Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name MDVSA-2014:201 First vendor Publication 2014-10-21
Vendor Mandriva Last vendor Modification 2014-10-21
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple vulnerabilities has been found and corrected in the Linux kernel:

The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service (system crash) by triggering a memory-usage pattern that requires removal of page-table mappings (CVE-2014-3122).

Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allow physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event (CVE-2014-3181).

Array index error in the logi_dj_raw_event function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (invalid kfree) via a crafted device that provides a malformed REPORT_TYPE_NOTIF_DEVICE_UNPAIRED value (CVE-2014-3182).

The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c (CVE-2014-3184).

Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response (CVE-2014-3185).

Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report (CVE-2014-3186).

arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a crafted application that makes a ptrace system call (CVE-2014-3534).

The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages (CVE-2014-3601).

The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction (CVE-2014-5077).

The do_remount function in fs/namespace.c in the Linux kernel through 3.16.1 does not maintain the MNT_LOCK_READONLY bit across a remount of a bind mount, which allows local users to bypass an intended read-only restriction and defeat certain sandbox protection mechanisms via a mount -o remount command within a user namespace (CVE-2014-5206).

Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry (CVE-2014-5471).

The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry (CVE-2014-5472).

The __udf_read_inode function in fs/udf/inode.c in the Linux kernel through 3.16.3 does not restrict the amount of ICB indirection, which allows physically proximate attackers to cause a denial of service (infinite loop or stack consumption) via a UDF filesystem with a crafted inode (CVE-2014-6410).

The do_umount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAP_SYS_ADMIN capability for do_remount_sb calls that change the root filesystem to read-only, which allows local users to cause a denial of service (loss of writability) by making certain unshare system calls, clearing the / MNT_LOCKED flag, and making an MNT_FORCE umount system call (CVE-2014-7975).

The updated packages provides a solution for these security issues.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2014:201

CWE : Common Weakness Enumeration

% Id Name
38 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
15 % CWE-399 Resource Management Errors
15 % CWE-269 Improper Privilege Management
8 % CWE-476 NULL Pointer Dereference
8 % CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
8 % CWE-189 Numeric Errors (CWE/SANS Top 25)
8 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:24568
 
Oval ID: oval:org.mitre.oval:def:24568
Title: USN-2234-1 -- linux-ec2 vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2234-1
CVE-2014-3153
CVE-2013-4387
CVE-2013-4470
CVE-2013-4483
CVE-2014-1438
CVE-2014-3122
Version: 3
Platform(s): Ubuntu 10.04
Product(s): linux-ec2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24658
 
Oval ID: oval:org.mitre.oval:def:24658
Title: USN-2239-1 -- linux-lts-saucy vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2239-1
CVE-2014-3153
CVE-2014-0155
CVE-2014-2568
CVE-2014-3122
Version: 3
Platform(s): Ubuntu 12.04
Product(s): linux-lts-saucy
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24753
 
Oval ID: oval:org.mitre.oval:def:24753
Title: USN-2240-1 -- linux vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2240-1
CVE-2014-3153
CVE-2014-2568
CVE-2014-3122
Version: 3
Platform(s): Ubuntu 14.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24761
 
Oval ID: oval:org.mitre.oval:def:24761
Title: USN-2224-1 -- linux-lts-raring vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2224-1
CVE-2014-1738
CVE-2014-1737
CVE-2014-0055
CVE-2014-0077
CVE-2014-0101
CVE-2014-2309
CVE-2014-2523
CVE-2014-2672
CVE-2014-2678
CVE-2014-2706
CVE-2014-2851
CVE-2014-3122
Version: 3
Platform(s): Ubuntu 12.04
Product(s): linux-lts-raring
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24832
 
Oval ID: oval:org.mitre.oval:def:24832
Title: USN-2235-1 -- linux vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2235-1
CVE-2014-3153
CVE-2014-0055
CVE-2014-3122
Version: 3
Platform(s): Ubuntu 12.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24844
 
Oval ID: oval:org.mitre.oval:def:24844
Title: USN-2241-1 -- linux vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2241-1
CVE-2014-3153
CVE-2014-0155
CVE-2014-2568
CVE-2014-3122
Version: 3
Platform(s): Ubuntu 13.10
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24852
 
Oval ID: oval:org.mitre.oval:def:24852
Title: USN-2233-1 -- linux vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2233-1
CVE-2014-3153
CVE-2013-4387
CVE-2013-4470
CVE-2013-4483
CVE-2014-1438
CVE-2014-3122
Version: 3
Platform(s): Ubuntu 10.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24853
 
Oval ID: oval:org.mitre.oval:def:24853
Title: USN-2223-1 -- linux-lts-quantal vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2223-1
CVE-2014-1738
CVE-2014-1737
CVE-2013-4483
CVE-2014-0055
CVE-2014-0077
CVE-2014-0101
CVE-2014-2309
CVE-2014-2523
CVE-2014-2672
CVE-2014-2678
CVE-2014-2706
CVE-2014-2851
CVE-2014-3122
Version: 3
Platform(s): Ubuntu 12.04
Product(s): linux-lts-quantal
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24860
 
Oval ID: oval:org.mitre.oval:def:24860
Title: USN-2236-1 -- linux-ti-omap4 vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2236-1
CVE-2014-3153
CVE-2014-0055
CVE-2014-3122
Version: 3
Platform(s): Ubuntu 12.04
Product(s): linux-ti-omap4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25161
 
Oval ID: oval:org.mitre.oval:def:25161
Title: USN-2260-1 -- linux-lts-trusty vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2260-1
CVE-2014-0196
CVE-2014-3153
CVE-2014-1738
CVE-2014-1737
CVE-2014-0077
CVE-2014-2568
CVE-2014-2851
CVE-2014-3122
Version: 3
Platform(s): Ubuntu 12.04
Product(s): linux-lts-trusty
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25408
 
Oval ID: oval:org.mitre.oval:def:25408
Title: SUSE-SU-2014:0696-1 -- Security update for Linux kernel
Description: The SUSE Linux Enterprise Server 11 SP2 LTSS kernel received a roll-up update to fix security and non-security issues.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0696-1
CVE-2013-4470
CVE-2013-4579
CVE-2013-6382
CVE-2013-6885
CVE-2013-7263
CVE-2013-7264
CVE-2013-7265
CVE-2013-7339
CVE-2014-0069
CVE-2014-0101
CVE-2014-0196
CVE-2014-1444
CVE-2014-1445
CVE-2014-1446
CVE-2014-1737
CVE-2014-1738
CVE-2014-1874
CVE-2014-2039
CVE-2014-2523
CVE-2014-2678
CVE-2014-3122
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
Product(s): Linux kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25927
 
Oval ID: oval:org.mitre.oval:def:25927
Title: USN-2354-1 -- linux vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2354-1
CVE-2014-5471
CVE-2014-5472
Version: 3
Platform(s): Ubuntu 10.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26081
 
Oval ID: oval:org.mitre.oval:def:26081
Title: USN-2333-1 -- linux-ec2 vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2333-1
CVE-2014-0203
CVE-2014-4508
CVE-2014-4652
CVE-2014-4653
CVE-2014-4654
CVE-2014-4655
CVE-2014-4656
CVE-2014-4667
CVE-2014-5077
Version: 3
Platform(s): Ubuntu 10.04
Product(s): linux-ec2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26133
 
Oval ID: oval:org.mitre.oval:def:26133
Title: USN-2318-1 -- linux vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2318-1
CVE-2014-5207
CVE-2014-5206
Version: 3
Platform(s): Ubuntu 14.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26346
 
Oval ID: oval:org.mitre.oval:def:26346
Title: USN-2335-1 -- linux-ti-omap4 vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2335-1
CVE-2014-3917
CVE-2014-4027
CVE-2014-4171
CVE-2014-4652
CVE-2014-4653
CVE-2014-4654
CVE-2014-4655
CVE-2014-4656
CVE-2014-4667
CVE-2014-5077
Version: 3
Platform(s): Ubuntu 12.04
Product(s): linux-ti-omap4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26533
 
Oval ID: oval:org.mitre.oval:def:26533
Title: USN-2317-1 -- linux-lts-trusty vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2317-1
CVE-2014-5207
CVE-2014-5206
Version: 3
Platform(s): Ubuntu 12.04
Product(s): linux-lts-trusty
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26618
 
Oval ID: oval:org.mitre.oval:def:26618
Title: USN-2355-1 -- linux-ec2 vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2355-1
CVE-2014-5471
CVE-2014-5472
Version: 3
Platform(s): Ubuntu 10.04
Product(s): linux-ec2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26623
 
Oval ID: oval:org.mitre.oval:def:26623
Title: USN-2357-1 -- linux-ti-omap4 vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2357-1
CVE-2014-3601
CVE-2014-5471
CVE-2014-5472
Version: 3
Platform(s): Ubuntu 12.04
Product(s): linux-ti-omap4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26630
 
Oval ID: oval:org.mitre.oval:def:26630
Title: USN-2358-1 -- linux-lts-trusty vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2358-1
CVE-2014-3601
CVE-2014-5077
CVE-2014-5471
CVE-2014-5472
Version: 3
Platform(s): Ubuntu 12.04
Product(s): linux-lts-trusty
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26732
 
Oval ID: oval:org.mitre.oval:def:26732
Title: USN-2334-1 -- linux vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2334-1
CVE-2014-3917
CVE-2014-4027
CVE-2014-4171
CVE-2014-4508
CVE-2014-4652
CVE-2014-4653
CVE-2014-4654
CVE-2014-4655
CVE-2014-4656
CVE-2014-4667
CVE-2014-5077
Version: 3
Platform(s): Ubuntu 12.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26736
 
Oval ID: oval:org.mitre.oval:def:26736
Title: USN-2359-1 -- linux vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2359-1
CVE-2014-3601
CVE-2014-5077
CVE-2014-5471
CVE-2014-5472
Version: 3
Platform(s): Ubuntu 14.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26751
 
Oval ID: oval:org.mitre.oval:def:26751
Title: USN-2332-1 -- linux vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2332-1
CVE-2014-0203
CVE-2014-4508
CVE-2014-4652
CVE-2014-4653
CVE-2014-4654
CVE-2014-4655
CVE-2014-4656
CVE-2014-4667
CVE-2014-5077
Version: 3
Platform(s): Ubuntu 10.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26779
 
Oval ID: oval:org.mitre.oval:def:26779
Title: USN-2356-1 -- linux vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2356-1
CVE-2014-3601
CVE-2014-5471
CVE-2014-5472
Version: 3
Platform(s): Ubuntu 12.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26905
 
Oval ID: oval:org.mitre.oval:def:26905
Title: ELSA-2014-1281 -- kernel security and bug fix update (Moderate)
Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * An out-of-bounds memory access flaw was found in the Linux kernel's system call auditing implementation. On a system with existing audit rules defined, a local, unprivileged user could use this flaw to leak kernel memory to user space or, potentially, crash the system. (CVE-2014-3917, Moderate) This update also fixes the following bugs: * A bug in the mtip32xx driver could prevent the Micron P420m PCIe SSD devices with unaligned I/O access from completing the submitted I/O requests. This resulted in a livelock situation and rendered the Micron P420m PCIe SSD devices unusable. To fix this problem, mtip32xx now checks whether an I/O access is unaligned and if so, it uses the correct semaphore. (BZ#1125776) * A series of patches has been backported to improve the functionality of a touch pad on the latest Lenovo laptops in Red Hat Enterprise Linux 7. (BZ#1122559) * Due to a bug in the bnx2x driver, a network adapter could be unable to recover from EEH error injection. The network adapter had to be taken offline and rebooted in order to function properly again. With this update, the bnx2x driver has been corrected and network adapters now recover from EEH errors as expected. (BZ#1107722) * Previously, if an hrtimer interrupt was delayed, all future pending hrtimer events that were queued on the same processor were also delayed until the initial hrtimer event was handled. This could cause all hrtimer processing to stop for a significant period of time. To prevent this problem, the kernel has been modified to handle all expired hrtimer events when handling the initially delayed hrtimer event. (BZ#1113175) * A previous change to the nouveau driver introduced a bit shift error, which resulted in a wrong display resolution being set with some models of NVIDIA controllers. With this update, the erroneous code has been corrected, and the affected NVIDIA controllers can now set the correct display resolution. (BZ#1114869) * Due to a NULL pointer dereference bug in the be2net driver, the system could experience a kernel oops and reboot when disabling a network adapter after a permanent failure. This problem has been fixed by introducing a flag to keep track of the setup state. The failing adapter can now be disabled successfully without a kernel crash. (BZ#1122558) * Previously, the Huge Translation Lookaside Buffer (HugeTLB) allowed access to huge pages access by default. However, huge pages may be unsupported in some environments, such as a KVM guest on a PowerPC architecture, and an attempt to access a huge page in memory would result in a kernel oops. This update ensures that HugeTLB denies access to huge pages if the huge pages are not supported on the system. (BZ#1122115) * If an NVMe device becomes ready but fails to create I/O queues, the nvme driver creates a character device handle to manage such a device. Previously, a character device could be created before a device reference counter was initialized, which resulted in a kernel oops. This problem has been fixed by calling the relevant initialization function earlier in the code. (BZ#1119720) * On some firmware versions of the BladeEngine 3 (BE3) controller, interrupts remain disabled after a hardware reset. This was a problem for all Emulex-based network adapters using such a BE3 controller because these adapters would fail to recover from an EEH error if it occurred. To resolve this problem, the be2net driver has been modified to enable the interrupts in the eeh_resume handler explicitly. (BZ#1121712) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
Family: unix Class: patch
Reference(s): ELSA-2014-1281
CVE-2014-3917
CVE-2014-4943
CVE-2014-3534
Version: 3
Platform(s): Oracle Linux 7
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27086
 
Oval ID: oval:org.mitre.oval:def:27086
Title: RHSA-2014:1392: kernel security, bug fix, and enhancement update (Important)
Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system. (CVE-2014-5077, Important) * An integer overflow flaw was found in the way the Linux kernel's Frame Buffer device implementation mapped kernel memory to user space via the mmap syscall. A local user able to access a frame buffer device file (/dev/fb*) could possibly use this flaw to escalate their privileges on the system. (CVE-2013-2596, Important) * A flaw was found in the way the ipc_rcu_putref() function in the Linux kernel's IPC implementation handled reference counter decrementing. A local, unprivileged user could use this flaw to trigger an Out of Memory (OOM) condition and, potentially, crash the system. (CVE-2013-4483, Moderate) * It was found that the permission checks performed by the Linux kernel when a netlink message was received were not sufficient. A local, unprivileged user could potentially bypass these restrictions by passing a netlink socket as stdout or stderr to a more privileged process and altering the output of this process. (CVE-2014-0181, Moderate) * It was found that the try_to_unmap_cluster() function in the Linux kernel's Memory Managment subsystem did not properly handle page locking in certain cases, which could potentially trigger the BUG_ON() macro in the mlock_vma_page() function. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-3122, Moderate) * A flaw was found in the way the Linux kernel's kvm_iommu_map_pages() function handled IOMMU mapping failures. A privileged user in a guest with an assigned host device could use this flaw to crash the host. (CVE-2014-3601, Moderate) * Multiple use-after-free flaws were found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use either of these flaws to crash the system. (CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, Moderate) * A flaw was found in the way the Linux kernel's VFS subsystem handled reference counting when performing unmount operations on symbolic links. A local, unprivileged user could use this flaw to exhaust all available memory on the system or, potentially, trigger a use-after-free error, resulting in a system crash or privilege escalation. (CVE-2014-5045, Moderate) * An integer overflow flaw was found in the way the lzo1x_decompress_safe() function of the Linux kernel's LZO implementation processed Literal Runs. A local attacker could, in extremely rare cases, use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-4608, Low) Red Hat would like to thank Vladimir Davydov of Parallels for reporting CVE-2013-4483, Jack Morgenstein of Mellanox for reporting CVE-2014-3601, Vasily Averin of Parallels for reporting CVE-2014-5045, and Don A. Bailey from Lab Mouse Security for reporting CVE-2014-4608. The security impact of the CVE-2014-3601 issue was discovered by Michael Tsirkin of Red Hat. This update also fixes several hundred bugs and adds numerous enhancements. Refer to the Red Hat Enterprise Linux 6.6 Release Notes for information on the most significant of these changes, and the Technical Notes for further information, both linked to in the References. All Red Hat Enterprise Linux 6 users are advised to install these updated packages, which correct these issues, and fix the bugs and add the enhancements noted in the Red Hat Enterprise Linux 6.6 Release Notes and Technical Notes. The system must be rebooted for this update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:1392-01
CVE-2013-2596
CVE-2013-4483
CVE-2014-0181
CVE-2014-3122
CVE-2014-3601
CVE-2014-4608
CVE-2014-4653
CVE-2014-4654
CVE-2014-4655
CVE-2014-5045
CVE-2014-5077
CESA-2014:1392
Version: 5
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27155
 
Oval ID: oval:org.mitre.oval:def:27155
Title: USN-2374-1 -- linux vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2374-1
CVE-2014-3184
CVE-2014-3185
CVE-2014-6410
Version: 3
Platform(s): Ubuntu 10.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27182
 
Oval ID: oval:org.mitre.oval:def:27182
Title: USN-2375-1 -- linux-ec2 vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2375-1
CVE-2014-3184
CVE-2014-3185
CVE-2014-6410
Version: 3
Platform(s): Ubuntu 10.04
Product(s): linux-ec2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27236
 
Oval ID: oval:org.mitre.oval:def:27236
Title: ELSA-2014-3084 -- Unbreakable Enterprise kernel Security update (important)
Description: kernel-uek [3.8.13-44.1.4.el7uek] - USB: whiteheat: Added bounds checking for bulk command response (James Forshaw) [Orabug: 19849334] {CVE-2014-3185} - HID: fix a couple of off-by-ones (Jiri Kosina) [Orabug: 19849317] {CVE-2014-3181} - kvm: vmx: handle invvpid vm exit gracefully (Petr Matousek) [Orabug: 19906300] {CVE-2014-3646} - nEPT: Nested INVEPT (Nadav Har'El) [Orabug: 19906267] {CVE-2014-3645} - KVM: x86: Improve thread safety in pit (Andy Honig) [Orabug: 19905686] {CVE-2014-3611}
Family: unix Class: patch
Reference(s): ELSA-2014-3084
CVE-2014-3611
CVE-2014-3645
CVE-2014-3646
CVE-2014-3185
CVE-2014-3181
Version: 5
Platform(s): Oracle Linux 6
Product(s): dtrace-modules
kernel-uek
kernel-uek-debug
kernel-uek-debug-devel
kernel-uek-devel
kernel-uek-doc
kernel-uek-firmware
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27243
 
Oval ID: oval:org.mitre.oval:def:27243
Title: ELSA-2014-3085 -- Unbreakable Enterprise kernel Security update (important)
Description: [2.6.39-400.215.12] - USB: whiteheat: Added bounds checking for bulk command response (James Forshaw) [Orabug: 19849335] {CVE-2014-3185} - HID: fix a couple of off-by-ones (Jiri Kosina) [Orabug: 19849318] {CVE-2014-3181} - KVM: x86: Improve thread safety in pit (Andy Honig) [Orabug: 19905687] {CVE-2014-3611}
Family: unix Class: patch
Reference(s): ELSA-2014-3085
CVE-2014-3611
CVE-2014-3185
CVE-2014-3181
Version: 3
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): kernel-uek
kernel-uek-debug
kernel-uek-debug-devel
kernel-uek-devel
kernel-uek-doc
kernel-uek-firmware
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27522
 
Oval ID: oval:org.mitre.oval:def:27522
Title: ELSA-2014-1843 -- kernel security and bug fix update (important)
Description: [2.6.32-504.1.3] - Revert: [net] revert 'bridge: Set vlan_features to allow offloads on vlans' (Vlad Yasevich) [1144442 1121991] [2.6.32-504.1.2] - [x86] kvm: fix PIT timer race condition (mguzik) [1149592 1149593] {CVE-2014-3611} - [x86] kvm: vmx: handle invept and invvpid vm exits gracefull (mguzik) [1144826 1144837 1144827 1144838] {CVE-2014-3646 CVE-2014-3645} [2.6.32-504.1.1] - [fs] call d_op->d_hash on last component of umount path (Abhijith Das) [1145193 1129712] - [usb] serial: memory corruption flaw (Jacob Tanenbaum) [1141401 1141402] {CVE-2014-3185} - [char] ipmi: Clear drvdata when interface is removed (Tony Camuso) [1149578 1135910] - [char] ipmi: init shadow_ipmi_smi_handlers early in ipmi_si_intf (Tony Camuso) [1149580 1139464] - [net] ipsec: update MAX_AH_AUTH_LEN to support sha512 (Herbert Xu) [1149083 1140103] - [net] revert 'bridge: Set vlan_features to allow offloads on vlans' (Vlad Yasevich) [1144442 1121991] - [netdrv] virtio-net: fix big buffer receiving (Jason Wang) [1148693 1144073] - [netdrv] tg3: prevent ifup/ifdown during PCI error recovery (Ivan Vecera) [1142570 1117009]
Family: unix Class: patch
Reference(s): ELSA-2014-1843
CVE-2014-3611
CVE-2014-3645
CVE-2014-3646
CVE-2014-3185
Version: 3
Platform(s): Oracle Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27543
 
Oval ID: oval:org.mitre.oval:def:27543
Title: USN-2415-1 -- Linux kernel vulnerability
Description: Andy Lutomirski discovered that the Linux kernel was not checking the CAP_SYS_ADMIN when remounting filesystems to read-only. A local user could exploit this flaw to cause a denial of service (loss of writability).
Family: unix Class: patch
Reference(s): USN-2415-1
CVE-2014-7975
Version: 3
Platform(s): Ubuntu 10.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27668
 
Oval ID: oval:org.mitre.oval:def:27668
Title: ELSA-2014-3105 -- Unbreakable Enterprise kernel security update (important)
Description: kernel-uek [2.6.32-400.36.12] - HID: fix a couple of off-by-ones (Jiri Kosina) [Orabug: 19849320] {CVE-2014-3184} - ALSA: control: Protect user controls against concurrent access (Lars-Peter Clausen) [Orabug: 20192545] {CVE-2014-4652} - udf: Avoid infinite loop when processing indirect ICBs (Jan Kara) [Orabug: 20192451] {CVE-2014-6410} - ALSA: control: Make sure that id->index does not overflow (Lars-Peter Clausen) [Orabug: 20192420] {CVE-2014-4656} - ALSA: control: Handle numid overflow (Lars-Peter Clausen) [Orabug: 20192379] {CVE-2014-4656} - net: sctp: fix remote memory pressure from excessive queueing (Daniel Borkmann) [Orabug: 20192060] {CVE-2014-3688}
Family: unix Class: patch
Reference(s): ELSA-2014-3105
CVE-2014-3184
CVE-2014-3688
CVE-2014-4652
CVE-2014-4656
CVE-2014-6410
Version: 5
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): kernel-uek
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27719
 
Oval ID: oval:org.mitre.oval:def:27719
Title: SUSE-SU-2014:1316-1 -- Security update for Linux kernel (important)
Description: The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1316-1
CVE-2013-1979
CVE-2014-1739
CVE-2014-2706
CVE-2014-4027
CVE-2014-4171
CVE-2014-4508
CVE-2014-4667
CVE-2014-4943
CVE-2014-5077
CVE-2014-5471
CVE-2014-5472
CVE-2014-3153
CVE-2014-6410
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): Linux kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27756
 
Oval ID: oval:org.mitre.oval:def:27756
Title: USN-2418-1 -- Linux kernel (OMAP4) vulnerabilities
Description: Nadav Amit reported that the KVM (Kernel Virtual Machine) mishandles noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3647">CVE-2014-3647</a>) A flaw was discovered with the handling of the invept instruction in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. An unprivileged guest user could exploit this flaw to cause a denial of service (system crash) on the guest. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3646">CVE-2014-3646</a>) A flaw was discovered with invept instruction support when using nested EPT in the KVM (Kernel Virtual Machine). An unprivileged guest user could exploit this flaw to cause a denial of service (system crash) on the guest. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3645">CVE-2014-3645</a>) Lars Bull reported a race condition in the PIT (programmable interrupt timer) emulation in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. A local guest user with access to PIT i/o ports could exploit this flaw to cause a denial of service (crash) on the host. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3611">CVE-2014-3611</a>) Lars Bull and Nadav Amit reported a flaw in how KVM (the Kernel Virtual Machine) handles noncanonical writes to certain MSR registers. A privileged guest user can exploit this flaw to cause a denial of service (kernel panic) on the host. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3610">CVE-2014-3610</a>) A flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (system crash). (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3673">CVE-2014-3673</a>) A flaw in the handling of duplicate ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (panic). (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3687">CVE-2014-3687</a>) It was discovered that excessive queuing by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel can cause memory pressure. A remote attacker could exploit this flaw to cause a denial of service. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3688">CVE-2014-3688</a>) A flaw was discovered in how the Linux kernel&#39;s KVM (Kernel Virtual Machine) subsystem handles the CR4 control register at VM entry on Intel processors. A local host OS user can exploit this to cause a denial of service (kill arbitrary processes, or system disruption) by leveraging /dev/kvm access. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3690">CVE-2014-3690</a>) Don Bailey discovered a flaw in the LZO decompress algorithm used by the Linux kernel. An attacker could exploit this flaw to cause a denial of service (memory corruption or OOPS). (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-4608">CVE-2014-4608</a>) It was discovered the Linux kernel&#39;s implementation of IPv6 did not properly validate arguments in the ipv6_select_ident function. A local user could exploit this flaw to cause a denial of service (system crash) by leveraging tun or macvtap device access. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-7207">CVE-2014-7207</a>) Andy Lutomirski discovered that the Linux kernel was not checking the CAP_SYS_ADMIN when remounting filesystems to read-only. A local user could exploit this flaw to cause a denial of service (loss of writability). (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-7975">CVE-2014-7975</a>)
Family: unix Class: patch
Reference(s): USN-2418-1
CVE-2014-3647
CVE-2014-3646
CVE-2014-3645
CVE-2014-3611
CVE-2014-3610
CVE-2014-3673
CVE-2014-3687
CVE-2014-3688
CVE-2014-3690
CVE-2014-4608
CVE-2014-7207
CVE-2014-7975
Version: 3
Platform(s): Ubuntu 12.04
Product(s): linux-ti-omap4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28026
 
Oval ID: oval:org.mitre.oval:def:28026
Title: USN-2419-1 -- Linux kernel (Trusty HWE) vulnerabilities
Description: A flaw was discovered in how the Linux kernel&#39;s KVM (Kernel Virtual Machine) subsystem handles the CR4 control register at VM entry on Intel processors. A local host OS user can exploit this to cause a denial of service (kill arbitrary processes, or system disruption) by leveraging /dev/kvm access. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3690">CVE-2014-3690</a>) Don Bailey discovered a flaw in the LZO decompress algorithm used by the Linux kernel. An attacker could exploit this flaw to cause a denial of service (memory corruption or OOPS). (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-4608">CVE-2014-4608</a>) Andy Lutomirski discovered a flaw in how the Linux kernel handles pivot_root when used with a chroot directory. A local user could exploit this flaw to cause a denial of service (mount-tree loop). (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-7970">CVE-2014-7970</a>) Andy Lutomirski discovered that the Linux kernel was not checking the CAP_SYS_ADMIN when remounting filesystems to read-only. A local user could exploit this flaw to cause a denial of service (loss of writability). (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-7975">CVE-2014-7975</a>)
Family: unix Class: patch
Reference(s): USN-2419-1
CVE-2014-3690
CVE-2014-4608
CVE-2014-7970
CVE-2014-7975
Version: 3
Platform(s): Ubuntu 12.04
Product(s): linux-lts-trusty
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28090
 
Oval ID: oval:org.mitre.oval:def:28090
Title: RHSA-2014:1724 -- kernel security and bug fix update (Important)
Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * A race condition flaw was found in the way the Linux kernel&#39;s KVM subsystem handled PIT (Programmable Interval Timer) emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host. (CVE-2014-3611, Important) * A NULL pointer dereference flaw was found in the way the Linux kernel&#39;s Stream Control Transmission Protocol (SCTP) implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system. (CVE-2014-5077, Important) * It was found that the Linux kernel&#39;s KVM subsystem did not handle the VM exits gracefully for the invept (Invalidate Translations Derived from EPT) and invvpid (Invalidate Translations Based on VPID) instructions. On hosts with an Intel processor and invept/invppid VM exit support, an unprivileged guest user could use these instructions to crash the guest. (CVE-2014-3645, CVE-2014-3646, Moderate) * A use-after-free flaw was found in the way the Linux kernel&#39;s Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use this flaw to crash the system. (CVE-2014-4653, Moderate) Red Hat would like to thank Lars Bull of Google for reporting CVE-2014-3611, and the Advanced Threat Research team at Intel Security for reporting CVE-2014-3645 and CVE-2014-3646. Bug fixes: * A known issue that could prevent Chelsio adapters using the cxgb4 driver from being initialized on IBM POWER8 systems has been fixed. These adapters can now be used on IBM POWER8 systems as expected. (BZ#1130548) * When bringing a hot-added CPU online, the kernel did not initialize a CPU mask properly, which could result in a kernel panic. This update corrects the bug by ensuring that the CPU mask is properly initialized and the correct NUMA node selected. (BZ#1134715) * The kernel could fail to bring a CPU online if the hardware supported both, the acpi-cpufreq and intel_pstate modules. This update ensures that the acpi-cpufreq module is not loaded in the intel_pstate module is loaded. (BZ#1134716) * Due to a bug in the time accounting of the kernel scheduler, a divide error could occur when hot adding a CPU. To fix this problem, the kernel scheduler time accounting has been reworked. (BZ#1134717) * The kernel did not handle exceptions caused by an invalid floating point control (FPC) register, resulting in a kernel oops. This problem has been fixed by placing the label to handle these exceptions to the correct place in the code. (BZ#1138733) * A previous change to the kernel for the PowerPC architecture changed implementation of the compat_sys_sendfile() function. Consequently, the 64-bit sendfile() system call stopped working for files larger than 2 GB on PowerPC. This update restores previous behavior of sendfile() on PowerPC, and it again process files bigger than 2 GB as expected. (BZ#1139126) * Previously, the kernel scheduler could schedule a CPU topology update even though the topology did not change. This could negatively affect the CPU load balancing, cause degradation of the system performance, and eventually result in a kernel oops. This problem has been fixed by skipping the CPU topology update if the topology has not actually changed. (BZ#1140300) * Previously, recovery of a double-degraded RAID6 array could, under certain circumstances, result in data corruption. This could happen because the md driver was using an optimization that is safe to use only for single-degraded arrays. This update ensures that this optimization is skipped during the recovery of double-degraded RAID6 arrays. (BZ#1143850) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:1724
CESA-2014:1724
CVE-2014-3611
CVE-2014-3645
CVE-2014-3646
CVE-2014-4653
CVE-2014-5077
Version: 3
Platform(s): Red Hat Enterprise Linux 7
CentOS Linux 7
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28126
 
Oval ID: oval:org.mitre.oval:def:28126
Title: SUSE-SU-2014:1319-1 -- Security update for Linux kernel (important)
Description: The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1319-1
CVE-2013-1979
CVE-2014-1739
CVE-2014-2706
CVE-2014-4027
CVE-2014-4171
CVE-2014-4508
CVE-2014-4667
CVE-2014-4943
CVE-2014-5077
CVE-2014-5471
CVE-2014-5472
CVE-2014-3153
CVE-2014-6410
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): Linux kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28298
 
Oval ID: oval:org.mitre.oval:def:28298
Title: USN-2421-1 -- Linux kernel vulnerabilities
Description: A flaw was discovered in how the Linux kernel&#39;s KVM (Kernel Virtual Machine) subsystem handles the CR4 control register at VM entry on Intel processors. A local host OS user can exploit this to cause a denial of service (kill arbitrary processes, or system disruption) by leveraging /dev/kvm access. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3690">CVE-2014-3690</a>) Don Bailey discovered a flaw in the LZO decompress algorithm used by the Linux kernel. An attacker could exploit this flaw to cause a denial of service (memory corruption or OOPS). (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-4608">CVE-2014-4608</a>) Andy Lutomirski discovered that the Linux kernel was not checking the CAP_SYS_ADMIN when remounting filesystems to read-only. A local user could exploit this flaw to cause a denial of service (loss of writability). (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-7975">CVE-2014-7975</a>)
Family: unix Class: patch
Reference(s): USN-2421-1
CVE-2014-3690
CVE-2014-4608
CVE-2014-7975
Version: 5
Platform(s): Ubuntu 14.10
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28305
 
Oval ID: oval:org.mitre.oval:def:28305
Title: ELSA-2014-3103 -- Unbreakable Enterprise kernel security update (important)
Description: kernel-uek [3.8.13-55.1.1] - ALSA: control: Protect user controls against concurrent access (Lars-Peter Clausen) [Orabug: 20192540] {CVE-2014-4652} - target/rd: Refactor rd_build_device_space + rd_release_device_space (Nicholas Bellinger) [Orabug: 20192516] {CVE-2014-4027} - HID: logitech: perform bounds checking on device_id early enough (Jiri Kosina) [Orabug: 20192477] {CVE-2014-3182} - udf: Avoid infinite loop when processing indirect ICBs (Jan Kara) [Orabug: 20192448] {CVE-2014-6410} - ALSA: control: Make sure that id->index does not overflow (Lars-Peter Clausen) [Orabug: 20192416] {CVE-2014-4656} - ALSA: control: Handle numid overflow (Lars-Peter Clausen) [Orabug: 20192367] {CVE-2014-4656} - HID: picolcd: sanity check report size in raw_event() callback (Jiri Kosina) [Orabug: 20192208] {CVE-2014-3186} - net: sctp: fix remote memory pressure from excessive queueing (Daniel Borkmann) [Orabug: 20192058] {CVE-2014-3688}
Family: unix Class: patch
Reference(s): ELSA-2014-3103
CVE-2014-3182
CVE-2014-3186
CVE-2014-3688
CVE-2014-4027
CVE-2014-4652
CVE-2014-4656
CVE-2014-6410
Version: 5
Platform(s): Oracle Linux 6
Oracle Linux 7
Product(s): kernel-uek
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28348
 
Oval ID: oval:org.mitre.oval:def:28348
Title: USN-2416-1 -- Linux kernel (EC2) vulnerabilities
Description: Don Bailey discovered a flaw in the LZO decompress algorithm used by the Linux kernel. An attacker could exploit this flaw to cause a denial of service (memory corruption or OOPS). (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-4608">CVE-2014-4608</a>) Andy Lutomirski discovered that the Linux kernel was not checking the CAP_SYS_ADMIN when remounting filesystems to read-only. A local user could exploit this flaw to cause a denial of service (loss of writability). (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-7975">CVE-2014-7975</a>)
Family: unix Class: patch
Reference(s): USN-2416-1
CVE-2014-4608
CVE-2014-7975
Version: 3
Platform(s): Ubuntu 10.04
Product(s): linux-ec2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28399
 
Oval ID: oval:org.mitre.oval:def:28399
Title: RHSA-2014:1971 -- kernel security and bug fix update (Important)
Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel&#39;s SCTP implementation handled malformed or duplicate Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system. (CVE-2014-3673, CVE-2014-3687, Important) * A flaw was found in the way the Linux kernel&#39;s SCTP implementation handled the association&#39;s output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service. (CVE-2014-3688, Important) * Two flaws were found in the way the Apple Magic Mouse/Trackpad multi-touch driver and the Minibox PicoLCD driver handled invalid HID reports. An attacker with physical access to the system could use these flaws to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-3181, CVE-2014-3186, Moderate) * A memory corruption flaw was found in the way the USB ConnectTech WhiteHEAT serial driver processed completion commands sent via USB Request Blocks buffers. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-3185, Moderate) * A flaw was found in the way the Linux kernel&#39;s keys subsystem handled the termination condition in the associative array garbage collection functionality. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-3631, Moderate) * Multiple flaws were found in the way the Linux kernel&#39;s ALSA implementation handled user controls. A local, privileged user could use either of these flaws to crash the system. (CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, Moderate) * A flaw was found in the way the Linux kernel&#39;s VFS subsystem handled reference counting when performing unmount operations on symbolic links. A local, unprivileged user could use this flaw to exhaust all available memory on the system or, potentially, trigger a use-after-free error, resulting in a system crash or privilege escalation. (CVE-2014-5045, Moderate) * A flaw was found in the way the get_dumpable() function return value was interpreted in the ptrace subsystem of the Linux kernel. When &#39;fs.suid_dumpable&#39; was set to 2, a local, unprivileged local user could use this flaw to bypass intended ptrace restrictions and obtain potentially sensitive information. (CVE-2013-2929, Low) * A stack overflow flaw caused by infinite recursion was found in the way the Linux kernel&#39;s UDF file system implementation processed indirect ICBs. An attacker with physical access to the system could use a specially crafted UDF image to crash the system. (CVE-2014-6410, Low) * An information leak flaw in the way the Linux kernel handled media device enumerate entities IOCTL requests could allow a local user able to access the /dev/media0 device file to leak kernel memory bytes. (CVE-2014-1739, Low) * An out-of-bounds read flaw in the Logitech Unifying receiver driver could allow an attacker with physical access to the system to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-3182, Low) * Multiple out-of-bounds write flaws were found in the way the Cherry Cymotion keyboard driver, KYE/Genius device drivers, Logitech device drivers, Monterey Genius KB29E keyboard driver, Petalynx Maxter remote control driver, and Sunplus wireless desktop driver handled invalid HID reports. An attacker with physical access to the system could use either of these flaws to write data past an allocated memory buffer. (CVE-2014-3184, Low) * An information leak flaw was found in the RAM Disks Memory Copy (rd_mcp) back end driver of the iSCSI Target subsystem could allow a privileged user to leak the contents of kernel memory to an iSCSI initiator remote client. (CVE-2014-4027, Low) * An information leak flaw in the Linux kernel&#39;s ALSA implementation could allow a local, privileged user to leak kernel memory to user space. (CVE-2014-4652, Low)
Family: unix Class: patch
Reference(s): RHSA-2014:1971
CESA-2014:1971
CVE-2013-2929
CVE-2014-1739
CVE-2014-3181
CVE-2014-3182
CVE-2014-3184
CVE-2014-3185
CVE-2014-3186
CVE-2014-3631
CVE-2014-3673
CVE-2014-3687
CVE-2014-3688
CVE-2014-4027
CVE-2014-4652
CVE-2014-4654
CVE-2014-4655
CVE-2014-4656
CVE-2014-5045
CVE-2014-6410
Version: 3
Platform(s): Red Hat Enterprise Linux 7
CentOS Linux 7
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28418
 
Oval ID: oval:org.mitre.oval:def:28418
Title: ELSA-2014-1971 -- kernel security and bug fix update (important)
Description: [3.10.0-123.13.1] - Oracle Linux certificates (Alexey Petrenko) [3.10.0-123.13.1] - [powerpc] mm: Make sure a local_irq_disable prevent a parallel THP split (Don Zickus) [1151057 1083296] - [powerpc] Implement __get_user_pages_fast() (Don Zickus) [1151057 1083296] - [scsi] vmw_pvscsi: Some improvements in pvscsi driver (Ewan Milne) [1144016 1075090] - [scsi] vmw_pvscsi: Add support for I/O requests coalescing (Ewan Milne) [1144016 1075090] - [scsi] vmw_pvscsi: Fix pvscsi_abort() function (Ewan Milne) [1144016 1075090] [3.10.0-123.12.1] - [alsa] control: Make sure that id->index does not overflow (Jaroslav Kysela) [1117313 1117314] {CVE-2014-4656} - [alsa] control: Handle numid overflow (Jaroslav Kysela) [1117313 1117314] {CVE-2014-4656} - [alsa] control: Protect user controls against concurrent access (Jaroslav Kysela) [1117338 1117339] {CVE-2014-4652} - [alsa] control: Fix replacing user controls (Jaroslav Kysela) [1117323 1117324] {CVE-2014-4654 CVE-2014-4655} - [net] sctp: fix remote memory pressure from excessive queueing (Daniel Borkmann) [1155750 1152755] {CVE-2014-3688} - [net] sctp: fix panic on duplicate ASCONF chunks (Daniel Borkmann) [1155737 1152755] {CVE-2014-3687} - [net] sctp: fix skb_over_panic when receiving malformed ASCONF chunks (Daniel Borkmann) [1147856 1152755] {CVE-2014-3673} - [net] sctp: handle association restarts when the socket is closed (Daniel Borkmann) [1147856 1152755] [1155737 1152755] [1155750 1152755] - [pci] Add ACS quirk for Intel 10G NICs (Alex Williamson) [1156447 1141399] - [pci] Add ACS quirk for Solarflare SFC9120 & SFC9140 (Alex Williamson) [1158316 1131552] - [lib] assoc_array: Fix termination condition in assoc array garbage collection (David Howells) [1155136 1139431] {CVE-2014-3631} - [block] cfq-iosched: Add comments on update timing of weight (Vivek Goyal) [1152874 1116126] - [block] cfq-iosched: Fix wrong children_weight calculation (Vivek Goyal) [1152874 1116126] - [powerpc] mm: Check paca psize is up to date for huge mappings (Gustavo Duarte) [1151927 1107337] - [x86] perf/intel: ignore CondChgd bit to avoid false NMI handling (Don Zickus) [1146819 1110264] - [x86] smpboot: initialize secondary CPU only if master CPU will wait for it (Phillip Lougher) [1144295 968147] - [x86] smpboot: Log error on secondary CPU wakeup failure at ERR level (Igor Mammedov) [1144295 968147] - [x86] smpboot: Fix list/memory corruption on CPU hotplug (Igor Mammedov) [1144295 968147] - [acpi] processor: do not mark present at boot but not onlined CPU as onlined (Igor Mammedov) [1144295 968147] - [fs] udf: Avoid infinite loop when processing indirect ICBs (Jacob Tanenbaum) [1142321 1142322] {CVE-2014-6410} - [hid] picolcd: fix memory corruption via OOB write (Jacob Tanenbaum) [1141408 1141409] {CVE-2014-3186} - [usb] serial/whiteheat: fix memory corruption flaw (Jacob Tanenbaum) [1141403 1141404] {CVE-2014-3185} - [hid] fix off by one error in various _report_fixup routines (Jacob Tanenbaum) [1141393 1141394] {CVE-2014-3184} - [hid] logitech-dj: fix OOB array access (Jacob Tanenbaum) [1141211 1141212] {CVE-2014-3182} - [hid] fix OOB write in magicmouse driver (Jacob Tanenbaum) [1141176 1141177] {CVE-2014-3181} - [acpi] Fix bug when ACPI reset register is implemented in system memory (Nigel Croxon) [1136525 1109971] - [fs] vfs: fix ref count leak in path_mountpoint() (Ian Kent) [1122481 1122376] {CVE-2014-5045} - [kernel] ptrace: get_dumpable() incorrect tests (Jacob Tanenbaum) [1111605 1111606] {CVE-2013-2929} - [media] media-device: fix an information leakage (Jacob Tanenbaum) [1109776 1109777] {CVE-2014-1739} - [target] rd: Refactor rd_build_device_space + rd_release_device_space (Denys Vlasenko) [1108754 1108755] {CVE-2014-4027} - [block] blkcg: fix use-after-free in __blkg_release_rcu() by making blkcg_gq refcnt an atomic_t (Vivek Goyal) [1158313 1118436] - [virt] kvm: fix PIT timer race condition (Petr Matousek) [1144879 1144880] {CVE-2014-3611} - [virt] kvm/vmx: handle invept and invvpid vm exits gracefully (Petr Matousek) [1145449 1116936] [1144828 1144829] {CVE-2014-3645 CVE-2014-3646} [3.10.0-123.11.1] - [net] fix UDP tunnel GSO of frag_list GRO packets (Phillip Lougher) [1149661 1119392] [3.10.0-123.10.1] - [pci] hotplug: Prevent NULL dereference during pciehp probe (Myron Stowe) [1142393 1133107] - [kernel] workqueue: apply __WQ_ORDERED to create_singlethread_workqueue() (Tomas Henzl) [1151314 1131563]
Family: unix Class: patch
Reference(s): ELSA-2014-1971
CVE-2013-2929
CVE-2014-4654
CVE-2014-4655
CVE-2014-5045
CVE-2014-3185
CVE-2014-3181
CVE-2014-3687
CVE-2014-3673
CVE-2014-3184
CVE-2014-1739
CVE-2014-3182
CVE-2014-3186
CVE-2014-3631
CVE-2014-3688
CVE-2014-4027
CVE-2014-4652
CVE-2014-4656
CVE-2014-6410
Version: 3
Platform(s): Oracle Linux 7
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28423
 
Oval ID: oval:org.mitre.oval:def:28423
Title: USN-2417-1 -- Linux kernel vulnerabilities
Description: Nadav Amit reported that the KVM (Kernel Virtual Machine) mishandles noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3647">CVE-2014-3647</a>) A flaw was discovered with the handling of the invept instruction in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. An unprivileged guest user could exploit this flaw to cause a denial of service (system crash) on the guest. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3646">CVE-2014-3646</a>) A flaw was discovered with invept instruction support when using nested EPT in the KVM (Kernel Virtual Machine). An unprivileged guest user could exploit this flaw to cause a denial of service (system crash) on the guest. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3645">CVE-2014-3645</a>) Lars Bull reported a race condition in the PIT (programmable interrupt timer) emulation in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. A local guest user with access to PIT i/o ports could exploit this flaw to cause a denial of service (crash) on the host. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3611">CVE-2014-3611</a>) Lars Bull and Nadav Amit reported a flaw in how KVM (the Kernel Virtual Machine) handles noncanonical writes to certain MSR registers. A privileged guest user can exploit this flaw to cause a denial of service (kernel panic) on the host. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3610">CVE-2014-3610</a>) A flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (system crash). (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3673">CVE-2014-3673</a>) A flaw in the handling of duplicate ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (panic). (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3687">CVE-2014-3687</a>) It was discovered that excessive queuing by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel can cause memory pressure. A remote attacker could exploit this flaw to cause a denial of service. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3688">CVE-2014-3688</a>) A flaw was discovered in how the Linux kernel&#39;s KVM (Kernel Virtual Machine) subsystem handles the CR4 control register at VM entry on Intel processors. A local host OS user can exploit this to cause a denial of service (kill arbitrary processes, or system disruption) by leveraging /dev/kvm access. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3690">CVE-2014-3690</a>) Don Bailey discovered a flaw in the LZO decompress algorithm used by the Linux kernel. An attacker could exploit this flaw to cause a denial of service (memory corruption or OOPS). (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-4608">CVE-2014-4608</a>) It was discovered the Linux kernel&#39;s implementation of IPv6 did not properly validate arguments in the ipv6_select_ident function. A local user could exploit this flaw to cause a denial of service (system crash) by leveraging tun or macvtap device access. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-7207">CVE-2014-7207</a>) Andy Lutomirski discovered that the Linux kernel was not checking the CAP_SYS_ADMIN when remounting filesystems to read-only. A local user could exploit this flaw to cause a denial of service (loss of writability). (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-7975">CVE-2014-7975</a>)
Family: unix Class: patch
Reference(s): USN-2417-1
CVE-2014-3647
CVE-2014-3646
CVE-2014-3645
CVE-2014-3611
CVE-2014-3610
CVE-2014-3673
CVE-2014-3687
CVE-2014-3688
CVE-2014-3690
CVE-2014-4608
CVE-2014-7207
CVE-2014-7975
Version: 3
Platform(s): Ubuntu 12.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28454
 
Oval ID: oval:org.mitre.oval:def:28454
Title: USN-2420-1 -- Linux kernel vulnerabilities
Description: A flaw was discovered in how the Linux kernel&#39;s KVM (Kernel Virtual Machine) subsystem handles the CR4 control register at VM entry on Intel processors. A local host OS user can exploit this to cause a denial of service (kill arbitrary processes, or system disruption) by leveraging /dev/kvm access. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3690">CVE-2014-3690</a>) Don Bailey discovered a flaw in the LZO decompress algorithm used by the Linux kernel. An attacker could exploit this flaw to cause a denial of service (memory corruption or OOPS). (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-4608">CVE-2014-4608</a>) Andy Lutomirski discovered a flaw in how the Linux kernel handles pivot_root when used with a chroot directory. A local user could exploit this flaw to cause a denial of service (mount-tree loop). (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-7970">CVE-2014-7970</a>) Andy Lutomirski discovered that the Linux kernel was not checking the CAP_SYS_ADMIN when remounting filesystems to read-only. A local user could exploit this flaw to cause a denial of service (loss of writability). (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-7975">CVE-2014-7975</a>)
Family: unix Class: patch
Reference(s): USN-2420-1
CVE-2014-3690
CVE-2014-4608
CVE-2014-7970
CVE-2014-7975
Version: 3
Platform(s): Ubuntu 14.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28482
 
Oval ID: oval:org.mitre.oval:def:28482
Title: ELSA-2014-3104 -- Unbreakable Enterprise kernel security update (important)
Description: [2.6.39-400.215.14] - HID: magicmouse: sanity check report size in raw_event() callback (Jiri Kosina) [Orabug: 19849355] {CVE-2014-3181} - ALSA: control: Protect user controls against concurrent access (Lars-Peter Clausen) [Orabug: 20192542] {CVE-2014-4652} - target/rd: Refactor rd_build_device_space + rd_release_device_space (Nicholas Bellinger) [Orabug: 20192517] {CVE-2014-4027} - media-device: fix infoleak in ioctl media_enum_entities() (Salva Peiro) [Orabug: 20192501] {CVE-2014-1739} {CVE-2014-1739} - udf: Avoid infinite loop when processing indirect ICBs (Jan Kara) [Orabug: 20192449] {CVE-2014-6410} - ALSA: control: Make sure that id->index does not overflow (Lars-Peter Clausen) [Orabug: 20192418] {CVE-2014-4656} - ALSA: control: Handle numid overflow (Lars-Peter Clausen) [Orabug: 20192376] {CVE-2014-465} - HID: picolcd: sanity check report size in raw_event() callback (Jiri Kosina) [Orabug: 20192205] {CVE-2014-3186} - net: sctp: fix remote memory pressure from excessive queueing (Daniel Borkmann) [Orabug: 20192059] {CVE-2014-3688}
Family: unix Class: patch
Reference(s): ELSA-2014-3104
CVE-2014-3181
CVE-2014-1739
CVE-2014-3186
CVE-2014-3688
CVE-2014-4027
CVE-2014-4652
CVE-2014-4656
CVE-2014-6410
Version: 3
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): kernel-uek
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Hardware 1
Os 6
Os 1
Os 2150
Os 1
Os 1
Os 1
Os 2
Os 1
Os 1
Os 1
Os 2
Os 1

Nessus® Vulnerability Scanner

Date Description
2017-10-27 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL74413297.nasl - Type : ACT_GATHER_INFO
2017-08-25 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2017-1842.nasl - Type : ACT_GATHER_INFO
2017-08-22 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20170801_kernel_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2017-08-09 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2017-1842.nasl - Type : ACT_GATHER_INFO
2017-08-03 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2017-1842.nasl - Type : ACT_GATHER_INFO
2017-08-03 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2017-2077.nasl - Type : ACT_GATHER_INFO
2017-04-03 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2017-0057.nasl - Type : ACT_GATHER_INFO
2016-06-20 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL41739114.nasl - Type : ACT_GATHER_INFO
2015-08-04 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20150722_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2015-07-30 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-1272.nasl - Type : ACT_GATHER_INFO
2015-07-28 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2015-1272.nasl - Type : ACT_GATHER_INFO
2015-07-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-1272.nasl - Type : ACT_GATHER_INFO
2015-06-18 Name : The remote Debian host is missing a security update.
File : debian_DLA-246.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-1105-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-1138-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0068-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0481-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0652-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0812-1.nasl - Type : ACT_GATHER_INFO
2015-04-15 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0803.nasl - Type : ACT_GATHER_INFO
2015-04-10 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2015-0040.nasl - Type : ACT_GATHER_INFO
2015-04-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0782.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-103.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-118.nasl - Type : ACT_GATHER_INFO
2015-03-20 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-3012.nasl - Type : ACT_GATHER_INFO
2015-03-18 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2015-0034.nasl - Type : ACT_GATHER_INFO
2015-03-18 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0695.nasl - Type : ACT_GATHER_INFO
2015-03-13 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2015-0674.nasl - Type : ACT_GATHER_INFO
2015-03-13 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-0290.nasl - Type : ACT_GATHER_INFO
2015-03-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-0674.nasl - Type : ACT_GATHER_INFO
2015-03-12 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0674.nasl - Type : ACT_GATHER_INFO
2015-03-05 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0284.nasl - Type : ACT_GATHER_INFO
2015-01-30 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2015-0102.nasl - Type : ACT_GATHER_INFO
2015-01-29 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-0102.nasl - Type : ACT_GATHER_INFO
2015-01-29 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0102.nasl - Type : ACT_GATHER_INFO
2015-01-29 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20150128_kernel_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2014-12-26 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-141202.nasl - Type : ACT_GATHER_INFO
2014-12-26 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-141217.nasl - Type : ACT_GATHER_INFO
2014-12-22 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-791.nasl - Type : ACT_GATHER_INFO
2014-12-22 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-793.nasl - Type : ACT_GATHER_INFO
2014-12-22 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3106.nasl - Type : ACT_GATHER_INFO
2014-12-22 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3107.nasl - Type : ACT_GATHER_INFO
2014-12-22 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3108.nasl - Type : ACT_GATHER_INFO
2014-12-18 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1997.nasl - Type : ACT_GATHER_INFO
2014-12-18 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20141216_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-12-17 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15912.nasl - Type : ACT_GATHER_INFO
2014-12-17 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1997.nasl - Type : ACT_GATHER_INFO
2014-12-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1997.nasl - Type : ACT_GATHER_INFO
2014-12-15 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1971.nasl - Type : ACT_GATHER_INFO
2014-12-15 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3103.nasl - Type : ACT_GATHER_INFO
2014-12-15 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3104.nasl - Type : ACT_GATHER_INFO
2014-12-15 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3105.nasl - Type : ACT_GATHER_INFO
2014-12-15 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20141209_kernel_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2014-12-10 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1971.nasl - Type : ACT_GATHER_INFO
2014-12-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1971.nasl - Type : ACT_GATHER_INFO
2014-12-05 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3096.nasl - Type : ACT_GATHER_INFO
2014-11-28 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-230.nasl - Type : ACT_GATHER_INFO
2014-11-25 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2415-1.nasl - Type : ACT_GATHER_INFO
2014-11-25 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2416-1.nasl - Type : ACT_GATHER_INFO
2014-11-25 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2417-1.nasl - Type : ACT_GATHER_INFO
2014-11-25 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2419-1.nasl - Type : ACT_GATHER_INFO
2014-11-25 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2420-1.nasl - Type : ACT_GATHER_INFO
2014-11-25 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2421-1.nasl - Type : ACT_GATHER_INFO
2014-11-20 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15852.nasl - Type : ACT_GATHER_INFO
2014-11-19 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1872.nasl - Type : ACT_GATHER_INFO
2014-11-12 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1392.nasl - Type : ACT_GATHER_INFO
2014-11-12 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1843.nasl - Type : ACT_GATHER_INFO
2014-11-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1843.nasl - Type : ACT_GATHER_INFO
2014-11-12 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1843.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1668.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1763.nasl - Type : ACT_GATHER_INFO
2014-11-04 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3086.nasl - Type : ACT_GATHER_INFO
2014-11-04 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20141014_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-11-04 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20141028_kernel_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2014-11-03 Name : The remote Fedora host is missing a security update.
File : fedora_2014-12955.nasl - Type : ACT_GATHER_INFO
2014-10-31 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3084.nasl - Type : ACT_GATHER_INFO
2014-10-31 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3085.nasl - Type : ACT_GATHER_INFO
2014-10-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1724.nasl - Type : ACT_GATHER_INFO
2014-10-29 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1724.nasl - Type : ACT_GATHER_INFO
2014-10-29 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1724.nasl - Type : ACT_GATHER_INFO
2014-10-23 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-140924.nasl - Type : ACT_GATHER_INFO
2014-10-23 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-bigsmp-201409-140924.nasl - Type : ACT_GATHER_INFO
2014-10-22 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-201.nasl - Type : ACT_GATHER_INFO
2014-10-22 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1392.nasl - Type : ACT_GATHER_INFO
2014-10-20 Name : The remote Fedora host is missing a security update.
File : fedora_2014-13045.nasl - Type : ACT_GATHER_INFO
2014-10-20 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3081.nasl - Type : ACT_GATHER_INFO
2014-10-20 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3082.nasl - Type : ACT_GATHER_INFO
2014-10-20 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3083.nasl - Type : ACT_GATHER_INFO
2014-10-20 Name : The remote Fedora host is missing a security update.
File : fedora_2014-13020.nasl - Type : ACT_GATHER_INFO
2014-10-14 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1392.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-417.nasl - Type : ACT_GATHER_INFO
2014-10-11 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2374-1.nasl - Type : ACT_GATHER_INFO
2014-10-11 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2375-1.nasl - Type : ACT_GATHER_INFO
2014-10-11 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2376-1.nasl - Type : ACT_GATHER_INFO
2014-10-11 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2378-1.nasl - Type : ACT_GATHER_INFO
2014-10-11 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2379-1.nasl - Type : ACT_GATHER_INFO
2014-10-01 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1318.nasl - Type : ACT_GATHER_INFO
2014-09-30 Name : The remote Fedora host is missing a security update.
File : fedora_2014-11008.nasl - Type : ACT_GATHER_INFO
2014-09-24 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2354-1.nasl - Type : ACT_GATHER_INFO
2014-09-24 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2355-1.nasl - Type : ACT_GATHER_INFO
2014-09-24 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2356-1.nasl - Type : ACT_GATHER_INFO
2014-09-24 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2358-1.nasl - Type : ACT_GATHER_INFO
2014-09-24 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2359-1.nasl - Type : ACT_GATHER_INFO
2014-09-23 Name : The remote Fedora host is missing a security update.
File : fedora_2014-10312.nasl - Type : ACT_GATHER_INFO
2014-09-23 Name : The remote Fedora host is missing a security update.
File : fedora_2014-11097.nasl - Type : ACT_GATHER_INFO
2014-09-22 Name : The remote Fedora host is missing a security update.
File : fedora_2014-11031.nasl - Type : ACT_GATHER_INFO
2014-09-03 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2332-1.nasl - Type : ACT_GATHER_INFO
2014-09-03 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2333-1.nasl - Type : ACT_GATHER_INFO
2014-09-03 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2334-1.nasl - Type : ACT_GATHER_INFO
2014-08-30 Name : The remote Fedora host is missing a security update.
File : fedora_2014-9959.nasl - Type : ACT_GATHER_INFO
2014-08-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1083.nasl - Type : ACT_GATHER_INFO
2014-08-20 Name : The remote Fedora host is missing a security update.
File : fedora_2014-9449.nasl - Type : ACT_GATHER_INFO
2014-08-18 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2317-1.nasl - Type : ACT_GATHER_INFO
2014-08-18 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2318-1.nasl - Type : ACT_GATHER_INFO
2014-08-17 Name : The remote Fedora host is missing a security update.
File : fedora_2014-9466.nasl - Type : ACT_GATHER_INFO
2014-08-09 Name : The remote Fedora host is missing a security update.
File : fedora_2014-9142.nasl - Type : ACT_GATHER_INFO
2014-08-07 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1023.nasl - Type : ACT_GATHER_INFO
2014-08-07 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1023.nasl - Type : ACT_GATHER_INFO
2014-08-07 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1023.nasl - Type : ACT_GATHER_INFO
2014-08-04 Name : The remote Fedora host is missing a security update.
File : fedora_2014-9010.nasl - Type : ACT_GATHER_INFO
2014-07-30 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2992.nasl - Type : ACT_GATHER_INFO
2014-07-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0557.nasl - Type : ACT_GATHER_INFO
2014-07-17 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-140709.nasl - Type : ACT_GATHER_INFO
2014-07-02 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-451.nasl - Type : ACT_GATHER_INFO
2014-06-28 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2260-1.nasl - Type : ACT_GATHER_INFO
2014-06-26 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-441.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2233-1.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2234-1.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2235-1.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2239-1.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2240-1.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2241-1.nasl - Type : ACT_GATHER_INFO
2014-05-28 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2223-1.nasl - Type : ACT_GATHER_INFO
2014-05-28 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2224-1.nasl - Type : ACT_GATHER_INFO
2014-05-22 Name : The remote Fedora host is missing a security update.
File : fedora_2014-6354.nasl - Type : ACT_GATHER_INFO
2014-05-13 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2926.nasl - Type : ACT_GATHER_INFO
2014-05-12 Name : The remote Fedora host is missing a security update.
File : fedora_2014-6122.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-10-23 13:25:00
  • Multiple Updates
2014-10-21 13:23:56
  • First insertion