Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | linux security update |
| Informations | |||
|---|---|---|---|
| Name | DSA-2669 | First vendor Publication | 2013-05-15 |
| Vendor | Debian | Last vendor Modification | 2013-05-15 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.2 | Attack Range | Local |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-0160 vladz reported a timing leak with the /dev/ptmx character device. A local user could use this to determine sensitive information such as password length. CVE-2013-1796 Andrew Honig of Google reported an issue in the KVM subsystem. A user in a guest operating system could corrupt kernel memory, resulting in a denial of service. CVE-2013-1929 Oded Horovitz and Brad Spengler reported an issue in the device driver for Broadcom Tigon3 based gigabit Ethernet. Users with the ability to attach untrusted devices can create an overflow condition, resulting in a denial of service or elevated privileges. CVE-2013-1979 Andy Lutomirski reported an issue in the socket level control message processing subsystem. Local users maybe able to gain eleveated privileges. CVE-2013-2015 Theodore Ts'o provided a fix for an issue in the ext4 filesystem. Local users with the ability to mount a specially crafted filesystem can cause a denial of service (infinite loop). CVE-2013-2094 Tommie Rantala discovered an issue in the perf subsystem. An out-of-bounds access vulnerability allows local users to gain elevated privileges. CVE-2013-3076 Mathias Krauss discovered an issue in the userspace interface for hash algorithms. Local users can gain access to sensitive kernel memory. CVE-2013-3222 Mathias Krauss discovered an issue in the Asynchronous Transfer Mode (ATM) protocol support. Local users can gain access to sensitive kernel memory. CVE-2013-3223 Mathias Krauss discovered an issue in the Amateur Radio AX.25 protocol support. Local users can gain access to sensitive kernel memory. CVE-2013-3224 Mathias Krauss discovered an issue in the Bluetooth subsystem. Local users can gain access to sensitive kernel memory. CVE-2013-3225 Mathias Krauss discovered an issue in the Bluetooth RFCOMM protocol support. Local users can gain access to sensitive kernel memory. CVE-2013-3227 Mathias Krauss discovered an issue in the Communication CPU to Application CPU Interface (CAIF). Local users can gain access to sensitive kernel memory. CVE-2013-3228 Mathias Krauss discovered an issue in the IrDA (infrared) subsystem support. Local users can gain access to sensitive kernel memory. CVE-2013-3229 Mathias Krauss discovered an issue in the IUCV support on s390 systems. Local users can gain access to sensitive kernel memory. CVE-2013-3231 Mathias Krauss discovered an issue in the ANSI/IEEE 802.2 LLC type 2 protocol support. Local users can gain access to sensitive kernel memory. CVE-2013-3234 Mathias Krauss discovered an issue in the Amateur Radio X.25 PLP (Rose) protocol support. Local users can gain access to sensitive kernel memory. CVE-2013-3235 Mathias Krauss discovered an issue in the Transparent Inter Process Communication (TIPC) protocol support. Local users can gain access to sensitive kernel memory. CVE-2013-3301 Namhyung Kim reported an issue in the tracing subsystem. A privileged local user could cause a denial of service (system crash). This vulnerabililty is not applicable to Debian systems by default. For the stable distribution (wheezy), this problem has been fixed in version 3.2.41-2+deb7u1. Note: Updates are currently available for the amd64, i386, ia64, s390, s390x and sparc architectures. Updates for the remaining architectures will be released as they become available. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: Debian 7.0 (wheezy) user-mode-linux 3.2-2um-1+deb7u1 We recommend that you upgrade your linux and user-mode-linux packages. Note: Debian carefully tracks all known security issues across every linux kernel package in all releases under active security support. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, updates for lower priority issues will normally not be released for all kernels at the same time. Rather, they will be released in a staggered or "leap-frog" fashion. |
Original Source
| Url : http://www.debian.org/security/2013/dsa-2669 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 71 % | CWE-200 | Information Exposure |
| 12 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 6 % | CWE-399 | Resource Management Errors |
| 6 % | CWE-264 | Permissions, Privileges, and Access Controls |
| 6 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:17139 | |||
| Oval ID: | oval:org.mitre.oval:def:17139 | ||
| Title: | USN-1881-1 -- Linux kernel vulnerabilities | ||
| Description: | Several security issues were fixed in the kernel. | ||
| Family: | unix | Class: | patch |
| Reference(s): | usn-1881-1 CVE-2013-1979 CVE-2013-0160 CVE-2013-2141 CVE-2013-2146 CVE-2013-3076 CVE-2013-3222 CVE-2013-3223 CVE-2013-3224 CVE-2013-3225 CVE-2013-3227 CVE-2013-3228 CVE-2013-3229 CVE-2013-3230 CVE-2013-3231 CVE-2013-3232 CVE-2013-3233 CVE-2013-3234 CVE-2013-3235 | Version: | 7 |
| Platform(s): | Ubuntu 12.10 | Product(s): | linux |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17229 | |||
| Oval ID: | oval:org.mitre.oval:def:17229 | ||
| Title: | USN-1882-1 -- Linux kernel (OMAP4) vulnerabilities | ||
| Description: | Several security issues were fixed in the kernel. | ||
| Family: | unix | Class: | patch |
| Reference(s): | usn-1882-1 CVE-2013-2850 CVE-2013-1979 CVE-2013-0160 CVE-2013-2141 CVE-2013-2146 CVE-2013-3076 CVE-2013-3222 CVE-2013-3223 CVE-2013-3224 CVE-2013-3225 CVE-2013-3227 CVE-2013-3228 CVE-2013-3229 CVE-2013-3230 CVE-2013-3231 CVE-2013-3232 CVE-2013-3233 CVE-2013-3234 CVE-2013-3235 | Version: | 7 |
| Platform(s): | Ubuntu 12.10 | Product(s): | linux-ti-omap4 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:17234 | |||
| Oval ID: | oval:org.mitre.oval:def:17234 | ||
| Title: | USN-1880-1 -- Linux kernel (Quantal HWE) vulnerabilities | ||
| Description: | Several security issues were fixed in the kernel. | ||
| Family: | unix | Class: | patch |
| Reference(s): | usn-1880-1 CVE-2013-1979 CVE-2013-0160 CVE-2013-2141 CVE-2013-2146 CVE-2013-3076 CVE-2013-3222 CVE-2013-3223 CVE-2013-3224 CVE-2013-3225 CVE-2013-3227 CVE-2013-3228 CVE-2013-3229 CVE-2013-3230 CVE-2013-3231 CVE-2013-3232 CVE-2013-3233 CVE-2013-3234 CVE-2013-3235 | Version: | 7 |
| Platform(s): | Ubuntu 12.04 | Product(s): | linux-lts-quantal |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:17249 | |||
| Oval ID: | oval:org.mitre.oval:def:17249 | ||
| Title: | USN-1835-1 -- Linux kernel vulnerabilities | ||
| Description: | Several security issues were fixed in the kernel. | ||
| Family: | unix | Class: | patch |
| Reference(s): | usn-1835-1 CVE-2013-1929 CVE-2013-3301 | Version: | 9 |
| Platform(s): | Ubuntu 12.10 | Product(s): | linux |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17305 | |||
| Oval ID: | oval:org.mitre.oval:def:17305 | ||
| Title: | USN-1877-1 -- Linux kernel (EC2) vulnerabilities | ||
| Description: | Several security issues were fixed in the kernel. | ||
| Family: | unix | Class: | patch |
| Reference(s): | usn-1877-1 CVE-2013-1798 CVE-2013-3222 CVE-2013-3223 CVE-2013-3224 CVE-2013-3225 CVE-2013-3228 CVE-2013-3229 CVE-2013-3231 CVE-2013-3232 CVE-2013-3234 CVE-2013-3235 | Version: | 7 |
| Platform(s): | Ubuntu 10.04 | Product(s): | linux-ec2 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:17333 | |||
| Oval ID: | oval:org.mitre.oval:def:17333 | ||
| Title: | USN-1849-1 -- Linux kernel (Raring HWE) vulnerability | ||
| Description: | Several security issues were fixed in the kernel. | ||
| Family: | unix | Class: | patch |
| Reference(s): | usn-1849-1 CVE-2013-2850 CVE-2013-2094 CVE-2013-2141 CVE-2013-2146 CVE-2013-3076 CVE-2013-3222 CVE-2013-3223 CVE-2013-3224 CVE-2013-3225 CVE-2013-3226 CVE-2013-3227 CVE-2013-3228 CVE-2013-3229 CVE-2013-3230 CVE-2013-3231 CVE-2013-3232 CVE-2013-3233 CVE-2013-3234 CVE-2013-3235 | Version: | 7 |
| Platform(s): | Ubuntu 12.04 | Product(s): | linux-lts-raring |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:17345 | |||
| Oval ID: | oval:org.mitre.oval:def:17345 | ||
| Title: | USN-1883-1 -- Linux kernel (OMAP4) vulnerabilities | ||
| Description: | Several security issues were fixed in the kernel. | ||
| Family: | unix | Class: | patch |
| Reference(s): | usn-1883-1 CVE-2013-2850 CVE-2013-1979 CVE-2013-0160 CVE-2013-2141 CVE-2013-3076 CVE-2013-3222 CVE-2013-3223 CVE-2013-3224 CVE-2013-3225 CVE-2013-3227 CVE-2013-3228 CVE-2013-3229 CVE-2013-3230 CVE-2013-3231 CVE-2013-3232 CVE-2013-3233 CVE-2013-3234 CVE-2013-3235 | Version: | 7 |
| Platform(s): | Ubuntu 13.04 | Product(s): | linux-ti-omap4 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:17382 | |||
| Oval ID: | oval:org.mitre.oval:def:17382 | ||
| Title: | USN-1879-1 -- Linux kernel (OMAP4) vulnerabilities | ||
| Description: | Several security issues were fixed in the kernel. | ||
| Family: | unix | Class: | patch |
| Reference(s): | usn-1879-1 CVE-2013-2850 CVE-2013-0160 CVE-2013-2146 CVE-2013-3076 CVE-2013-3222 CVE-2013-3223 CVE-2013-3224 CVE-2013-3225 CVE-2013-3227 CVE-2013-3228 CVE-2013-3229 CVE-2013-3231 CVE-2013-3232 CVE-2013-3234 CVE-2013-3235 | Version: | 7 |
| Platform(s): | Ubuntu 12.04 | Product(s): | linux-ti-omap4 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:17404 | |||
| Oval ID: | oval:org.mitre.oval:def:17404 | ||
| Title: | USN-1828-1 -- linux-lts-quantal vulnerability | ||
| Description: | The system could be made to run programs as an administrator. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1828-1 CVE-2013-2094 | Version: | 7 |
| Platform(s): | Ubuntu 12.04 | Product(s): | linux-lts-quantal |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:17718 | |||
| Oval ID: | oval:org.mitre.oval:def:17718 | ||
| Title: | USN-1808-1 -- linux-ec2 vulnerabilities | ||
| Description: | Several security issues were fixed in the kernel. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1808-1 CVE-2012-6542 CVE-2012-6544 CVE-2012-6545 CVE-2012-6546 CVE-2012-6548 CVE-2013-0228 CVE-2013-0349 CVE-2013-1774 CVE-2013-1796 | Version: | 7 |
| Platform(s): | Ubuntu 10.04 | Product(s): | linux-ec2 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:17854 | |||
| Oval ID: | oval:org.mitre.oval:def:17854 | ||
| Title: | USN-1833-1 -- linux vulnerabilities | ||
| Description: | Several security issues were fixed in the kernel. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1833-1 CVE-2013-1979 CVE-2013-1929 CVE-2013-2141 CVE-2013-3301 | Version: | 7 |
| Platform(s): | Ubuntu 12.04 | Product(s): | linux |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18235 | |||
| Oval ID: | oval:org.mitre.oval:def:18235 | ||
| Title: | USN-1838-1 -- linux-ti-omap4 vulnerabilities | ||
| Description: | Several security issues were fixed in the kernel. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1838-1 CVE-2013-2094 CVE-2013-1929 CVE-2013-3301 | Version: | 7 |
| Platform(s): | Ubuntu 13.04 | Product(s): | linux-ti-omap4 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:18242 | |||
| Oval ID: | oval:org.mitre.oval:def:18242 | ||
| Title: | USN-1826-1 -- linux vulnerability | ||
| Description: | The system could be made to run programs as an administrator. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1826-1 CVE-2013-2094 | Version: | 7 |
| Platform(s): | Ubuntu 12.10 | Product(s): | linux |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18260 | |||
| Oval ID: | oval:org.mitre.oval:def:18260 | ||
| Title: | USN-1839-1 -- linux-ti-omap4 vulnerabilities | ||
| Description: | Several security issues were fixed in the kernel. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1839-1 CVE-2013-2094 CVE-2013-1979 CVE-2013-1929 CVE-2013-2141 CVE-2013-3301 | Version: | 7 |
| Platform(s): | Ubuntu 12.04 | Product(s): | linux-ti-omap4 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:18266 | |||
| Oval ID: | oval:org.mitre.oval:def:18266 | ||
| Title: | USN-1827-1 -- linux vulnerability | ||
| Description: | The system could be made to run programs as an administrator. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1827-1 CVE-2013-2094 | Version: | 7 |
| Platform(s): | Ubuntu 13.04 | Product(s): | linux |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:18310 | |||
| Oval ID: | oval:org.mitre.oval:def:18310 | ||
| Title: | USN-1825-1 -- linux vulnerability | ||
| Description: | The system could be made to run programs as an administrator. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1825-1 CVE-2013-2094 | Version: | 7 |
| Platform(s): | Ubuntu 12.04 | Product(s): | linux |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18330 | |||
| Oval ID: | oval:org.mitre.oval:def:18330 | ||
| Title: | USN-1836-1 -- linux-ti-omap4 vulnerabilities | ||
| Description: | Several security issues were fixed in the kernel. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1836-1 CVE-2013-2094 CVE-2013-1929 CVE-2013-3301 | Version: | 7 |
| Platform(s): | Ubuntu 12.10 | Product(s): | linux-ti-omap4 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:18332 | |||
| Oval ID: | oval:org.mitre.oval:def:18332 | ||
| Title: | USN-1834-1 -- linux-lts-quantal vulnerabilities | ||
| Description: | Several security issues were fixed in the kernel. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1834-1 CVE-2013-1929 CVE-2013-3301 | Version: | 7 |
| Platform(s): | Ubuntu 12.04 | Product(s): | linux-lts-quantal |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:18375 | |||
| Oval ID: | oval:org.mitre.oval:def:18375 | ||
| Title: | USN-1837-1 -- linux vulnerabilities | ||
| Description: | Several security issues were fixed in the kernel. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1837-1 CVE-2013-2141 CVE-2013-2146 CVE-2013-3076 CVE-2013-3222 CVE-2013-3223 CVE-2013-3224 CVE-2013-3225 CVE-2013-3226 CVE-2013-3227 CVE-2013-3228 CVE-2013-3229 CVE-2013-3230 CVE-2013-3231 CVE-2013-3232 CVE-2013-3233 CVE-2013-3234 CVE-2013-3235 | Version: | 7 |
| Platform(s): | Ubuntu 13.04 | Product(s): | linux |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:18491 | |||
| Oval ID: | oval:org.mitre.oval:def:18491 | ||
| Title: | DSA-2669-1 linux - several | ||
| Description: | Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2669-1 CVE-2013-0160 CVE-2013-1796 CVE-2013-1929 CVE-2013-1979 CVE-2013-2015 CVE-2013-2094 CVE-2013-3076 CVE-2013-3222 CVE-2013-3223 CVE-2013-3224 CVE-2013-3225 CVE-2013-3227 CVE-2013-3228 CVE-2013-3229 CVE-2013-3231 CVE-2013-3234 CVE-2013-3235 CVE-2013-3301 | Version: | 8 |
| Platform(s): | Debian GNU/Linux 7 Debian GNU/kFreeBSD 7 | Product(s): | linux |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26661 | |||
| Oval ID: | oval:org.mitre.oval:def:26661 | ||
| Title: | ELSA-2013-1034-1 -- kernel security and bug fix update (low) | ||
| Description: | kernel [2.6.18-348.12.1.0.1] - [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030] - [oprofile] export __get_user_pages_fast() function [orabug 14277030] - [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030] - [oprofile] oprofile: use KM_NMI slot for kmap_atomic [orabug 14277030] - [oprofile] oprofile: i386 add get_user_pages_fast support [orabug 14277030] - [kernel] Initialize the local uninitialized variable stats. [orabug 14051367] - [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763] - [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printks when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] Patch shrink_zone to yield during severe mempressure events, avoiding hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839] - [mm] Enhance shrink_zone patch allow full swap utilization, and also be NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] - [usb] USB: fix __must_check warnings in drivers/usb/core/ (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix endpoint device creation (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix refcount bug in endpoint removal (Junxiao Bi) [orabug 14795203] | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-1034-1 CVE-2013-1929 CVE-2012-6544 CVE-2012-6545 CVE-2013-0914 CVE-2013-3222 CVE-2013-3224 CVE-2013-3231 CVE-2013-3235 | Version: | 5 |
| Platform(s): | Oracle Linux 5 | Product(s): | kernel ocfs2 oracleasm kernel-PAE kernel-PAE-devel kernel-debug kernel-debug-devel kernel-devel kernel-doc kernel-headers kernel-xen kernel-xen-devel |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27383 | |||
| Oval ID: | oval:org.mitre.oval:def:27383 | ||
| Title: | ELSA-2013-2538 -- unbreakable enterprise kernel security update (moderate) | ||
| Description: | [2.6.39-400.109.3] - Revert 'be2net: enable interrupts in probe' (Jerry Snitselaar) [Orabug: 17179597] [2.6.39-400.109.2] - be2net: enable interrupts in probe (Jerry Snitselaar) [Orabug: 17080364] - Bluetooth: RFCOMM - Fix missing msg_namelen update in rfcomm_sock_recvmsg() (Mathias Krause) [Orabug: 17173830] {CVE-2013-3225} - Bluetooth: fix possible info leak in bt_sock_recvmsg() (Mathias Krause) [Orabug: 17173830] {CVE-2013-3224} - atm: update msg_namelen in vcc_recvmsg() (Mathias Krause) [Orabug: 17173830] {CVE-2013-3222} - rtnl: fix info leak on RTM_GETLINK request for VF devices (Mathias Krause) [Orabug: 17173830] {CVE-2013-2635} - dcbnl: fix various netlink info leaks (Mathias Krause) [Orabug: 17173830] {CVE-2013-2634} - udf: avoid info leak on export (Mathias Krause) [Orabug: 17173830] {CVE-2012-6548} - tracing: Fix possible NULL pointer dereferences (Namhyung Kim) [Orabug: 17173830] {CVE-2013-3301} - b43: stop format string leaking into error msgs (Kees Cook) [Orabug: 17173830] {CVE-2013-2852} - signal: always clear sa_restorer on execve (Kees Cook) [Orabug: 17173830] {CVE-2013-0914} | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-2538 CVE-2013-0914 CVE-2013-3222 CVE-2013-3224 CVE-2012-6548 CVE-2013-2634 CVE-2013-2635 CVE-2013-2852 CVE-2013-3225 CVE-2013-3301 | Version: | 3 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27667 | |||
| Oval ID: | oval:org.mitre.oval:def:27667 | ||
| Title: | DEPRECATED: ELSA-2013-0830 -- kernel security update (important) | ||
| Description: | [2.6.32-358.6.2] - [kernel] perf: fix perf_swevent_enabled array out-of-bound access (Petr Matousek) [962793 962794] {CVE-2013-2094} | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-0830 CVE-2013-2094 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | kernel |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
ExploitDB Exploits
| id | Description |
|---|---|
| 2013-06-11 | Linux kernel perf_swevent_init - Local root Exploit |
| 2013-02-05 | Linux Kernel /dev/ptmx Key Stroke Timing Local Disclosure |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2016-09-02 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-2074-1.nasl - Type : ACT_GATHER_INFO |
| 2016-05-04 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1203-1.nasl - Type : ACT_GATHER_INFO |
| 2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2013-0674-1.nasl - Type : ACT_GATHER_INFO |
| 2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2013-1832-1.nasl - Type : ACT_GATHER_INFO |
| 2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-0287-1.nasl - Type : ACT_GATHER_INFO |
| 2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-0536-1.nasl - Type : ACT_GATHER_INFO |
| 2014-11-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1645.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2013-0746.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0832.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0928.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1026.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2013-1076.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2013-1527.nasl - Type : ACT_GATHER_INFO |
| 2014-10-23 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-140924.nasl - Type : ACT_GATHER_INFO |
| 2014-10-23 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-bigsmp-201409-140924.nasl - Type : ACT_GATHER_INFO |
| 2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL14445.nasl - Type : ACT_GATHER_INFO |
| 2014-07-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0829.nasl - Type : ACT_GATHER_INFO |
| 2014-07-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1264.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-1034.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-175.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-176.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-398.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-440.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-452.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-454.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-512.nasl - Type : ACT_GATHER_INFO |
| 2014-03-20 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-190.nasl - Type : ACT_GATHER_INFO |
| 2014-03-06 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2128-1.nasl - Type : ACT_GATHER_INFO |
| 2014-03-06 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2129-1.nasl - Type : ACT_GATHER_INFO |
| 2013-12-17 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20131121_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2013-11-29 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-2584.nasl - Type : ACT_GATHER_INFO |
| 2013-11-29 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-2585.nasl - Type : ACT_GATHER_INFO |
| 2013-11-27 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1645.nasl - Type : ACT_GATHER_INFO |
| 2013-11-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1645.nasl - Type : ACT_GATHER_INFO |
| 2013-11-11 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-265.nasl - Type : ACT_GATHER_INFO |
| 2013-10-01 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-218.nasl - Type : ACT_GATHER_INFO |
| 2013-09-21 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-130827.nasl - Type : ACT_GATHER_INFO |
| 2013-09-21 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-130828.nasl - Type : ACT_GATHER_INFO |
| 2013-09-18 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-2546.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-200.nasl - Type : ACT_GATHER_INFO |
| 2013-07-19 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-2537.nasl - Type : ACT_GATHER_INFO |
| 2013-07-19 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-2538.nasl - Type : ACT_GATHER_INFO |
| 2013-07-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1051.nasl - Type : ACT_GATHER_INFO |
| 2013-07-18 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130716_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2013-07-18 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-130702.nasl - Type : ACT_GATHER_INFO |
| 2013-07-17 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1051.nasl - Type : ACT_GATHER_INFO |
| 2013-07-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1051.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-194.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0727.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0744.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0830.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1034-1.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1034.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-2519.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-2520.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-2523.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-2524.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-2525.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-2534.nasl - Type : ACT_GATHER_INFO |
| 2013-07-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1034.nasl - Type : ACT_GATHER_INFO |
| 2013-07-11 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130710_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2013-07-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1034.nasl - Type : ACT_GATHER_INFO |
| 2013-06-25 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-176.nasl - Type : ACT_GATHER_INFO |
| 2013-06-18 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-130604.nasl - Type : ACT_GATHER_INFO |
| 2013-06-16 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1876-1.nasl - Type : ACT_GATHER_INFO |
| 2013-06-16 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1877-1.nasl - Type : ACT_GATHER_INFO |
| 2013-06-16 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1878-1.nasl - Type : ACT_GATHER_INFO |
| 2013-06-16 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1880-1.nasl - Type : ACT_GATHER_INFO |
| 2013-06-16 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1881-1.nasl - Type : ACT_GATHER_INFO |
| 2013-05-31 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1849-1.nasl - Type : ACT_GATHER_INFO |
| 2013-05-29 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2013-140-01.nasl - Type : ACT_GATHER_INFO |
| 2013-05-25 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1833-1.nasl - Type : ACT_GATHER_INFO |
| 2013-05-25 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1834-1.nasl - Type : ACT_GATHER_INFO |
| 2013-05-25 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1835-1.nasl - Type : ACT_GATHER_INFO |
| 2013-05-25 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1837-1.nasl - Type : ACT_GATHER_INFO |
| 2013-05-22 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-130515.nasl - Type : ACT_GATHER_INFO |
| 2013-05-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0830.nasl - Type : ACT_GATHER_INFO |
| 2013-05-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0840.nasl - Type : ACT_GATHER_INFO |
| 2013-05-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0841.nasl - Type : ACT_GATHER_INFO |
| 2013-05-17 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2669.nasl - Type : ACT_GATHER_INFO |
| 2013-05-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0830.nasl - Type : ACT_GATHER_INFO |
| 2013-05-17 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130516_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2013-05-16 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1825-1.nasl - Type : ACT_GATHER_INFO |
| 2013-05-16 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1826-1.nasl - Type : ACT_GATHER_INFO |
| 2013-05-16 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1827-1.nasl - Type : ACT_GATHER_INFO |
| 2013-05-16 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1828-1.nasl - Type : ACT_GATHER_INFO |
| 2013-05-15 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2668.nasl - Type : ACT_GATHER_INFO |
| 2013-05-08 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-130426.nasl - Type : ACT_GATHER_INFO |
| 2013-05-04 | Name : The remote Fedora host is missing a security update. File : fedora_2013-6999.nasl - Type : ACT_GATHER_INFO |
| 2013-05-03 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1813-1.nasl - Type : ACT_GATHER_INFO |
| 2013-05-03 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1815-1.nasl - Type : ACT_GATHER_INFO |
| 2013-05-02 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1809-1.nasl - Type : ACT_GATHER_INFO |
| 2013-05-02 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1812-1.nasl - Type : ACT_GATHER_INFO |
| 2013-04-29 | Name : The remote Fedora host is missing a security update. File : fedora_2013-6537.nasl - Type : ACT_GATHER_INFO |
| 2013-04-26 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1808-1.nasl - Type : ACT_GATHER_INFO |
| 2013-04-25 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0744.nasl - Type : ACT_GATHER_INFO |
| 2013-04-25 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130423_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2013-04-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0744.nasl - Type : ACT_GATHER_INFO |
| 2013-04-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1805-1.nasl - Type : ACT_GATHER_INFO |
| 2013-04-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-8518.nasl - Type : ACT_GATHER_INFO |
| 2013-04-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-8527.nasl - Type : ACT_GATHER_INFO |
| 2013-04-12 | Name : The remote Fedora host is missing a security update. File : fedora_2013-5368.nasl - Type : ACT_GATHER_INFO |
| 2013-04-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0727.nasl - Type : ACT_GATHER_INFO |
| 2013-04-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0727.nasl - Type : ACT_GATHER_INFO |
| 2013-04-10 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130409_kvm_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2013-04-01 | Name : The remote Fedora host is missing a security update. File : fedora_2013-4357.nasl - Type : ACT_GATHER_INFO |
| 2013-03-24 | Name : The remote Fedora host is missing a security update. File : fedora_2013-4240.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:31:49 |
|
| 2013-06-07 21:29:05 |
|
| 2013-05-30 13:26:12 |
|
| 2013-05-16 05:18:06 |
|
