Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title kernel-rt security and bug fix update
Informations
Name RHSA-2013:1264 First vendor Publication 2013-09-16
Vendor RedHat Last vendor Modification 2013-09-16
Severity (Vendor) Important Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:A/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.9 Attack Range Adjacent network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 5.5 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated kernel-rt packages that fix several security issues and multiple bugs are now available for Red Hat Enterprise MRG 2.3.

The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

MRG Realtime for RHEL 6 Server v.2 - noarch, x86_64

3. Description:

The kernel-rt packages contain the Linux kernel, the core of any Linux operating system.

This update fixes the following security issues:

* A heap-based buffer overflow flaw was found in the Linux kernel's iSCSI target subsystem. A remote attacker could use a specially-crafted iSCSI request to cause a denial of service on a system or, potentially, escalate their privileges on that system. (CVE-2013-2850, Important)

* A flaw was found in the Linux kernel's Performance Events implementation. On systems with certain Intel processors, a local, unprivileged user could use this flaw to cause a denial of service by leveraging the perf subsystem to write into the reserved bits of the OFFCORE_RSP_0 and OFFCORE_RSP_1 model-specific registers. (CVE-2013-2146, Moderate)

* An invalid pointer dereference flaw was found in the Linux kernel's TCP/IP protocol suite implementation. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system by using sendmsg() with an IPv6 socket connected to an IPv4 destination. (CVE-2013-2232, Moderate)

* Two flaws were found in the way the Linux kernel's TCP/IP protocol suite implementation handled IPv6 sockets that used the UDP_CORK option. A local, unprivileged user could use these flaws to cause a denial of service. (CVE-2013-4162, CVE-2013-4163, Moderate)

* A flaw was found in the Linux kernel's Chipidea USB driver. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2013-2058, Low)

* Information leak flaws in the Linux kernel could allow a privileged, local user to leak kernel memory to user-space. (CVE-2013-2147, CVE-2013-2164, CVE-2013-2234, CVE-2013-2237, Low)

* Information leak flaws in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space. (CVE-2013-2141, CVE-2013-2148, Low)

* A format string flaw was found in the Linux kernel's block layer. A privileged, local user could potentially use this flaw to escalate their privileges to kernel level (ring0). (CVE-2013-2851, Low)

* A format string flaw was found in the b43_do_request_fw() function in the Linux kernel's b43 driver implementation. A local user who is able to specify the "fwpostfix" b43 module parameter could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-2852, Low)

* A NULL pointer dereference flaw was found in the Linux kernel's ftrace and function tracer implementations. A local user who has the CAP_SYS_ADMIN capability could use this flaw to cause a denial of service. (CVE-2013-3301, Low)

Red Hat would like to thank Kees Cook for reporting CVE-2013-2850, CVE-2013-2851, and CVE-2013-2852; and Hannes Frederic Sowa for reporting CVE-2013-4162 and CVE-2013-4163.

This update also fixes the following bugs:

* The following drivers have been updated, fixing a number of bugs: myri10ge, bna, enic, mlx4, bgmac, bcma, cxgb3, cxgb4, qlcnic, r8169, be2net, e100, e1000, e1000e, igb, ixgbe, brcm80211, cpsw, pch_gbe, bfin_mac, bnx2x, bnx2, cnic, tg3, and sfc. (BZ#974138)

* The realtime kernel was not built with the CONFIG_NET_DROP_WATCH kernel configuration option enabled. As such, attempting to run the dropwatch command resulted in the following error:

Unable to find NET_DM family, dropwatch can't work Cleaning up on socket creation error

With this update, the realtime kernel is built with the CONFIG_NET_DROP_WATCH option, allowing dropwatch to work as expected. (BZ#979417)

Users should upgrade to these updated packages, which upgrade the kernel-rt kernel to version kernel-rt-3.6.11.5-rt37, and correct these issues. The system must be rebooted for this update to take effect.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258

To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

952197 - CVE-2013-3301 Kernel: tracing: NULL pointer dereference 959210 - CVE-2013-2058 Kernel: usb: chipidea: Allow disabling streaming not just in udc mode 968036 - CVE-2013-2850 kernel: iscsi-target: heap buffer overflow on large key error 969515 - CVE-2013-2851 kernel: block: passing disk names as format strings 969518 - CVE-2013-2852 kernel: b43: format string leaking into error msgs 970873 - CVE-2013-2141 Kernel: signal: information leak in tkill/tgkill 971242 - CVE-2013-2147 Kernel: cpqarray/cciss: information leak via ioctl 971258 - CVE-2013-2148 Kernel: fanotify: info leak in copy_event_to_user 971309 - CVE-2013-2146 Kernel: perf/x86: offcore_rsp valid mask for SNB/IVB 973100 - CVE-2013-2164 Kernel: information leak in cdrom driver 974138 - MRG 2.3 kernel drivers update 980995 - CVE-2013-2234 Kernel: net: information leak in AF_KEY notify 981220 - CVE-2013-2237 Kernel: net: af_key: initialize satype in key_notify_policy_flush 981552 - CVE-2013-2232 Kernel: ipv6: using ipv4 vs ipv6 structure during routing lookup in sendmsg 983603 - update RT specfile references of version.h to vermagic.h 987627 - CVE-2013-4162 Kernel: net: panic while pushing pending data out of a IPv6 socket with UDP_CORK enabled 987633 - CVE-2013-4163 Kernel: net: panic while appending data to a corked IPv6 socket in ip6_append_data_mtu

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2013-1264.html

CWE : Common Weakness Enumeration

% Id Name
36 % CWE-399 Resource Management Errors
29 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
14 % CWE-134 Uncontrolled Format String (CWE/SANS Top 25)
14 % CWE-20 Improper Input Validation
7 % CWE-200 Information Exposure

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:16711
 
Oval ID: oval:org.mitre.oval:def:16711
Title: USN-1847-1 -- Linux kernel vulnerability
Description: The system could be made to crash or run programs as an administrator if it received specially crafted network traffic.
Family: unix Class: patch
Reference(s): usn-1847-1
CVE-2013-2850
Version: 7
Platform(s): Ubuntu 13.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17006
 
Oval ID: oval:org.mitre.oval:def:17006
Title: USN-1845-1 -- Linux kernel (Quantal HWE) vulnerability
Description: The system could be made to crash or run programs as an administrator if it received specially crafted network traffic.
Family: unix Class: patch
Reference(s): usn-1845-1
CVE-2013-2850
Version: 7
Platform(s): Ubuntu 12.04
Product(s): linux-lts-quantal
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17249
 
Oval ID: oval:org.mitre.oval:def:17249
Title: USN-1835-1 -- Linux kernel vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): usn-1835-1
CVE-2013-1929
CVE-2013-3301
Version: 9
Platform(s): Ubuntu 12.10
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17324
 
Oval ID: oval:org.mitre.oval:def:17324
Title: USN-1844-1 -- Linux kernel vulnerability
Description: The system could be made to crash or run programs as an administrator if it received specially crafted network traffic.
Family: unix Class: patch
Reference(s): usn-1844-1
CVE-2013-2850
Version: 7
Platform(s): Ubuntu 12.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17390
 
Oval ID: oval:org.mitre.oval:def:17390
Title: USN-1846-1 -- Linux kernel vulnerability
Description: The system could be made to crash or run programs as an administrator if it received specially crafted network traffic.
Family: unix Class: patch
Reference(s): usn-1846-1
CVE-2013-2850
Version: 7
Platform(s): Ubuntu 12.10
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17816
 
Oval ID: oval:org.mitre.oval:def:17816
Title: USN-1914-1 -- linux vulnerability
Description: The system could be made to crash or run programs as an administrator.
Family: unix Class: patch
Reference(s): USN-1914-1
CVE-2013-2852
Version: 7
Platform(s): Ubuntu 12.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17854
 
Oval ID: oval:org.mitre.oval:def:17854
Title: USN-1833-1 -- linux vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1833-1
CVE-2013-1979
CVE-2013-1929
CVE-2013-2141
CVE-2013-3301
Version: 7
Platform(s): Ubuntu 12.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18030
 
Oval ID: oval:org.mitre.oval:def:18030
Title: USN-1744-1 -- linux vulnerability
Description: The system could be made to run programs as an administrator.
Family: unix Class: patch
Reference(s): USN-1744-1
CVE-2013-0871
CVE-2013-1774
CVE-2013-2058
Version: 7
Platform(s): Ubuntu 12.10
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18042
 
Oval ID: oval:org.mitre.oval:def:18042
Title: USN-1913-1 -- linux-ec2 vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1913-1
CVE-2013-2164
CVE-2013-2232
CVE-2013-2234
CVE-2013-2237
CVE-2013-2851
Version: 7
Platform(s): Ubuntu 10.04
Product(s): linux-ec2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18044
 
Oval ID: oval:org.mitre.oval:def:18044
Title: USN-1940-1 -- linux-ec2 vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1940-1
CVE-2013-1060
CVE-2013-1943
CVE-2013-2206
CVE-2013-4162
Version: 7
Platform(s): Ubuntu 10.04
Product(s): linux-ec2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18055
 
Oval ID: oval:org.mitre.oval:def:18055
Title: USN-1743-1 -- linux-lts-quantal vulnerability
Description: The system could be made to run programs as an administrator.
Family: unix Class: patch
Reference(s): USN-1743-1
CVE-2013-0871
CVE-2013-1774
CVE-2013-2058
Version: 7
Platform(s): Ubuntu 12.04
Product(s): linux-lts-quantal
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18135
 
Oval ID: oval:org.mitre.oval:def:18135
Title: USN-1745-1 -- linux-ti-omap4 vulnerability
Description: The system could be made to run programs as an administrator.
Family: unix Class: patch
Reference(s): USN-1745-1
CVE-2013-0871
CVE-2013-1774
CVE-2013-2058
Version: 7
Platform(s): Ubuntu 12.10
Product(s): linux-ti-omap4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18229
 
Oval ID: oval:org.mitre.oval:def:18229
Title: USN-1917-1 -- linux vulnerability
Description: The system could be made to crash or run programs as an administrator.
Family: unix Class: patch
Reference(s): USN-1917-1
CVE-2013-2852
Version: 7
Platform(s): Ubuntu 12.10
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18235
 
Oval ID: oval:org.mitre.oval:def:18235
Title: USN-1838-1 -- linux-ti-omap4 vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1838-1
CVE-2013-2094
CVE-2013-1929
CVE-2013-3301
Version: 7
Platform(s): Ubuntu 13.04
Product(s): linux-ti-omap4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18240
 
Oval ID: oval:org.mitre.oval:def:18240
Title: USN-1920-1 -- linux-ti-omap4 vulnerability
Description: The system could be made to crash or run programs as an administrator.
Family: unix Class: patch
Reference(s): USN-1920-1
CVE-2013-2852
Version: 7
Platform(s): Ubuntu 13.04
Product(s): linux-ti-omap4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18260
 
Oval ID: oval:org.mitre.oval:def:18260
Title: USN-1839-1 -- linux-ti-omap4 vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1839-1
CVE-2013-2094
CVE-2013-1979
CVE-2013-1929
CVE-2013-2141
CVE-2013-3301
Version: 7
Platform(s): Ubuntu 12.04
Product(s): linux-ti-omap4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18287
 
Oval ID: oval:org.mitre.oval:def:18287
Title: USN-1915-1 -- linux-lts-quantal vulnerability
Description: The system could be made to crash or run programs as an administrator.
Family: unix Class: patch
Reference(s): USN-1915-1
CVE-2013-2852
Version: 7
Platform(s): Ubuntu 12.04
Product(s): linux-lts-quantal
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18298
 
Oval ID: oval:org.mitre.oval:def:18298
Title: USN-1942-1 -- linux-ti-omap4 vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1942-1
CVE-2013-1059
CVE-2013-1060
CVE-2013-2164
CVE-2013-2232
CVE-2013-2234
CVE-2013-2851
CVE-2013-4162
CVE-2013-4163
Version: 7
Platform(s): Ubuntu 12.04
Product(s): linux-ti-omap4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18312
 
Oval ID: oval:org.mitre.oval:def:18312
Title: USN-1912-1 -- linux vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1912-1
CVE-2013-2164
CVE-2013-2232
CVE-2013-2234
CVE-2013-2237
CVE-2013-2851
Version: 7
Platform(s): Ubuntu 10.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18330
 
Oval ID: oval:org.mitre.oval:def:18330
Title: USN-1836-1 -- linux-ti-omap4 vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1836-1
CVE-2013-2094
CVE-2013-1929
CVE-2013-3301
Version: 7
Platform(s): Ubuntu 12.10
Product(s): linux-ti-omap4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18332
 
Oval ID: oval:org.mitre.oval:def:18332
Title: USN-1834-1 -- linux-lts-quantal vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1834-1
CVE-2013-1929
CVE-2013-3301
Version: 7
Platform(s): Ubuntu 12.04
Product(s): linux-lts-quantal
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18351
 
Oval ID: oval:org.mitre.oval:def:18351
Title: USN-1918-1 -- linux-ti-omap4 vulnerability
Description: The system could be made to crash or run programs as an administrator.
Family: unix Class: patch
Reference(s): USN-1918-1
CVE-2013-2852
Version: 7
Platform(s): Ubuntu 12.10
Product(s): linux-ti-omap4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18398
 
Oval ID: oval:org.mitre.oval:def:18398
Title: USN-1916-1 -- linux-lts-raring vulnerability
Description: The system could be made to crash or run programs as an administrator.
Family: unix Class: patch
Reference(s): USN-1916-1
CVE-2013-2852
Version: 7
Platform(s): Ubuntu 12.04
Product(s): linux-lts-raring
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18409
 
Oval ID: oval:org.mitre.oval:def:18409
Title: USN-1929-1 -- linux vulnerability
Description: The system could be made to expose sensitive information.
Family: unix Class: patch
Reference(s): USN-1929-1
CVE-2013-2148
Version: 7
Platform(s): Ubuntu 12.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18491
 
Oval ID: oval:org.mitre.oval:def:18491
Title: DSA-2669-1 linux - several
Description: Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation.
Family: unix Class: patch
Reference(s): DSA-2669-1
CVE-2013-0160
CVE-2013-1796
CVE-2013-1929
CVE-2013-1979
CVE-2013-2015
CVE-2013-2094
CVE-2013-3076
CVE-2013-3222
CVE-2013-3223
CVE-2013-3224
CVE-2013-3225
CVE-2013-3227
CVE-2013-3228
CVE-2013-3229
CVE-2013-3231
CVE-2013-3234
CVE-2013-3235
CVE-2013-3301
Version: 8
Platform(s): Debian GNU/Linux 7
Debian GNU/kFreeBSD 7
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18689
 
Oval ID: oval:org.mitre.oval:def:18689
Title: USN-1930-1 -- linux-ti-omap4 vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1930-1
CVE-2013-2148
CVE-2013-2852
Version: 7
Platform(s): Ubuntu 12.04
Product(s): linux-ti-omap4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18721
 
Oval ID: oval:org.mitre.oval:def:18721
Title: USN-1947-1 -- linux-lts-quantal vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1947-1
CVE-2012-5374
CVE-2012-5375
CVE-2013-1060
CVE-2013-2140
CVE-2013-2232
CVE-2013-2234
CVE-2013-4162
CVE-2013-4163
Version: 7
Platform(s): Ubuntu 12.04
Product(s): linux-lts-quantal
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18764
 
Oval ID: oval:org.mitre.oval:def:18764
Title: USN-1932-1 -- linux vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1932-1
CVE-2013-1059
CVE-2013-2148
CVE-2013-2164
CVE-2013-2851
Version: 7
Platform(s): Ubuntu 12.10
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18776
 
Oval ID: oval:org.mitre.oval:def:18776
Title: USN-1970-1 -- linux-lts-quantal vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1970-1
CVE-2013-4254
CVE-2013-1819
CVE-2013-2237
Version: 5
Platform(s): Ubuntu 12.04
Product(s): linux-lts-quantal
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18799
 
Oval ID: oval:org.mitre.oval:def:18799
Title: USN-1945-1 -- linux-ti-omap4 vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1945-1
CVE-2012-5374
CVE-2012-5375
CVE-2013-1060
CVE-2013-2140
CVE-2013-2232
CVE-2013-2234
CVE-2013-4162
CVE-2013-4163
Version: 7
Platform(s): Ubuntu 12.10
Product(s): linux-ti-omap4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18848
 
Oval ID: oval:org.mitre.oval:def:18848
Title: USN-1934-1 -- linux-ti-omap4 vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1934-1
CVE-2013-1059
CVE-2013-2148
CVE-2013-2164
CVE-2013-2851
Version: 7
Platform(s): Ubuntu 13.04
Product(s): linux-ti-omap4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18859
 
Oval ID: oval:org.mitre.oval:def:18859
Title: USN-1933-1 -- linux-ti-omap4 vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1933-1
CVE-2013-1059
CVE-2013-2148
CVE-2013-2164
CVE-2013-2851
Version: 7
Platform(s): Ubuntu 12.10
Product(s): linux-ti-omap4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18861
 
Oval ID: oval:org.mitre.oval:def:18861
Title: USN-1939-1 -- linux vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1939-1
CVE-2013-1060
CVE-2013-1943
CVE-2013-2206
CVE-2013-4162
Version: 7
Platform(s): Ubuntu 10.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18870
 
Oval ID: oval:org.mitre.oval:def:18870
Title: USN-1941-1 -- linux vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1941-1
CVE-2013-1059
CVE-2013-1060
CVE-2013-2164
CVE-2013-2232
CVE-2013-2234
CVE-2013-2851
CVE-2013-4162
CVE-2013-4163
Version: 7
Platform(s): Ubuntu 12.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18895
 
Oval ID: oval:org.mitre.oval:def:18895
Title: USN-1943-1 -- linux-lts-raring vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1943-1
CVE-2013-1060
CVE-2013-2140
CVE-2013-2232
CVE-2013-2234
CVE-2013-4162
CVE-2013-4163
Version: 7
Platform(s): Ubuntu 12.04
Product(s): linux-lts-raring
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18897
 
Oval ID: oval:org.mitre.oval:def:18897
Title: USN-1944-1 -- linux vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1944-1
CVE-2012-5374
CVE-2012-5375
CVE-2013-1060
CVE-2013-2140
CVE-2013-2232
CVE-2013-2234
CVE-2013-4162
CVE-2013-4163
Version: 7
Platform(s): Ubuntu 12.10
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18941
 
Oval ID: oval:org.mitre.oval:def:18941
Title: USN-1931-1 -- linux-lts-quantal vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1931-1
CVE-2013-1059
CVE-2013-2148
CVE-2013-2164
CVE-2013-2851
Version: 7
Platform(s): Ubuntu 12.04
Product(s): linux-lts-quantal
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18987
 
Oval ID: oval:org.mitre.oval:def:18987
Title: USN-2018-1 -- linux-ti-omap4 vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2018-1
CVE-2012-5374
CVE-2012-5375
CVE-2013-2147
Version: 5
Platform(s): Ubuntu 12.04
Product(s): linux-ti-omap4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19027
 
Oval ID: oval:org.mitre.oval:def:19027
Title: USN-1938-1 -- linux vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1938-1
CVE-2013-1060
CVE-2013-2140
CVE-2013-2232
CVE-2013-2234
CVE-2013-4162
CVE-2013-4163
Version: 7
Platform(s): Ubuntu 13.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19069
 
Oval ID: oval:org.mitre.oval:def:19069
Title: USN-2017-1 -- linux vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2017-1
CVE-2012-5374
CVE-2012-5375
CVE-2013-2147
Version: 5
Platform(s): Ubuntu 12.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19073
 
Oval ID: oval:org.mitre.oval:def:19073
Title: USN-1973-1 -- linux-ti-omap4 vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1973-1
CVE-2013-4254
CVE-2013-1819
CVE-2013-2237
Version: 5
Platform(s): Ubuntu 12.10
Product(s): linux-ti-omap4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19106
 
Oval ID: oval:org.mitre.oval:def:19106
Title: USN-1972-1 -- linux vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1972-1
CVE-2013-4254
CVE-2013-1819
CVE-2013-2237
Version: 5
Platform(s): Ubuntu 12.10
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19211
 
Oval ID: oval:org.mitre.oval:def:19211
Title: USN-1993-1 -- linux-ti-omap4 vulnerability
Description: The system could be made to expose sensitive information to a local user.
Family: unix Class: patch
Reference(s): USN-1993-1
CVE-2013-2237
Version: 5
Platform(s): Ubuntu 12.04
Product(s): linux-ti-omap4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19248
 
Oval ID: oval:org.mitre.oval:def:19248
Title: USN-1992-1 -- linux vulnerability
Description: The system could be made to expose sensitive information to a local user.
Family: unix Class: patch
Reference(s): USN-1992-1
CVE-2013-2237
Version: 5
Platform(s): Ubuntu 12.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19273
 
Oval ID: oval:org.mitre.oval:def:19273
Title: USN-1994-1 -- linux-lts-quantal vulnerability
Description: The system could be made to expose sensitive information to a local user.
Family: unix Class: patch
Reference(s): USN-1994-1
CVE-2013-2147
Version: 5
Platform(s): Ubuntu 12.04
Product(s): linux-lts-quantal
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19339
 
Oval ID: oval:org.mitre.oval:def:19339
Title: USN-1997-1 -- linux-ti-omap4 vulnerability
Description: The system could be made to expose sensitive information to a local user.
Family: unix Class: patch
Reference(s): USN-1997-1
CVE-2013-2147
Version: 5
Platform(s): Ubuntu 12.10
Product(s): linux-ti-omap4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19344
 
Oval ID: oval:org.mitre.oval:def:19344
Title: USN-1999-1 -- linux-ti-omap4 vulnerability
Description: The system could be made to expose sensitive information to a local user.
Family: unix Class: patch
Reference(s): USN-1999-1
CVE-2013-2147
Version: 5
Platform(s): Ubuntu 13.04
Product(s): linux-ti-omap4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19368
 
Oval ID: oval:org.mitre.oval:def:19368
Title: USN-1996-1 -- linux vulnerability
Description: The system could be made to expose sensitive information to a local user.
Family: unix Class: patch
Reference(s): USN-1996-1
CVE-2013-2147
Version: 5
Platform(s): Ubuntu 12.10
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19878
 
Oval ID: oval:org.mitre.oval:def:19878
Title: DSA-2745-1 linux - several
Description: Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation.
Family: unix Class: patch
Reference(s): DSA-2745-1
CVE-2013-1059
CVE-2013-2148
CVE-2013-2164
CVE-2013-2232
CVE-2013-2234
CVE-2013-2237
CVE-2013-2851
CVE-2013-2852
CVE-2013-4162
CVE-2013-4163
Version: 5
Platform(s): Debian GNU/Linux 7
Debian GNU/kFreeBSD 7
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20847
 
Oval ID: oval:org.mitre.oval:def:20847
Title: RHSA-2013:1173: kernel security and bug fix update (Important)
Description: The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket.
Family: unix Class: patch
Reference(s): RHSA-2013:1173-00
CESA-2013:1173
CVE-2012-6544
CVE-2013-2146
CVE-2013-2206
CVE-2013-2224
CVE-2013-2232
CVE-2013-2237
Version: 87
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21146
 
Oval ID: oval:org.mitre.oval:def:21146
Title: RHSA-2013:1166: kernel security and bug fix update (Important)
Description: The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket.
Family: unix Class: patch
Reference(s): RHSA-2013:1166-00
CESA-2013:1166
CVE-2013-2147
CVE-2013-2164
CVE-2013-2206
CVE-2013-2224
CVE-2013-2232
CVE-2013-2234
CVE-2013-2237
Version: 101
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21210
 
Oval ID: oval:org.mitre.oval:def:21210
Title: RHSA-2013:1292: kernel security and bug fix update (Moderate)
Description: The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel through 3.10.3 makes an incorrect function call for pending data, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call.
Family: unix Class: patch
Reference(s): RHSA-2013:1292-00
CESA-2013:1292
CVE-2012-3511
CVE-2013-2141
CVE-2013-4162
Version: 45
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21235
 
Oval ID: oval:org.mitre.oval:def:21235
Title: RHSA-2013:1051: kernel security and bug fix update (Moderate)
Description: The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call.
Family: unix Class: patch
Reference(s): RHSA-2013:1051-00
CESA-2013:1051
CVE-2012-6548
CVE-2013-0914
CVE-2013-1848
CVE-2013-2128
CVE-2013-2634
CVE-2013-2635
CVE-2013-2852
CVE-2013-3222
CVE-2013-3224
CVE-2013-3225
CVE-2013-3301
Version: 157
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21254
 
Oval ID: oval:org.mitre.oval:def:21254
Title: USN-1899-1 -- linux vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1899-1
CVE-2012-4508
CVE-2013-2141
CVE-2013-2852
Version: 5
Platform(s): Ubuntu 10.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21303
 
Oval ID: oval:org.mitre.oval:def:21303
Title: USN-1900-1 -- linux-ec2 vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1900-1
CVE-2012-4508
CVE-2013-2141
CVE-2013-2852
Version: 5
Platform(s): Ubuntu 10.04
Product(s): linux-ec2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23149
 
Oval ID: oval:org.mitre.oval:def:23149
Title: ELSA-2013:1292: kernel security and bug fix update (Moderate)
Description: The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel through 3.10.3 makes an incorrect function call for pending data, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call.
Family: unix Class: patch
Reference(s): ELSA-2013:1292-00
CVE-2012-3511
CVE-2013-2141
CVE-2013-4162
Version: 17
Platform(s): Oracle Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23259
 
Oval ID: oval:org.mitre.oval:def:23259
Title: VMware ESX updates to third party libraries
Description: The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2164
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23361
 
Oval ID: oval:org.mitre.oval:def:23361
Title: ELSA-2013:1166: kernel security and bug fix update (Important)
Description: The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket.
Family: unix Class: patch
Reference(s): ELSA-2013:1166-00
CVE-2013-2147
CVE-2013-2164
CVE-2013-2206
CVE-2013-2224
CVE-2013-2232
CVE-2013-2234
CVE-2013-2237
Version: 33
Platform(s): Oracle Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23736
 
Oval ID: oval:org.mitre.oval:def:23736
Title: VMware ESX updates to third party libraries
Description: The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2232
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23835
 
Oval ID: oval:org.mitre.oval:def:23835
Title: VMware ESX updates to third party libraries
Description: The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2237
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23917
 
Oval ID: oval:org.mitre.oval:def:23917
Title: ELSA-2013:1051: kernel security and bug fix update (Moderate)
Description: The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call.
Family: unix Class: patch
Reference(s): ELSA-2013:1051-00
CVE-2012-6548
CVE-2013-0914
CVE-2013-1848
CVE-2013-2128
CVE-2013-2634
CVE-2013-2635
CVE-2013-2852
CVE-2013-3222
CVE-2013-3224
CVE-2013-3225
CVE-2013-3301
Version: 49
Platform(s): Oracle Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23930
 
Oval ID: oval:org.mitre.oval:def:23930
Title: ELSA-2013:1173: kernel security and bug fix update (Important)
Description: The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket.
Family: unix Class: patch
Reference(s): ELSA-2013:1173-00
CVE-2012-6544
CVE-2013-2146
CVE-2013-2206
CVE-2013-2224
CVE-2013-2232
CVE-2013-2237
Version: 29
Platform(s): Oracle Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24081
 
Oval ID: oval:org.mitre.oval:def:24081
Title: VMware ESX updates to third party libraries
Description: The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2147
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24177
 
Oval ID: oval:org.mitre.oval:def:24177
Title: VMware ESX updates to third party libraries
Description: The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2234
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25573
 
Oval ID: oval:org.mitre.oval:def:25573
Title: SUSE-SU-2013:1473-1 -- Security update for Linux kernel
Description: The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to version 3.0.93 and to fix various bugs and security issues.
Family: unix Class: patch
Reference(s): SUSE-SU-2013:1473-1
CVE-2013-2148
CVE-2013-2237
CVE-2013-2232
CVE-2013-2234
CVE-2013-4162
CVE-2013-1059
CVE-2013-2164
CVE-2013-2851
CVE-2013-4163
CVE-2013-1929
CVE-2013-1819
CVE-2013-3301
CVE-2013-2852
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): Linux kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25589
 
Oval ID: oval:org.mitre.oval:def:25589
Title: SUSE-SU-2013:0845-1 -- Security update for Linux kernel
Description: The SUSE Linux Enterprise 11 SP2 Realtime kernel has been updated to fix a critical security issue.
Family: unix Class: patch
Reference(s): SUSE-SU-2013:0845-1
CVE-2013-2850
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): Linux kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26512
 
Oval ID: oval:org.mitre.oval:def:26512
Title: ELSA-2013-2542 -- unbreakable enterprise kernel security update (important)
Description: kernel-uek [2.6.32-400.29.3uek] - block: do not pass disk names as format strings (Jerry Snitselaar) [Orabug: 17230124] {CVE-2013-2851} - af_key: initialize satype in key_notify_policy_flush() (Nicolas Dichtel) [Orabug: 17370765] {CVE-2013-2237} - Bluetooth: L2CAP - Fix info leak via getsockname() (Mathias Krause) [Orabug: 17371054] {CVE-2012-6544} - Bluetooth: HCI - Fix info leak in getsockopt(HCI_FILTER) (Mathias Krause) [Orabug: 17371072] {CVE-2012-6544} - ipv6: ip6_sk_dst_check() must not assume ipv6 dst (Eric Dumazet) [Orabug: 17371079] {CVE-2013-2232} - sctp: Use correct sideffect command in duplicate cookie handling (Vlad Yasevich) [Orabug: 17371121] {CVE-2013-2206} - sctp: deal with multiple COOKIE_ECHO chunks (Max Matveev) [Orabug: 17372129] {CVE-2013-2206}
Family: unix Class: patch
Reference(s): ELSA-2013-2542
CVE-2012-6544
CVE-2013-2206
CVE-2013-2232
CVE-2013-2237
CVE-2013-2851
Version: 5
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): kernel-uek
mlnx_en
ofa
kernel-uek-debug
kernel-uek-debug-devel
kernel-uek-devel
kernel-uek-doc
kernel-uek-firmware
kernel-uek-headers
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27018
 
Oval ID: oval:org.mitre.oval:def:27018
Title: USN-1946-1 -- Linux kernel (OMAP4) vulnerabilities
Description: A denial of service flaw was discovered in the Btrfs file system in the Linux kernel. A local user could cause a denial of service by creating a large number of files with names that have the same CRC32 hash value. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2012-5374">CVE-2012-5374</a>) A denial of service flaw was discovered in the Btrfs file system in the Linux kernel. A local user could cause a denial of service (prevent file creation) for a victim, by creating a file with a specific CRC32C hash value in a directory important to the victim. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2012-5375">CVE-2012-5375</a>) Vasily Kulikov discovered a flaw in the Linux Kernel&#39;s perf tool that allows for privilege escalation. A local user could exploit this flaw to run commands as root when using the perf tool. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2013-1060">CVE-2013-1060</a>) A flaw was discovered in the Xen subsystem of the Linux kernel when it provides read-only access to a disk that supports TRIM or SCSI UNMAP to a guest OS. A privileged user in the guest OS could exploit this flaw to destroy data on the disk, even though the guest OS should not be able to write to the disk. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2013-2140">CVE-2013-2140</a>) A flaw was discovered in the Linux kernel when an IPv6 socket is used to connect to an IPv4 destination. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2013-2232">CVE-2013-2232</a>) An information leak was discovered in the IPSec key_socket implementation in the Linux kernel. An local user could exploit this flaw to examine potentially sensitive information in kernel memory. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2013-2234">CVE-2013-2234</a>) Hannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option in the Linux kernel&#39;s IPv6 stack. A local user could exploit this flaw to cause a denial of service (system crash). (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2013-4162">CVE-2013-4162</a>) Hannes Frederic Sowa discovered a flaw in the IPv6 subsystem of the Linux kernel when the IPV6_MTU setsockopt option has been specified in combination with the UDP_CORK option. A local user could exploit this flaw to cause a denial of service (system crash). (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2013-4163">CVE-2013-4163</a>)
Family: unix Class: patch
Reference(s): USN-1946-1
CVE-2012-5374
CVE-2012-5375
CVE-2013-1060
CVE-2013-2140
CVE-2013-2232
CVE-2013-2234
CVE-2013-4162
CVE-2013-4163
Version: 3
Platform(s): Ubuntu 13.04
Product(s): linux-ti-omap4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27304
 
Oval ID: oval:org.mitre.oval:def:27304
Title: ELSA-2013-2546 -- Unbreakable Enterprise Kernel security and bug fix update (important)
Description: [2.6.39-400.209.1] - Revert 'stop mig handler when lockres in progress ,and return -EAGAIN' (Srinivas Eeda) [Orabug: 16924802] - ocfs2/dlm: Fix list traversal in dlm_process_recovery_data (Srinivas Eeda) [Orabug: 17432400] - ocfs2/dlm: ocfs2 dlm umount skip migrating lockres (Srinivas Eeda) [Orabug: 16859627]
Family: unix Class: patch
Reference(s): ELSA-2013-2546
CVE-2013-2164
CVE-2013-2234
CVE-2012-6549
CVE-2013-1772
CVE-2013-2140
CVE-2013-3076
CVE-2013-4163
Version: 3
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): kernel-uek
kernel-uek-debug
kernel-uek-debug-devel
kernel-uek-devel
kernel-uek-doc
kernel-uek-firmware
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27363
 
Oval ID: oval:org.mitre.oval:def:27363
Title: ELSA-2013-2543 -- unbreakable enterprise kernel security update (important)
Description: [2.6.39-400.109.6] - block: do not pass disk names as format strings (Kees Cook) [Orabug: 17230083] {CVE-2013-2851} - libceph: Fix NULL pointer dereference in auth client code (Tyler Hicks) [Orabug: 17230108] {CVE-2013-1059} - ipv6: ip6_sk_dst_check() must not assume ipv6 dst (Eric Dumazet) [Orabug: 17371078] {CVE-2013-2232} - af_key: initialize satype in key_notify_policy_flush() (Nicolas Dichtel) [Orabug: 17370788] {CVE-2013-2237} - Bluetooth: HCI - Fix info leak via getsockname() (Mathias Krause) [Orabug: 17370892] {CVE-2012-6544} - Bluetooth: L2CAP - Fix info leak via getsockname() (Mathias Krause) [Orabug: 17371050] {CVE-2012-6544} - Bluetooth: HCI - Fix info leak in getsockopt(HCI_FILTER) (Mathias Krause) [Orabug: 17371065] {CVE-2012-6544} - sctp: Use correct sideffect command in duplicate cookie handling (Vlad Yasevich) [Orabug: 17371118] {CVE-2013-2206} - sctp: deal with multiple COOKIE_ECHO chunks (Max Matveev) [Orabug: 17372121] {CVE-2013-2206}
Family: unix Class: patch
Reference(s): ELSA-2013-2543
CVE-2012-6544
CVE-2013-2206
CVE-2013-2232
CVE-2013-2237
CVE-2013-1059
CVE-2013-2851
Version: 3
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): kernel-uek
kernel-uek-debug
kernel-uek-debug-devel
kernel-uek-devel
kernel-uek-doc
kernel-uek-firmware
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27383
 
Oval ID: oval:org.mitre.oval:def:27383
Title: ELSA-2013-2538 -- unbreakable enterprise kernel security update (moderate)
Description: [2.6.39-400.109.3] - Revert 'be2net: enable interrupts in probe' (Jerry Snitselaar) [Orabug: 17179597] [2.6.39-400.109.2] - be2net: enable interrupts in probe (Jerry Snitselaar) [Orabug: 17080364] - Bluetooth: RFCOMM - Fix missing msg_namelen update in rfcomm_sock_recvmsg() (Mathias Krause) [Orabug: 17173830] {CVE-2013-3225} - Bluetooth: fix possible info leak in bt_sock_recvmsg() (Mathias Krause) [Orabug: 17173830] {CVE-2013-3224} - atm: update msg_namelen in vcc_recvmsg() (Mathias Krause) [Orabug: 17173830] {CVE-2013-3222} - rtnl: fix info leak on RTM_GETLINK request for VF devices (Mathias Krause) [Orabug: 17173830] {CVE-2013-2635} - dcbnl: fix various netlink info leaks (Mathias Krause) [Orabug: 17173830] {CVE-2013-2634} - udf: avoid info leak on export (Mathias Krause) [Orabug: 17173830] {CVE-2012-6548} - tracing: Fix possible NULL pointer dereferences (Namhyung Kim) [Orabug: 17173830] {CVE-2013-3301} - b43: stop format string leaking into error msgs (Kees Cook) [Orabug: 17173830] {CVE-2013-2852} - signal: always clear sa_restorer on execve (Kees Cook) [Orabug: 17173830] {CVE-2013-0914}
Family: unix Class: patch
Reference(s): ELSA-2013-2538
CVE-2013-0914
CVE-2013-3222
CVE-2013-3224
CVE-2012-6548
CVE-2013-2634
CVE-2013-2635
CVE-2013-2852
CVE-2013-3225
CVE-2013-3301
Version: 3
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): kernel-uek
kernel-uek-debug
kernel-uek-debug-devel
kernel-uek-devel
kernel-uek-doc
kernel-uek-firmware
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27384
 
Oval ID: oval:org.mitre.oval:def:27384
Title: DEPRECATED: ELSA-2013-1292 -- kernel security and bug fix update (moderate)
Description: kernel [2.6.18-348.18.1] - [net] be2net: enable polling prior enabling interrupts globally (Ivan Vecera) [1005239 987539] - [kernel] signals: stop info leak via tkill and tgkill syscalls (Oleg Nesterov) [970874 970875] {CVE-2013-2141} - [net] ipv6: do udp_push_pending_frames AF_INET sock pending data (Jiri Benc) [987647 987648] {CVE-2013-4162} - [mm] use-after-free in madvise_remove() (Jacob Tanenbaum) [849735 849736] {CVE-2012-3511} - [fs] autofs: remove autofs dentry mount check (Ian Kent) [1001488 928098]
Family: unix Class: patch
Reference(s): ELSA-2013-1292
CVE-2012-3511
CVE-2013-2141
CVE-2013-4162
Version: 4
Platform(s): Oracle Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27402
 
Oval ID: oval:org.mitre.oval:def:27402
Title: DEPRECATED: ELSA-2013-1173 -- kernel security and bug fix update (important)
Description: [2.6.32-358.18.1] - [x86] perf/x86: Fix offcore_rsp valid mask for SNB/IVB (Nikola Pajkovsky) [971314 971315] {CVE-2013-2146} - [net] br: fix schedule while atomic issue in br_features_recompute() (Jiri Pirko) [990464 980876] - [scsi] isci: Fix a race condition in the SSP task management path (David Milburn) [990470 978609] - [bluetooth] L2CAP - Fix info leak via getsockname() (Jacob Tanenbaum) [922417 922418] {CVE-2012-6544} - [bluetooth] HCI - Fix info leak in getsockopt() (Jacob Tanenbaum) [922417 922418] {CVE-2012-6544} - [net] tuntap: initialize vlan_features (Vlad Yasevich) [984524 951458] - [net] af_key: initialize satype in key_notify_policy_flush() (Thomas Graf) [981225 981227] {CVE-2013-2237} - [usb] uhci: fix for suspend of virtual HP controller (Gopal) [982697 960026] - [usb] uhci: Remove PCI dependencies from uhci-hub (Gopal) [982697 960026] - [netdrv] bnx2x: Change MDIO clock settings (Michal Schmidt) [982116 901747] - [scsi] st: Take additional queue ref in st_probe (Tomas Henzl) [979293 927988] - [kernel] audit: wait_for_auditd() should use TASK_UNINTERRUPTIBLE (Oleg Nesterov) [982472 962976] - [kernel] audit: avoid negative sleep durations (Oleg Nesterov) [982472 962976] - [fs] ext4/jbd2: dont wait (forever) for stale tid caused by wraparound (Eric Sandeen) [963557 955807] - [fs] jbd: dont wait (forever) for stale tid caused by wraparound (Eric Sandeen) [963557 955807] - [fs] ext4: fix waiting and sending of a barrier in ext4_sync_file() (Eric Sandeen) [963557 955807] - [fs] jbd2: Add function jbd2_trans_will_send_data_barrier() (Eric Sandeen) [963557 955807] - [fs] jbd2: fix sending of data flush on journal commit (Eric Sandeen) [963557 955807] - [fs] ext4: fix fdatasync() for files with only i_size changes (Eric Sandeen) [963557 955807] - [fs] ext4: Initialize fsync transaction ids in ext4_new_inode() (Eric Sandeen) [963557 955807] - [fs] ext4: Rewrite __jbd2_log_start_commit logic to match upstream (Eric Sandeen) [963557 955807] - [net] bridge: Set vlan_features to allow offloads on vlans (Vlad Yasevich) [984524 951458] - [virt] virtio-net: initialize vlan_features (Vlad Yasevich) [984524 951458] - [mm] swap: avoid read_swap_cache_async() race to deadlock while waiting on discard I/O completion (Rafael Aquini) [977668 827548] - [dma] ioat: Fix excessive CPU utilization (John Feeney) [982758 883575] - [fs] vfs: revert most of dcache remove d_mounted (Ian Kent) [974597 907512] - [fs] xfs: don't free EFIs before the EFDs are committed (Carlos Maiolino) [975578 947582] - [fs] xfs: pass shutdown method into xfs_trans_ail_delete_bulk (Carlos Maiolino) [975576 805407] - [net] ipv6: bind() use stronger condition for bind_conflict (Flavio Leitner) [989923 917872] - [net] tcp: bind() use stronger condition for bind_conflict (Flavio Leitner) [977680 894683] - [x86] remove BUG_ON(TS_USEDFPU) in __sanitize_i387_state() (Oleg Nesterov) [956054 920445] - [fs] coredump: ensure the fpu state is flushed for proper multi-threaded core dump (Oleg Nesterov) [956054 920445]
Family: unix Class: patch
Reference(s): ELSA-2013-1173
CVE-2012-6544
CVE-2013-2206
CVE-2013-2224
CVE-2013-2232
CVE-2013-2237
CVE-2013-2146
Version: 4
Platform(s): Oracle Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27425
 
Oval ID: oval:org.mitre.oval:def:27425
Title: ELSA-2013-1166-1 -- kernel security and bug fix update (important)
Description: kernel [2.6.18-348.16.1.0.1] - [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030] - [oprofile] export __get_user_pages_fast() function [orabug 14277030] - [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030] - [oprofile] oprofile: use KM_NMI slot for kmap_atomic [orabug 14277030] - [oprofile] oprofile: i386 add get_user_pages_fast support [orabug 14277030] - [kernel] Initialize the local uninitialized variable stats. [orabug 14051367] - [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763] - [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] Patch shrink_zone to yield during severe mempressure events, avoiding hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839] - [mm] Enhance shrink_zone patch allow full swap utilization, and also be NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] - [usb] USB: fix __must_check warnings in drivers/usb/core/ (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix endpoint device creation (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix refcount bug in endpoint removal (Junxiao Bi) [orabug 14795203]
Family: unix Class: patch
Reference(s): ELSA-2013-1166-1
CVE-2013-2147
CVE-2013-2164
CVE-2013-2206
CVE-2013-2224
CVE-2013-2232
CVE-2013-2234
CVE-2013-2237
Version: 5
Platform(s): Oracle Linux 5
Product(s): kernel
ocfs2
oracleasm
kernel-PAE
kernel-PAE-devel
kernel-debug
kernel-debug-devel
kernel-devel
kernel-doc
kernel-headers
kernel-xen
kernel-xen-devel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27457
 
Oval ID: oval:org.mitre.oval:def:27457
Title: DEPRECATED: ELSA-2013-1051 -- kernel security and bug fix update (moderate)
Description: [2.6.32-358.14.1] - [x86] apic: Add probe() for apic_flat (Prarit Bhargava) [975086 953342]
Family: unix Class: patch
Reference(s): ELSA-2013-1051
CVE-2013-1848
CVE-2013-0914
CVE-2013-3222
CVE-2013-3224
CVE-2012-6548
CVE-2013-2128
CVE-2013-2634
CVE-2013-2635
CVE-2013-2852
CVE-2013-3225
CVE-2013-3301
Version: 4
Platform(s): Oracle Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27469
 
Oval ID: oval:org.mitre.oval:def:27469
Title: DEPRECATED: ELSA-2013-1166 -- kernel security and bug fix update (important)
Description: kernel [2.6.18-348.16.1] - [x86_64] Fix kdump failure due to 'x86_64: Early segment setup' (Paolo Bonzini) [988251 987244] - [xen] skip tracing if it was disabled instead of dying (Igor Mammedov) [987976 967053] - [ia64] fix KABI breakage on ia64 (Prarit Bhargava) [966878 960783] - [x86] fpu: fix CONFIG_PREEMPT=y corruption of FPU stack (Prarit Bhargava) [948187 731531] - [i386] add sleazy FPU optimization (Prarit Bhargava) [948187 731531] - [x86-64] non lazy 'sleazy' fpu implementation (Prarit Bhargava) [948187 731531]
Family: unix Class: patch
Reference(s): ELSA-2013-1166
CVE-2013-2147
CVE-2013-2164
CVE-2013-2206
CVE-2013-2224
CVE-2013-2232
CVE-2013-2234
CVE-2013-2237
Version: 4
Platform(s): Oracle Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27491
 
Oval ID: oval:org.mitre.oval:def:27491
Title: ELSA-2013-1292-1 -- kernel security and bug fix update (moderate)
Description: This update fixes the following security issues: * A use-after-free flaw was found in the madvise() system call implementation in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2012-3511, Moderate) * A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled IPv6 sockets that used the UDP_CORK option. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2013-4162, Moderate) * An information leak flaw in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space.
Family: unix Class: patch
Reference(s): ELSA-2013-1292-1
CVE-2012-3511
CVE-2013-2141
CVE-2013-4162
Version: 5
Platform(s): Oracle Linux 5
Product(s): kernel
ocfs2
oracleasm
kernel-PAE
kernel-PAE-devel
kernel-debug
kernel-debug-devel
kernel-devel
kernel-doc
kernel-headers
kernel-xen
kernel-xen-devel
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 4
Os 1
Os 1890
Os 3
Os 1
Os 1
Os 1
Os 3

Snort® IPS/IDS

Date Description
2014-11-16 Linux iscsi_add_notunderstood_response request buffer overflow attempt
RuleID : 31590 - Revision : 2 - Type : PROTOCOL-SERVICES
2014-11-16 Linux iscsi_add_notunderstood_response request buffer overflow attempt
RuleID : 31589 - Revision : 2 - Type : PROTOCOL-SERVICES

Nessus® Vulnerability Scanner

Date Description
2017-04-03 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2017-0057.nasl - Type : ACT_GATHER_INFO
2016-03-04 Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_esx_VMSA-2013-0015_remote.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2013-1832-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-0189-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-0287-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-0536-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-1138-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0812-1.nasl - Type : ACT_GATHER_INFO
2014-11-12 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-1645.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2013-1076.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2013-1181.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1450.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2013-1460.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2013-1527.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1783.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2013-1802.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0284.nasl - Type : ACT_GATHER_INFO
2014-07-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1264.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-1034.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-483.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-512.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-513.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-813.nasl - Type : ACT_GATHER_INFO
2014-04-27 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2906.nasl - Type : ACT_GATHER_INFO
2014-02-13 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3002.nasl - Type : ACT_GATHER_INFO
2014-02-05 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-140124.nasl - Type : ACT_GATHER_INFO
2014-02-05 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-140125.nasl - Type : ACT_GATHER_INFO
2013-12-18 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-2589.nasl - Type : ACT_GATHER_INFO
2013-12-17 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20131121_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-12-17 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20131212_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-12-13 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-1801.nasl - Type : ACT_GATHER_INFO
2013-12-13 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-1801.nasl - Type : ACT_GATHER_INFO
2013-12-13 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1801.nasl - Type : ACT_GATHER_INFO
2013-12-06 Name : The remote VMware ESX host is missing one or more security-related patches.
File : vmware_VMSA-2013-0015.nasl - Type : ACT_GATHER_INFO
2013-11-29 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-2585.nasl - Type : ACT_GATHER_INFO
2013-11-27 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-1645.nasl - Type : ACT_GATHER_INFO
2013-11-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1645.nasl - Type : ACT_GATHER_INFO
2013-11-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2015-1.nasl - Type : ACT_GATHER_INFO
2013-11-09 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2016-1.nasl - Type : ACT_GATHER_INFO
2013-11-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2017-1.nasl - Type : ACT_GATHER_INFO
2013-11-09 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2020-1.nasl - Type : ACT_GATHER_INFO
2013-11-09 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2023-1.nasl - Type : ACT_GATHER_INFO
2013-10-24 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2013-233.nasl - Type : ACT_GATHER_INFO
2013-10-22 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1992-1.nasl - Type : ACT_GATHER_INFO
2013-10-22 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1994-1.nasl - Type : ACT_GATHER_INFO
2013-10-22 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1995-1.nasl - Type : ACT_GATHER_INFO
2013-10-22 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1996-1.nasl - Type : ACT_GATHER_INFO
2013-10-22 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1998-1.nasl - Type : ACT_GATHER_INFO
2013-10-20 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-2575.nasl - Type : ACT_GATHER_INFO
2013-10-18 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-1436.nasl - Type : ACT_GATHER_INFO
2013-10-18 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20131016_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-10-17 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-1436.nasl - Type : ACT_GATHER_INFO
2013-10-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1436.nasl - Type : ACT_GATHER_INFO
2013-10-01 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2013-218.nasl - Type : ACT_GATHER_INFO
2013-09-30 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2766.nasl - Type : ACT_GATHER_INFO
2013-09-28 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-1292.nasl - Type : ACT_GATHER_INFO
2013-09-28 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-1292-1.nasl - Type : ACT_GATHER_INFO
2013-09-28 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-1292.nasl - Type : ACT_GATHER_INFO
2013-09-28 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130926_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-09-28 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1970-1.nasl - Type : ACT_GATHER_INFO
2013-09-28 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1972-1.nasl - Type : ACT_GATHER_INFO
2013-09-27 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-242.nasl - Type : ACT_GATHER_INFO
2013-09-27 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1292.nasl - Type : ACT_GATHER_INFO
2013-09-21 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-130827.nasl - Type : ACT_GATHER_INFO
2013-09-21 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-130828.nasl - Type : ACT_GATHER_INFO
2013-09-18 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-2546.nasl - Type : ACT_GATHER_INFO
2013-09-07 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1939-1.nasl - Type : ACT_GATHER_INFO
2013-09-07 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1940-1.nasl - Type : ACT_GATHER_INFO
2013-09-07 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1941-1.nasl - Type : ACT_GATHER_INFO
2013-09-07 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1943-1.nasl - Type : ACT_GATHER_INFO
2013-09-07 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1944-1.nasl - Type : ACT_GATHER_INFO
2013-09-07 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1947-1.nasl - Type : ACT_GATHER_INFO
2013-09-06 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1938-1.nasl - Type : ACT_GATHER_INFO
2013-08-30 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2745.nasl - Type : ACT_GATHER_INFO
2013-08-30 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-2542.nasl - Type : ACT_GATHER_INFO
2013-08-30 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-2543.nasl - Type : ACT_GATHER_INFO
2013-08-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-1173.nasl - Type : ACT_GATHER_INFO
2013-08-29 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130827_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-08-28 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-1173.nasl - Type : ACT_GATHER_INFO
2013-08-28 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1173.nasl - Type : ACT_GATHER_INFO
2013-08-23 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-1166-1.nasl - Type : ACT_GATHER_INFO
2013-08-23 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-1166.nasl - Type : ACT_GATHER_INFO
2013-08-22 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-1166.nasl - Type : ACT_GATHER_INFO
2013-08-22 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130820_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-08-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1166.nasl - Type : ACT_GATHER_INFO
2013-08-21 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1929-1.nasl - Type : ACT_GATHER_INFO
2013-08-21 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1931-1.nasl - Type : ACT_GATHER_INFO
2013-08-21 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1932-1.nasl - Type : ACT_GATHER_INFO
2013-08-21 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1935-1.nasl - Type : ACT_GATHER_INFO
2013-08-21 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1936-1.nasl - Type : ACT_GATHER_INFO
2013-07-30 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1912-1.nasl - Type : ACT_GATHER_INFO
2013-07-30 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1913-1.nasl - Type : ACT_GATHER_INFO
2013-07-30 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1914-1.nasl - Type : ACT_GATHER_INFO
2013-07-30 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1915-1.nasl - Type : ACT_GATHER_INFO
2013-07-30 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1916-1.nasl - Type : ACT_GATHER_INFO
2013-07-30 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1917-1.nasl - Type : ACT_GATHER_INFO
2013-07-30 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1919-1.nasl - Type : ACT_GATHER_INFO
2013-07-19 Name : The remote Fedora host is missing a security update.
File : fedora_2013-12990.nasl - Type : ACT_GATHER_INFO
2013-07-19 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-2537.nasl - Type : ACT_GATHER_INFO
2013-07-19 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-2538.nasl - Type : ACT_GATHER_INFO
2013-07-18 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-1051.nasl - Type : ACT_GATHER_INFO
2013-07-18 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130716_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-07-17 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-1051.nasl - Type : ACT_GATHER_INFO
2013-07-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1051.nasl - Type : ACT_GATHER_INFO
2013-07-14 Name : The remote Fedora host is missing a security update.
File : fedora_2013-12901.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Fedora host is missing a security update.
File : fedora_2013-10050.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Fedora host is missing a security update.
File : fedora_2013-10689.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Fedora host is missing a security update.
File : fedora_2013-10695.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Fedora host is missing a security update.
File : fedora_2013-12339.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Fedora host is missing a security update.
File : fedora_2013-12530.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Fedora host is missing a security update.
File : fedora_2013-9123.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-194.nasl - Type : ACT_GATHER_INFO
2013-07-05 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1899-1.nasl - Type : ACT_GATHER_INFO
2013-07-05 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1900-1.nasl - Type : ACT_GATHER_INFO
2013-06-25 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-176.nasl - Type : ACT_GATHER_INFO
2013-06-16 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1878-1.nasl - Type : ACT_GATHER_INFO
2013-06-16 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1880-1.nasl - Type : ACT_GATHER_INFO
2013-06-16 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1881-1.nasl - Type : ACT_GATHER_INFO
2013-06-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-130525.nasl - Type : ACT_GATHER_INFO
2013-05-31 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1844-1.nasl - Type : ACT_GATHER_INFO
2013-05-31 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1845-1.nasl - Type : ACT_GATHER_INFO
2013-05-31 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1846-1.nasl - Type : ACT_GATHER_INFO
2013-05-31 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1847-1.nasl - Type : ACT_GATHER_INFO
2013-05-25 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1833-1.nasl - Type : ACT_GATHER_INFO
2013-05-25 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1834-1.nasl - Type : ACT_GATHER_INFO
2013-05-25 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1835-1.nasl - Type : ACT_GATHER_INFO
2013-05-17 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2669.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2014-07-23 13:25:12
  • Multiple Updates
2013-11-04 21:34:57
  • Multiple Updates
2013-09-16 21:19:02
  • First insertion