Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.870892
Kategorie:Red Hat Local Security Checks
Titel:RedHat Update for kernel RHSA-2013:0168-01
Zusammenfassung:The remote host is missing an update for the 'kernel'; package(s) announced via the referenced advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'kernel'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* It was found that the Xen hypervisor implementation did not perform
range checking on the guest provided values in multiple hypercalls. A
privileged guest user could use this flaw to trigger long loops, leading
to a denial of service (Xen hypervisor hang). (CVE-2012-5515, Moderate)

* A flaw was found in the way the Linux kernel's IPv6 implementation
handled overlapping, fragmented IPv6 packets. A remote attacker could
potentially use this flaw to bypass protection mechanisms (such as a
firewall or intrusion detection system (IDS)) when sending network packets
to a target system. (CVE-2012-4444, Low)

Red Hat would like to thank the Xen project for reporting CVE-2012-5515,
and Antonios Atlasis working with Beyond Security's SecuriTeam Secure
Disclosure program and Loganaden Velvindron of AFRINIC for reporting
CVE-2012-4444.

This update also fixes several bugs. Space precludes documenting all of
these changes in this advisory. Documentation for these changes will be
available shortly from the Red Hat Enterprise Linux 5.9 Technical Notes
document linked to in the References section.

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

Affected Software/OS:
kernel on Red Hat Enterprise Linux (v. 5 server)

Solution:
Please Install the Updated Packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2012-1568
http://scarybeastsecurity.blogspot.com/2012/03/some-random-observations-on-linux-aslr.html
http://www.openwall.com/lists/oss-security/2012/03/20/4
http://openwall.com/lists/oss-security/2012/03/21/3
Common Vulnerability Exposure (CVE) ID: CVE-2012-4444
https://media.blackhat.com/bh-eu-12/Atlasis/bh-eu-12-Atlasis-Attacking_IPv6-WP.pdf
http://www.openwall.com/lists/oss-security/2012/11/09/2
RedHat Security Advisories: RHSA-2012:1580
http://rhn.redhat.com/errata/RHSA-2012-1580.html
SuSE Security Announcement: SUSE-SU-2013:0856 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00000.html
http://www.ubuntu.com/usn/USN-1660-1
http://www.ubuntu.com/usn/USN-1661-1
Common Vulnerability Exposure (CVE) ID: CVE-2012-5515
BugTraq ID: 56798
http://www.securityfocus.com/bid/56798
Debian Security Information: DSA-2582 (Google Search)
http://www.debian.org/security/2012/dsa-2582
http://security.gentoo.org/glsa/glsa-201309-24.xml
http://lists.xen.org/archives/html/xen-announce/2012-12/msg00001.html
http://www.openwall.com/lists/oss-security/2012/12/03/9
http://www.osvdb.org/88127
http://secunia.com/advisories/51397
http://secunia.com/advisories/51468
http://secunia.com/advisories/51486
http://secunia.com/advisories/51487
http://secunia.com/advisories/51495
http://secunia.com/advisories/55082
SuSE Security Announcement: SUSE-SU-2012:1606 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00000.html
SuSE Security Announcement: SUSE-SU-2012:1615 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00001.html
SuSE Security Announcement: SUSE-SU-2014:0446 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
SuSE Security Announcement: SUSE-SU-2014:0470 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html
SuSE Security Announcement: openSUSE-SU-2012:1685 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00018.html
SuSE Security Announcement: openSUSE-SU-2012:1687 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00019.html
SuSE Security Announcement: openSUSE-SU-2013:0133 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00011.html
SuSE Security Announcement: openSUSE-SU-2013:0636 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html
SuSE Security Announcement: openSUSE-SU-2013:0637 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.html
XForce ISS Database: xen-extentorder-dos(80479)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80479
CopyrightCopyright (c) 2013 Greenbone Networks GmbH

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.