oval:org.mitre.oval:def:28519
Definition Id: oval:org.mitre.oval:def:28519 | |||
Oval ID: | oval:org.mitre.oval:def:28519 | ||
Title: | USN-2442-1 -- Linux kernel (EC2) vulnerabilities | ||
Description: | An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-8134">CVE-2014-8134</a>) A flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (system crash). (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3673">CVE-2014-3673</a>) A flaw in the handling of duplicate ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (panic). (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3687">CVE-2014-3687</a>) It was discovered that excessive queuing by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel can cause memory pressure. A remote attacker could exploit this flaw to cause a denial of service. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3688">CVE-2014-3688</a>) A null pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-7841">CVE-2014-7841</a>) Jouni Malinen reported a flaw in the handling of fragmentation in the mac8Linux subsystem of the kernel. A remote attacker could exploit this flaw to obtain potential sensitive cleartext information by reading packets. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-8709">CVE-2014-8709</a>) A stack buffer overflow was discovered in the ioctl command handling for the Technotrend/Hauppauge USB DEC devices driver. A local user could exploit this flaw to cause a denial of service (system crash) or possibly gain privileges. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-8884">CVE-2014-8884</a>) Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register on the x86 architecture. A local attacker could exploit this flaw to cause a denial of service (panic). (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-9090">CVE-2014-9090</a>) | ||
Family: | unix | Class: | patch |
Reference(s): | USN-2442-1 CVE-2014-8134 CVE-2014-3673 CVE-2014-3687 CVE-2014-3688 CVE-2014-7841 CVE-2014-8709 CVE-2014-8884 CVE-2014-9090 | Version: | 3 |
Platform(s): | Ubuntu 10.04 | Product(s): | linux-ec2 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:13089 | |||
Oval ID: | oval:org.mitre.oval:def:13089 | ||
Title: | Ubuntu 10.04 is installed | ||
Description: | Ubuntu 10.04 is installed | ||
Family: | unix | Class: | inventory |
Reference(s): | cpe:/o:canonical:ubuntu_linux:10.04 | Version: | 5 |
Platform(s): | Ubuntu 10.04 | Product(s): | |
Definition Synopsis: | |||
Referenced By: | |||
oval:org.mitre.oval:def:28519 |