The software described in this documentation is either no longer supported or is in extended support.
Oracle recommends that you upgrade to a current supported release.
To list the security, bug-fix, and product-enhancement advisory errata that are available for a client system, use the system_listerrata command:
spacecmd {SSM:0}> system_listerrata svr1.mydom.com
Security Errata
---------------
ELSA-2015-1072 Moderate: openssl security update 6/4/15
ELSA-2015-0863 Moderate: glibc security and bug fix update 4/21/15
ELSA-2015-0794 Moderate: krb5 security update 4/9/15
ELSA-2015-0715 Moderate: openssl security update 3/23/15
ELSA-2015-0700 Moderate: unzip security update 3/18/15
ELSA-2015-0672 Moderate: bind security update 3/12/15
ELSA-2015-0092 Critical: glibc security update 1/27/15
ELSA-2015-0074 Important: jasper security update 1/22/15
ELSA-2015-0066 Moderate: openssl security update 1/20/15
...
Bug Fix Errata
--------------
ELBA-2015-1085 db4 bug fix update 6/10/15
ELBA-2015-1033 glibc bug fix update 5/27/15
ELBA-2015-1018 lvm2 bug fix update 5/20/15
...
Enhancement Errata
------------------
ELEA-2015-0913 tzdata enhancement update 4/28/15
ELEA-2015-0855 tzdata enhancement update 4/18/15
ELEA-2015-3031 kexec-tools enhancement update 4/17/15
...To find out more details about an erratum, use the errata_details command.
spacecmd {SSM:0}> errata_details ELSA-2015-1115
Name: ELSA-2015-1115
Product: Oracle Linux 6
Type: Security Advisory
Issue Date: 6/15/15
Topic
-----
Description
-----------
[1.0.1e-42.8] - improved fix for CVE-2015-1791 - add missing parts of
CVE-2015-0209 fix for corectness although unexploitable [1.0.1e-42.7]
- fix CVE-2014-8176 - invalid free in DTLS buffering code - fix
CVE-2015-1789 - out-of-bounds read in X509_cmp_time - fix
CVE-2015-1790 - PKCS7 crash with missing EncryptedContent - fix
CVE-2015-1791 - race condition handling NewSessionTicket - fix
CVE-2015-1792 - CMS verify infinite loop with unknown hash function -
fix CVE-2015-3216 - regression in RAND locking that can cause
segfaults on read in multithreaded applications
CVEs
----
CVE-2014-8176
CVE-2015-1789
CVE-2015-1790
CVE-2015-1791
CVE-2015-1792
CVE-2015-3216
Solution
--------
References
----------
Affected Channels
-----------------
ol6u6-x86_64
Affected Systems
----------------
3
Affected Packages
-----------------
openssl-1.0.1e-30.el6_6.11.i686
openssl-1.0.1e-30.el6_6.11.x86_64
openssl-devel-1.0.1e-30.el6_6.11.i686
openssl-devel-1.0.1e-30.el6_6.11.x86_64
openssl-perl-1.0.1e-30.el6_6.11.x86_64
openssl-static-1.0.1e-30.el6_6.11.x86_64To find the errata that fix a CVE, use the errata_findbycve command.
spacecmd {SSM:0}> errata_findbycve CVE-2015-3216
CVE-2015-3216:
ELSA-2015-1115
To list the systems to which you could apply an erratum, use the errata_listaffectedsystems command.
spacecmd {SSM:0}> errata_listaffectedsystems ELSA-2015-1115
ELSA-2015-1115:
svr1.mydom.com
svr2.mydom.com
svr3.mydom.comTo apply an erratum to a system, use the system_applyerrata command.
spacecmd {SSM:0}> system_applyerrata svr1.mydom.com ELSA-2015-1115
Errata Systems
-------------- -------
ELSA-2015-1115 1
Apply these errata [y/N]: y
INFO: Scheduled 1 system(s) for ELSA-2015-1115You can apply errata to multiple systems by specifying the following arguments in place of a system name:
channel:
channel_name
Matches systems that are subscribed to the specified software channel.
group:
group_name
Specifies the systems in the named system group.
search:
criterion:value
Matches systems that match a search criterion. See Section 8.3, “Searching for Systems Using spacecmd”.
ssm
Specifies the systems that are currently in the system set, for example:
spacecmd {SSM:0}> ssm_add svr2.mydom.com svr3.mydom.com
spacecmd {SSM:2}> system_applyerrata ssm ELSA-2015-1115
Errata Systems
-------------- -------
ELSA-2015-1115 2
Apply these errata [y/N]: y
INFO: Scheduled 2 system(s) for ELSA-2015-1115
spacecmd {SSM:2}> ssm_clear
spacecmd {SSM:0}>