Detections
Analytics

Oracle Linux 5 : gfs2-utils (ELSA-2009-1337)

medium Nessus Plugin ID 180628

Language:

Synopsis

The remote Oracle Linux host is missing a security update.

Description

The remote Oracle Linux 5 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2009-1337 advisory.

 [0.1.62-1]
 - Fix man page references to fsck.gfs2.
 - Resolves: rhbz#477072

 [0.1.61-1]
 - fsck.gfs2 no longer segfaults when fixing 'EA leaf block type' problems.
 - Resolves: rhbz#510758

 [0.1.60-1]
 - When '/' is a gfs2 file system it is now properly mounted without an error.
 - Resolves: rhbz#507893

 [0.1.59-1]
 - gfs_convert -vy now works properly on a ppc system.
 - Resolves: rhbz#506629

 [0.1.58-1]
 - Fixed an issue with the gfs2_edit savemeta function not saving blocks of type 2.
 - Resolves: rhbz#502056

 [0.1.57-1]
 - A gfs filesystems metadata is now properly copied with 'gfs2_edit savemeta'
 - Resolves: rhbz#501732

 [0.1.56-1]
 - gfs2_fsck now properly fixes journal sequence numbers
 - The debugfs mount point has been randomized to prevent symlink attacks
 - Resolves: rhbz#498646 rhbz#498950

 [0.1.55-1]
 - gfs2_convert now properly frees blocks when removing a file with a height greater than 1
 - Updated man pages
 - Added options to gfs2_tool df to provide more human readable output
 - GFS2 utilities now use and provide filesystem UUID
 - gfs2_fsck now uses the proper return codes
 - gfs2_edit has been updated
 - gfs2_tool df no longer segfaults on a non-4k block size
 - gfs2_grow no longer references the '-r' option
 - gfs2_convert no longer causes filesystem corruption
 - gfs2_edit has been improved to help differentiate between zero-data and non-zero data from pointers
 - gfs2_edit now properly saves the per-node quota files
 - A segfault in gfs2_fsck as been fixed
 - Resolves: rhbz#474707 rhbz#477072 rhbz#480833 rhbz#242701 rhbz#474705 rhbz#483799 rhbz#485761 rhbz#486034 rhbz#490136 rhbz#483799 rhbz#496330

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected gfs2-utils package.

See Also

https://linux.oracle.com/errata/ELSA-2009-1337.html

Plugin Details

Severity: Medium

ID: 180628

File Name: oraclelinux_ELSA-2009-1337.nasl

Version: 1.2

Type: local

Agent: unix

Published: 9/7/2023

Updated: 10/22/2024

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 5.1

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2008-6552

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:gfs2-utils, cpe:/o:oracle:linux:5

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux

Exploit Ease: No known exploits are available

Patch Publication Date: 9/8/2009

Vulnerability Publication Date: 11/7/2008

Reference Information

CVE: CVE-2008-6552