support.hpe.com
Open in
urlscan Pro
16.248.72.79
Public Scan
Submitted URL: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05352241
Effective URL: https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-c05352241
Submission: On November 25 via api from PL — Scanned from DE
Effective URL: https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-c05352241
Submission: On November 25 via api from PL — Scanned from DE
Form analysis 1 forms found in the DOM
Name: hpehf-search-form — https://www.hpe.com/us/en/search-results.html?page=1&q=&autocomplete=0
<form name="hpehf-search-form" action="https://www.hpe.com/us/en/search-results.html?page=1&q=&autocomplete=0" class="hpehf-search-form hpehf-centered-content"><input type="text" id="hpehf-search-input"
class="hpehf-search-input js-search-field" placeholder="hpe.com durchsuchen" name="q" autocomplete="off"
spellcheck="false"><a href="javascipt:void(0);" id="hpehf-search-submit" title="Search" aria-label="Search"><svg width="24" height="24" focusable="false" viewBox="0 0 24 24" fill="#000" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M10.5,0C4.7,0,0,4.7,0,10.5C0,16.3,4.7,21,10.5,21c2.5,0,4.8-0.9,6.6-2.3l5.3,5.3l1.6-1.6l-5.3-5.3 c1.5-1.8,2.3-4.1,2.3-6.6C21,4.7,16.3,0,10.5,0z M1.9,10.6c0-4.8,3.8-8.6,8.6-8.6c4.7,0,8.6,3.9,8.6,8.6c0,4.8-3.8,8.6-8.6,8.6 C5.7,19.2,1.9,15.3,1.9,10.6z"></path></svg></a><a href="javascript:void(0);" class="hpehf-srch-menu-close hpehf-close-btn" title="Abschließen" aria-label="Abschließen"><svg width="24" height="24" focusable="false" viewBox="0 0 24 24" fill="#000" xmlns="http://www.w3.org/2000/svg"><polygon points="21.8,23.4 12,13.7 2.2,23.4 0.6,21.8 10.3,12 0.6,2.2 2.2,0.6 12,10.3 21.8,0.6 23.4,2.2 13.7,12 23.4,21.8 "></polygon></svg><span class="hpehf-srch-close-text">Abschließen</span></a>
</form>Text Content
Diese Website verwendet Cookies. Während einige Cookies für die
Funktionsfähigkeit der Website benötigt werden, können Sie weitere
nicht-wesentliche Cookies aktivieren, die Ihr Erlebnis personalisieren und
verbessern. Weitere Informationen hierzu finden Sie in unserer
Datenschutzerklärung.
Optionale Cookies
Ja
Nein
*
Warenkorb
Abschließen
Abschließen
HPE GreenLake
Cloud Services
HPE GreenLake Central
Cloud-Konsolen
Daten-Services
Rechenleistung
Konnektivität
Aruba Central
HPE Ressourcen
* Support
* Financial Services
* Entwickler
* Communities
* www.hpe.com
Abschließen
* Sign Out
Abschließen
* Gute Gründe für HPE
* Produkte
* Automatisierung
* Wenden Sie sich an
* Deutschland (DE)
SUPPORT CENTER
Zum Hauptinhalt wechseln
Menü-KnopfZurück
* Startseite
Startseite
* HPE Support Center
* Arbeitsplatz
* Verwalten
Verwalten
* Supportanfragen
* Meine Verträge
* Service Credits
* Services
Services
* HPE GreenLake
* HPE Pointnext Complete Care
* HPE Datacenter Care
* HPE Pointnext Tech Care
* HPE Proactive Care Advanced
* HPE Proactive Care
* HPE Foundation Care
* Produkte
Produkte
* Meine Produkte
* HPE InfoSight
* HPE Active Health System Viewer
* HPE GreenLake Central
* Meine IT-Umgebung
* Für Produkt-Warnmeldungen anmelden
* Downloads
Downloads
* Treiber und Software finden
* Wichtige Downloads
* Mein HPE Software Center
* Patch-Management
* Wissen
Wissen
* Dokumente finden
* Top-Lösungen
* QuickSpecs
* Handbücher
* Sicherheitsbulletins
* Videos
* Foren
* Ressourcen
Ressourcen
*
* Garantieüberprüfung
* HPE Aruba Support-Portal
* Mein Complete Care
* Mein Dokument-Archiv
* Diagnosekennwörter
* Import/Export-Klassifizierungsdaten
* HPE Community-Foren
* Ausrüstungsteile validieren
* Support
Support
* Sitehilfe
* Website-Support
* Website-Feedback
* Chat-Unterstützung
* HPE Produktsupport anrufen
* HPE Aruba Produktsupport anrufen
* HPE Nimble Produktsupport anrufen
*
*
*
*
SUPPORT CENTER
Sie haben keine neuen Benachrichtigungen.
*
Deutschland - Deutsch
* Anmelden
HPE Support durchsuchen
Manage privacy and data collection on HPE.com
Englisch
Englisch
status icon
Treffer
0
von
0
HPSBGN03681 rev.1 - HPE Helion OpenStack (HOS) and HPE Helion CloudSystem using
Linux kernel, Local Elevation of Privilege
SECURITY BULLETIN
Document ID: c05352241
Version: 1
HPSBGN03681 rev.1 - HPE Helion OpenStack (HOS) and HPE Helion CloudSystem using
Linux kernel, Local Elevation of Privilege
NOTICE: The information in this Security Bulletin should be acted upon as soon
as possible.
Release Date: 2017-01-11
Last Updated: 2017-02-24
--------------------------------------------------------------------------------
Potential Security Impact: Local: Elevation of Privilege
Source: Hewlett Packard Enterprise, HPE Product Security Response Team
VULNERABILITY SUMMARY
A security vulnerability in Linux kernel, also known as "Dirty COW", has been
addressed in HPE Helion OpenStack (HOS) and HPE Helion CloudSystem (which is
built on HOS). This vulnerability could be exploited locally to gain privileged
access.
References: CVE-2016-5195 - Linux kernel vulnerability, "Dirty COW"
SUPPORTED SOFTWARE VERSIONS*: ONLY IMPACTED VERSIONS ARE LISTED.
* HPE Helion CloudSystem - all versions
* HPE Helion OpenStack - all versions
BACKGROUND
CVSS Version 3.0 and Version 2.0 Base Metrics
Reference
V3 Vector
V3 Base Score
V2 Vector
V2 Base Score
CVE-2016-5195
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8
(AV:L/AC:M/Au:N/C:C/I:C/A:C)
6.9
Information on CVSS is documented in HPE Customer Notice: HPSN-2008-002
RESOLUTION
HPE has provided the following updates to resolve this vulnerability in the
impacted versions of Helion OpenStack (HOS) and CloudSystem:
* For HOS v3.x, please install HOS v3.0.3
* For HOS v4.x, please install HOS v4.0.1
HOS updates can be downloaded using the following link:
http://www.hpe.com/software/entitlements
* For CloudSystem, please install CloudSystem v10.0.1:
CloudSystem update can be downloaded using the following link:
https://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumber=Z7550-63210
Note: Security controls built into the Helion OpenStack (HOS) and CloudSystem
reduce the risk posed by this vulnerability to low. Since HOS and CloudSystem
tenants have access only to virtual machines and not the KVM compute host
servers, an attacker would first need to gain access to the KVM compute host
server in order to exploit this vulnerability.
HISTORY
Version:1 (rev.1) - 9 December 2016 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running Hewlett Packard Enterprise (HPE) software products
should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HPE Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported
product:
* Web Form: https://www.hpe.com/info/report-security-vulnerability
* Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin
alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is
available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the
title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PV = ProCurve
ST = Storage Software
UX = HP-UX
System management and security procedures must be reviewed frequently to
maintain system integrity. HPE is continually reviewing and enhancing the
security features of software products to provide customers with current secure
solutions.
"HPE is broadly distributing this Security Bulletin in order to bring to the
attention of users of the affected HPE products the important security
information contained in this Bulletin. HPE recommends that all users determine
the applicability of this information to their individual situations and take
appropriate action. HPE does not warrant that this information is necessarily
accurate or complete for all user situations and, consequently, HPE will not be
responsible for any damages resulting from user's use or disregard of the
information provided in this Bulletin. To the extent permitted by law, HPE
disclaims all warranties, either express or implied, including the warranties of
merchantability and fitness for a particular purpose, title and
non-infringement."
©Copyright 2021 Hewlett Packard Enterprise Development LP
Hewlett Packard Enterprise Development shall not be liable for technical or
editorial errors or omissions contained herein. The information provided is
provided "as is" without warranty of any kind. To the extent permitted by law,
neither HPE nor its affiliates, subcontractors or suppliers will be liable for
incidental, special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or services;
or damages for loss of data, or software restoration. The information in this
document is subject to change without notice. Hewlett Packard Enterprise
Development and the names of Hewlett Packard Enterprise Development products
referenced herein are trademarks of Hewlett Packard Enterprise Development in
the United States and other countries. Other product and company names mentioned
herein may be trademarks of their respective owners.
Ähnliche Produkte
HPE Helion OpenStack
HPE CloudSystem Enterprise
HPE Helion CloudSystem Foundation 1-server 1yr Support LTU
HPE Helion CloudSystem Enterprise 8-server 3yr Support LTU
HPE Helion OpenStack Community
Mehr anzeigen
Weniger anzeigen
Ähnliche Produkte
Auf dieser Seite
Auf dieser Seite
* VULNERABILITY SUMMARY
* SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
* BACKGROUND
* RESOLUTION
Haftungsausschluss: Produkte, die vor dem 1. November 2015 (Datum der Trennung
der Hewlett-Packard Company in Hewlett Packard Enterprise Company und HP Inc.)
verkauft wurden, tragen möglicherweise ältere Produktnamen und Modellnummern,
die von den aktuellen Modellen abweichen.
Hewlett Packard Enterprise glaubt daran, bedingungslos inklusiv zu sein. Wir
arbeiten daran, nicht-inklusive Bestimmungen in unseren aktiven Produkten zu
ersetzen.
Waren diese Informationen hilfreich?
Vielen Dank!
Feedback
Firma
Über HPEZugänglichkeit (Produkte/Services)StellenangeboteKontaktDuales
StudiumUnternehmensverantwortungGlobale Vielfalt & InklusionTransparenz in der
Lieferkette (PDF)Hewlett Packard LabsInvestor
RelationsUnternehmensleitungPolitische GrundsätzeImpressum
Mehr erfahren
Künstliche IntelligenzCloud-ComputingContainerMaschinelles LernenEnterprise
Glossar
Neuigkeiten und Veranstaltungen
NewsroomHPE DiscoverVeranstaltungenWebinare
PARTNER
PartnerprogrammePartner findenZertifizierungen
Support
ProduktsupportSoftware & TreiberGarantieprüfungErweiterte
Support-ServicesSchulungen
Communities
HPE CommunityAruba AirheadsHPE Tech Pro CommunityHPE DeveloperAlle Blogs und
Foren
Kundenressourcen
KundenberichteKaufenFinancial ServicesExecutive Briefing
CenterE-Mail-AbonnementsAnmeldungRessourcenbibliothekVideogalerieStimme der
Kunden – Abonnement
FOLGEN SIE HPE
© Copyright 2021 Hewlett Packard Enterprise Development LP
* Datenschutz
* Nutzungsbedingungen
* Werbung & Cookies