Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2012-0721-1)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.123906

Categoría: Oracle Linux Local Security Checks

Título: Oracle: Security Advisory (ELSA-2012-0721-1)

Resumen: The remote host is missing an update for the 'kernel, ocfs2-2.6.18-308.8.2.0.1.el5, oracleasm-2.6.18-308.8.2.0.1.el5' package(s) announced via the ELSA-2012-0721-1 advisory.

Descripción: Summary:
The remote host is missing an update for the 'kernel, ocfs2-2.6.18-308.8.2.0.1.el5, oracleasm-2.6.18-308.8.2.0.1.el5' package(s) announced via the ELSA-2012-0721-1 advisory.

Vulnerability Insight:
kernel:

[2.6.18-308.8.2.0.1.el5]
- [net] bonding: fix carrier detect when bond is down [orabug 12377284]
- [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075]
- fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan)
- [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan)
- [x86] Fix lvt0 reset when hvm boot up with noapic param
- [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason)
[orabug 12342275]
- [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346]
- [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566]
- [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042]
- [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646]
- [scsi] fix scsi hotplug and rescan race [orabug 10260172]
- fix filp_close() race (Joe Jin) [orabug 10335998]
- make xenkbd.abs_pointer=1 by default [orabug 67188919]
- [xen] check to see if hypervisor supports memory reservation change
(Chuck Anderson) [orabug 7556514]
- [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki)
[orabug 10315433]
- [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258]
- [mm] shrink_zone patch (John Sobecki,Chris Mason) [orabug 6086839]
- fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042]
- [rds] Patch rds to 1.4.2-20 (Andy Grover) [orabug 9471572, 9344105]
RDS: Fix BUG_ONs to not fire when in a tasklet
ipoib: Fix lockup of the tx queue
RDS: Do not call set_page_dirty() with irqs off (Sherman Pun)
RDS: Properly unmap when getting a remote access error (Tina Yang)
RDS: Fix locking in rds_send_drop_to()
- [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson)
[orabug 9107465]
+- [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson)
[orabug 9764220]
- Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615]
- fix overcommit memory to use percpu_counter for el5 (KOSAKI Motohiro,
Guru Anbalagane) [orabug 6124033]
- [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208]
- [ib] fix memory corruption (Andy Grover) [orabug 9972346]

[2.6.18-308.8.2.el5]
- [xen] x86_64: check address on trap handlers or guest callbacks (Paolo Bonzini) [813430 813431] {CVE-2012-0217}
- [xen] x86_64: Do not execute sysret with a non-canonical return address (Paolo Bonzini) [813430 813431] {CVE-2012-0217}
- [xen] x86: prevent hv boot on AMD CPUs with Erratum 121 (Laszlo Ersek) [824969 824970]

ocfs2:

[1.4.10]
- ocfs2/dlm: Cleanup mlogs in dlmthread.c dlmast.c and dlmdomain.c
- ocfs2/dlm: make existing conversion precedent over new lock
- ocfs2/dlm: Cleanup dlmdebug.c
- ocfs2/dlm: Minor cleanup
- ocfs2/dlm: Hard code the values for enums
- ocfs2: Wakeup down convert thread just after clearing OCFS2 LOCK UPCONVERT FINISHING
- ocfs2/dlm: ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'kernel, ocfs2-2.6.18-308.8.2.0.1.el5, oracleasm-2.6.18-308.8.2.0.1.el5' package(s) on Oracle Linux 5.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-0217
Cert/CC Advisory: TA12-164A
http://www.us-cert.gov/cas/techalerts/TA12-164A.html
CERT/CC vulnerability note: VU#649219
http://www.kb.cert.org/vuls/id/649219
Debian Security Information: DSA-2501 (Google Search)
http://www.debian.org/security/2012/dsa-2501
Debian Security Information: DSA-2508 (Google Search)
http://www.debian.org/security/2012/dsa-2508
https://www.exploit-db.com/exploits/28718/
https://www.exploit-db.com/exploits/46508/
FreeBSD Security Advisory: FreeBSD-SA-12:04
http://security.freebsd.org/advisories/FreeBSD-SA-12:04.sysret.asc
http://security.gentoo.org/glsa/glsa-201309-24.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html
http://lists.xen.org/archives/html/xen-devel/2012-06/msg01072.html
Microsoft Security Bulletin: MS12-042
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-042
NETBSD Security Advisory: NetBSD-SA2012-003
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2012-003.txt.asc
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15596
http://secunia.com/advisories/55082
Common Vulnerability Exposure (CVE) ID: CVE-2012-2934
BugTraq ID: 53961
http://www.securityfocus.com/bid/53961
http://support.amd.com/us/Processor_TechDocs/25759.pdf
http://lists.xen.org/archives/html/xen-announce/2012-06/msg00002.html
http://secunia.com/advisories/51413
SuSE Security Announcement: openSUSE-SU-2012:1572 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html
SuSE Security Announcement: openSUSE-SU-2012:1573 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.123906
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2012-0721-1)
Resumen:	The remote host is missing an update for the 'kernel, ocfs2-2.6.18-308.8.2.0.1.el5, oracleasm-2.6.18-308.8.2.0.1.el5' package(s) announced via the ELSA-2012-0721-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'kernel, ocfs2-2.6.18-308.8.2.0.1.el5, oracleasm-2.6.18-308.8.2.0.1.el5' package(s) announced via the ELSA-2012-0721-1 advisory. Vulnerability Insight: kernel: [2.6.18-308.8.2.0.1.el5] - [net] bonding: fix carrier detect when bond is down [orabug 12377284] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - [scsi] fix scsi hotplug and rescan race [orabug 10260172] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] shrink_zone patch (John Sobecki,Chris Mason) [orabug 6086839] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [rds] Patch rds to 1.4.2-20 (Andy Grover) [orabug 9471572, 9344105] RDS: Fix BUG_ONs to not fire when in a tasklet ipoib: Fix lockup of the tx queue RDS: Do not call set_page_dirty() with irqs off (Sherman Pun) RDS: Properly unmap when getting a remote access error (Tina Yang) RDS: Fix locking in rds_send_drop_to() - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] +- [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for el5 (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] [2.6.18-308.8.2.el5] - [xen] x86_64: check address on trap handlers or guest callbacks (Paolo Bonzini) [813430 813431] {CVE-2012-0217} - [xen] x86_64: Do not execute sysret with a non-canonical return address (Paolo Bonzini) [813430 813431] {CVE-2012-0217} - [xen] x86: prevent hv boot on AMD CPUs with Erratum 121 (Laszlo Ersek) [824969 824970] ocfs2: [1.4.10] - ocfs2/dlm: Cleanup mlogs in dlmthread.c dlmast.c and dlmdomain.c - ocfs2/dlm: make existing conversion precedent over new lock - ocfs2/dlm: Cleanup dlmdebug.c - ocfs2/dlm: Minor cleanup - ocfs2/dlm: Hard code the values for enums - ocfs2: Wakeup down convert thread just after clearing OCFS2 LOCK UPCONVERT FINISHING - ocfs2/dlm: ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'kernel, ocfs2-2.6.18-308.8.2.0.1.el5, oracleasm-2.6.18-308.8.2.0.1.el5' package(s) on Oracle Linux 5. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0217 Cert/CC Advisory: TA12-164A http://www.us-cert.gov/cas/techalerts/TA12-164A.html CERT/CC vulnerability note: VU#649219 http://www.kb.cert.org/vuls/id/649219 Debian Security Information: DSA-2501 (Google Search) http://www.debian.org/security/2012/dsa-2501 Debian Security Information: DSA-2508 (Google Search) http://www.debian.org/security/2012/dsa-2508 https://www.exploit-db.com/exploits/28718/ https://www.exploit-db.com/exploits/46508/ FreeBSD Security Advisory: FreeBSD-SA-12:04 http://security.freebsd.org/advisories/FreeBSD-SA-12:04.sysret.asc http://security.gentoo.org/glsa/glsa-201309-24.xml http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html http://lists.xen.org/archives/html/xen-devel/2012-06/msg01072.html Microsoft Security Bulletin: MS12-042 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-042 NETBSD Security Advisory: NetBSD-SA2012-003 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2012-003.txt.asc https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15596 http://secunia.com/advisories/55082 Common Vulnerability Exposure (CVE) ID: CVE-2012-2934 BugTraq ID: 53961 http://www.securityfocus.com/bid/53961 http://support.amd.com/us/Processor_TechDocs/25759.pdf http://lists.xen.org/archives/html/xen-announce/2012-06/msg00002.html http://secunia.com/advisories/51413 SuSE Security Announcement: openSUSE-SU-2012:1572 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html SuSE Security Announcement: openSUSE-SU-2012:1573 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html
Copyright	Copyright (C) 2015 Greenbone AG