don't leak pages on failure in xen_netbk_tx_check_gop. (Ian Campbell) [Orabug: 16243309] - xen/netback: shutdown the ring if it contains garbage. (Ian Campbell) [Orabug: 16243309] - ixgbevf fix typo in Makefile (Maxim Uvarov) [Orabug: 16179639 16168292] Affected Software/OS: 'kernel-uek' package(s) on Oracle Linux 5, Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 5.2 CVSS Vector: AV:A/AC:M/Au:S/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-4398 55077 http://secunia.com/advisories/55077 55361 http://www.securityfocus.com/bid/55361 RHSA-2013:0223 http://rhn.redhat.com/errata/RHSA-2013-0223.html RHSA-2013:1348 http://rhn.redhat.com/errata/RHSA-2013-1348.html SUSE-SU-2015:0481 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html [linux-kernel] 20120207 [PATCH 5/5] kmod: make __request_module() killable http://lkml.indiana.edu/hypermail/linux/kernel/1202.0/03340.html [oss-security] 20120902 CVE Request -- kernel: request_module() OOM local DoS http://www.openwall.com/lists/oss-security/2012/09/02/3 http://www.kernel.org/pub/linux/kernel/v3.x/linux-3.4.tar.bz2 https://bugzilla.redhat.com/show_bug.cgi?id=853474 openSUSE-SU-2015:0566 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html Common Vulnerability Exposure (CVE) ID: CVE-2012-4461 51160 http://secunia.com/advisories/51160 56414 http://www.securityfocus.com/bid/56414 RHSA-2013:0882 http://rhn.redhat.com/errata/RHSA-2013-0882.html SUSE-SU-2012:1679 https://www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html [oss-security] 20121106 CVE-2012-4461 -- kernel: kvm: invalid opcode oops on SET_SREGS with OSXSAVE bit set http://www.openwall.com/lists/oss-security/2012/11/06/14 http://article.gmane.org/gmane.comp.emulators.kvm.devel/100742 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git%3Ba=commit%3Bh=6d1068b3a98519247d8ba4ec85cd40ac136dbdf9 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.6.9 https://bugzilla.redhat.com/show_bug.cgi?id=862900 openSUSE-SU-2013:0925 http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html Common Vulnerability Exposure (CVE) ID: CVE-2012-4530 SUSE-SU-2013:0674 http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00018.html [oss-security] 20121019 Re: CVE Request -- kernel stack disclosure in binfmt_script load_script() http://www.openwall.com/lists/oss-security/2012/10/19/3 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b66c5984017533316fd1951770302649baf1aa33 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.2 https://bugzilla.redhat.com/show_bug.cgi?id=868285 https://github.com/torvalds/linux/commit/b66c5984017533316fd1951770302649baf1aa33 Common Vulnerability Exposure (CVE) ID: CVE-2013-0190 57433 http://www.securityfocus.com/bid/57433 RHSA-2013:0496 http://rhn.redhat.com/errata/RHSA-2013-0496.html USN-1725-1 http://www.ubuntu.com/usn/USN-1725-1 USN-1728-1 http://www.ubuntu.com/usn/USN-1728-1 [oss-security] 20130116 Xen Security Advisory 40 (CVE-2013-0190) - Linux stack corruption in xen_failsafe_callback for 32bit PVOPS guests. http://www.openwall.com/lists/oss-security/2013/01/16/8 [oss-security] 20130116 [PATCH] xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS guests. http://www.openwall.com/lists/oss-security/2013/01/16/6 https://bugzilla.redhat.com/show_bug.cgi?id=896038 Common Vulnerability Exposure (CVE) ID: CVE-2013-0216 MDVSA-2013:176 http://www.mandriva.com/security/advisories?name=MDVSA-2013:176 [oss-security] 20130205 Xen Security Advisory 39 (CVE-2013-0216,CVE-2013-0217) - Linux netback DoS via malicious guest ring. http://www.openwall.com/lists/oss-security/2013/02/05/12 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=48856286b64e4b66ec62b94e504d0b29c1ade664 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.8 https://bugzilla.redhat.com/show_bug.cgi?id=910883 https://github.com/torvalds/linux/commit/48856286b64e4b66ec62b94e504d0b29c1ade664 openSUSE-SU-2013:0395 http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00004.html Common Vulnerability Exposure (CVE) ID: CVE-2013-0217 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7d5145d8eb2b9791533ffe4dc003b129b9696c48 https://github.com/torvalds/linux/commit/7d5145d8eb2b9791533ffe4dc003b129b9696c48 Common Vulnerability Exposure (CVE) ID: CVE-2013-0231 52059 http://secunia.com/advisories/52059 57740 http://www.securityfocus.com/bid/57740 89903 http://osvdb.org/89903 DSA-2632 http://www.debian.org/security/2013/dsa-2632 [oss-security] 20130205 Xen Security Advisory 43 (CVE-2013-0231) - Linux pciback DoS via not rate limited log messages. http://www.openwall.com/lists/oss-security/2013/02/05/9 xen-pcibackenablemsi-dos(81923) https://exchange.xforce.ibmcloud.com/vulnerabilities/81923
Copyright	Copyright (C) 2015 Greenbone AG