Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2015-2401)

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.122752

Category: Oracle Linux Local Security Checks

Title: Oracle: Security Advisory (ELSA-2015-2401)

Summary: The remote host is missing an update for the 'grub2' package(s) announced via the ELSA-2015-2401 advisory.

Description: Summary:
The remote host is missing an update for the 'grub2' package(s) announced via the ELSA-2015-2401 advisory.

Vulnerability Insight:
[2.02-0.29.0.1]
- Fix comparison in patch for 18504756
- Remove symlink to grub environment file during uninstall on EFI platforms
[bug 19231481]
- update Oracle Linux certificates (Alexey Petrenko)
- Put 'with' in menuentry instead of 'using' [bug 18504756]
- Use different titles for UEK and RHCK kernels [bug 18504756]

[2.02-0.29]
- Fix DHCP6 timeouts due to failed network stack once more.
Resolves: rhbz#1267139

[2.02-0.28]
- Once again, rebuild for the right build target.
Resolves: CVE-2015-5281

[2.02-0.27]
- Remove multiboot and multiboot2 modules from the .efi builds, they
should never have been there.
Resolves: CVE-2015-5281

[2.02-0.26]
- Be more aggressive about trying to make sure we use the configured SNP
device in UEFI.
Resolves: rhbz#1257475

[2.02-0.25]
- Force file sync to disk on ppc64le machines.
Resolves: rhbz#1212114

[2.02-0.24]
- Undo 0.23 and fix it a different way.
Resolves: rhbz#1124074

[2.02-0.23]
- Reverse kernel sort order so they're displayed correctly.
Resolves: rhbz#1124074

[2.02-0.22]
- Make upgrades work reasonably well with grub2-setpassword.
Related: rhbz#985962

[2.02-0.21]
- Add a simpler grub2 password config tool
Related: rhbz#985962
- Some more coverity nits.

[2.02-0.20]
- Deal with some coverity nits.
Related: rhbz#1215839
Related: rhbz#1124074

[2.02-0.19]
- Rebuild for Aarch64
- Deal with some coverity nits.
Related: rhbz#1215839
Related: rhbz#1124074

[2.02-0.18]
- Update for an rpmdiff problem with one of the man pages.
Related: rhbz#1124074

Affected Software/OS:
'grub2' package(s) on Oracle Linux 7.

Solution:
Please install the updated package(s).

CVSS Score:
2.6

CVSS Vector:
AV:L/AC:H/Au:N/C:P/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-5281
1034198
http://www.securitytracker.com/id/1034198
77983
http://www.securityfocus.com/bid/77983
FEDORA-2015-2c155d7632
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172942.html
FEDORA-2015-c3b4fef3af
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172611.html
RHSA-2015:2401
http://rhn.redhat.com/errata/RHSA-2015-2401.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
https://bugzilla.redhat.com/show_bug.cgi?id=1264103

Copyright Copyright (C) 2015 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.122752
Category:	Oracle Linux Local Security Checks
Title:	Oracle: Security Advisory (ELSA-2015-2401)
Summary:	The remote host is missing an update for the 'grub2' package(s) announced via the ELSA-2015-2401 advisory.
Description:	Summary: The remote host is missing an update for the 'grub2' package(s) announced via the ELSA-2015-2401 advisory. Vulnerability Insight: [2.02-0.29.0.1] - Fix comparison in patch for 18504756 - Remove symlink to grub environment file during uninstall on EFI platforms [bug 19231481] - update Oracle Linux certificates (Alexey Petrenko) - Put 'with' in menuentry instead of 'using' [bug 18504756] - Use different titles for UEK and RHCK kernels [bug 18504756] [2.02-0.29] - Fix DHCP6 timeouts due to failed network stack once more. Resolves: rhbz#1267139 [2.02-0.28] - Once again, rebuild for the right build target. Resolves: CVE-2015-5281 [2.02-0.27] - Remove multiboot and multiboot2 modules from the .efi builds, they should never have been there. Resolves: CVE-2015-5281 [2.02-0.26] - Be more aggressive about trying to make sure we use the configured SNP device in UEFI. Resolves: rhbz#1257475 [2.02-0.25] - Force file sync to disk on ppc64le machines. Resolves: rhbz#1212114 [2.02-0.24] - Undo 0.23 and fix it a different way. Resolves: rhbz#1124074 [2.02-0.23] - Reverse kernel sort order so they're displayed correctly. Resolves: rhbz#1124074 [2.02-0.22] - Make upgrades work reasonably well with grub2-setpassword. Related: rhbz#985962 [2.02-0.21] - Add a simpler grub2 password config tool Related: rhbz#985962 - Some more coverity nits. [2.02-0.20] - Deal with some coverity nits. Related: rhbz#1215839 Related: rhbz#1124074 [2.02-0.19] - Rebuild for Aarch64 - Deal with some coverity nits. Related: rhbz#1215839 Related: rhbz#1124074 [2.02-0.18] - Update for an rpmdiff problem with one of the man pages. Related: rhbz#1124074 Affected Software/OS: 'grub2' package(s) on Oracle Linux 7. Solution: Please install the updated package(s). CVSS Score: 2.6 CVSS Vector: AV:L/AC:H/Au:N/C:P/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-5281 1034198 http://www.securitytracker.com/id/1034198 77983 http://www.securityfocus.com/bid/77983 FEDORA-2015-2c155d7632 http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172942.html FEDORA-2015-c3b4fef3af http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172611.html RHSA-2015:2401 http://rhn.redhat.com/errata/RHSA-2015-2401.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html https://bugzilla.redhat.com/show_bug.cgi?id=1264103
Copyright	Copyright (C) 2015 Greenbone AG