Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Linux kernel (Quantal HWE) regression
Informations
Name USN-1704-2 First vendor Publication 2013-02-01
Vendor Ubuntu Last vendor Modification 2013-02-01
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:N/A:N)
Cvss Base Score 4.9 Attack Range Local
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS

Summary:

USN-1704-1 introduced a regression in the Linux kernel.

Software Description: - linux-lts-quantal: Linux hardware enablement kernel from Quantal

Details:

USN-1704-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression inotify/fanotify stopped working after upgrading. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Brad Spengler discovered a flaw in the Linux kernel's uname system call. An
unprivileged user could exploit this flaw to read kernel stack memory.
(CVE-2012-0957)

Jon Howell reported a flaw in the Linux kernel's KVM (Kernel-based virtual
machine) subsystem's handling of the XSAVE feature. On hosts, using qemu
userspace, without the XSAVE feature an unprivileged local attacker could
exploit this flaw to crash the system. (CVE-2012-4461)

Dmitry Monakhov reported a race condition flaw the Linux ext4 filesystem
that can expose stale data. An unprivileged user could exploit this flaw to
cause an information leak. (CVE-2012-4508)

A flaw was discovered in the Linux kernel's handling of script execution
when module loading is enabled. A local attacker could exploit this flaw to
cause a leak of kernel stack contents. (CVE-2012-4530)

Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois
congestion control algorithm. A local attacker could use this to cause a
denial of service. (CVE-2012-4565)

A flaw was discovered in the Linux kernel's handling of new hot-plugged
memory. An unprivileged local user could exploit this flaw to cause a
denial of service by crashing the system. (CVE-2012-5517)

Florian Weimer discovered that hypervkvpd, which is distributed in the
Linux kernel, was not correctly validating source addresses of netlink
packets. An untrusted local user can cause a denial of service by causing
hypervkvpd to exit. (CVE-2012-5532)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.04 LTS:
linux-image-3.5.0-23-generic 3.5.0-23.35~precise1

After a standard system update you need to reboot your computer to make all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well.

References:
http://www.ubuntu.com/usn/usn-1704-2
http://www.ubuntu.com/usn/usn-1704-1
https://launchpad.net/bugs/1101666

Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-quantal/3.5.0-23.35~precise1

Original Source

Url : http://www.ubuntu.com/usn/USN-1704-2

CWE : Common Weakness Enumeration

% Id Name
25 % CWE-362 Race Condition
25 % CWE-200 Information Exposure
25 % CWE-189 Numeric Errors (CWE/SANS Top 25)
25 % CWE-16 Configuration

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:17314
 
Oval ID: oval:org.mitre.oval:def:17314
Title: USN-1699-1 -- linux vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1699-1
CVE-2012-4461
CVE-2012-4530
CVE-2012-5532
Version: 7
Platform(s): Ubuntu 12.10
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17337
 
Oval ID: oval:org.mitre.oval:def:17337
Title: USN-1696-1 -- linux vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1696-1
CVE-2012-4461
CVE-2012-4530
CVE-2012-5532
Version: 7
Platform(s): Ubuntu 12.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17491
 
Oval ID: oval:org.mitre.oval:def:17491
Title: USN-1678-1 -- linux-lts-backport-oneiric vulnerability
Description: The system could be made to crash under certain conditions.
Family: unix Class: patch
Reference(s): USN-1678-1
CVE-2012-5517
Version: 7
Platform(s): Ubuntu 10.04
Product(s): linux-lts-backport-oneiric
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17680
 
Oval ID: oval:org.mitre.oval:def:17680
Title: USN-1698-1 -- linux-ti-omap4 vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1698-1
CVE-2012-4530
CVE-2012-5532
Version: 7
Platform(s): Ubuntu 12.04
Product(s): linux-ti-omap4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17779
 
Oval ID: oval:org.mitre.oval:def:17779
Title: USN-1700-1 -- linux-ti-omap4 vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1700-1
CVE-2012-4530
CVE-2012-5532
Version: 7
Platform(s): Ubuntu 12.10
Product(s): linux-ti-omap4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17829
 
Oval ID: oval:org.mitre.oval:def:17829
Title: USN-1650-1 -- linux vulnerability
Description: The system could be made to crash under certain conditions.
Family: unix Class: patch
Reference(s): USN-1650-1
CVE-2012-4565
Version: 7
Platform(s): Ubuntu 8.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17858
 
Oval ID: oval:org.mitre.oval:def:17858
Title: USN-1700-2 -- linux-ti-omap4 regression
Description: USN-1700-1 introduced a regression in the Linux kernel.
Family: unix Class: patch
Reference(s): USN-1700-2
CVE-2012-4530
CVE-2012-5532
Version: 7
Platform(s): Ubuntu 12.10
Product(s): linux-ti-omap4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17881
 
Oval ID: oval:org.mitre.oval:def:17881
Title: USN-1670-1 -- linux-ti-omap4 vulnerability
Description: The system could be made to crash under certain conditions.
Family: unix Class: patch
Reference(s): USN-1670-1
CVE-2012-5517
Version: 7
Platform(s): Ubuntu 12.04
Product(s): linux-ti-omap4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17884
 
Oval ID: oval:org.mitre.oval:def:17884
Title: USN-1688-1 -- linux-lts-backport-oneiric vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1688-1
CVE-2012-4461
CVE-2012-4530
Version: 7
Platform(s): Ubuntu 10.04
Product(s): linux-lts-backport-oneiric
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17892
 
Oval ID: oval:org.mitre.oval:def:17892
Title: USN-1669-1 -- linux vulnerability
Description: The system could be made to crash under certain conditions.
Family: unix Class: patch
Reference(s): USN-1669-1
CVE-2012-5517
Version: 7
Platform(s): Ubuntu 12.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17894
 
Oval ID: oval:org.mitre.oval:def:17894
Title: USN-1696-2 -- linux regression
Description: USN-1696-1 introduced a regression in the Linux kernel.
Family: unix Class: patch
Reference(s): USN-1696-2
CVE-2012-4461
CVE-2012-4530
CVE-2012-5532
Version: 7
Platform(s): Ubuntu 12.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17933
 
Oval ID: oval:org.mitre.oval:def:17933
Title: USN-1691-1 -- linux-ti-omap4 vulnerability
Description: The system could be made to leak data on the kernel stack.
Family: unix Class: patch
Reference(s): USN-1691-1
CVE-2012-4530
Version: 7
Platform(s): Ubuntu 11.10
Product(s): linux-ti-omap4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18011
 
Oval ID: oval:org.mitre.oval:def:18011
Title: USN-1698-2 -- linux-ti-omap4 regression
Description: USN-1698-1 introduced a regression in the Linux kernel.
Family: unix Class: patch
Reference(s): USN-1698-2
CVE-2012-4530
CVE-2012-5532
Version: 7
Platform(s): Ubuntu 12.04
Product(s): linux-ti-omap4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18036
 
Oval ID: oval:org.mitre.oval:def:18036
Title: USN-1704-2 -- linux-lts-quantal - Linux kernel hardware enablement from Quantal regression
Description: USN-1704-1 introduced a regression in the Linux kernel.
Family: unix Class: patch
Reference(s): USN-1704-2
CVE-2012-0957
CVE-2012-4461
CVE-2012-4508
CVE-2012-4530
CVE-2012-4565
CVE-2012-5517
CVE-2012-5532
Version: 8
Platform(s): Ubuntu 12.04
Product(s): linux-lts-quantal
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18072
 
Oval ID: oval:org.mitre.oval:def:18072
Title: USN-1684-1 -- linux-ec2 vulnerability
Description: The system could be made to leak sensitive system information.
Family: unix Class: patch
Reference(s): USN-1684-1
CVE-2012-4530
Version: 7
Platform(s): Ubuntu 10.04
Product(s): linux-ec2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18073
 
Oval ID: oval:org.mitre.oval:def:18073
Title: USN-1679-1 -- linux-ti-omap4 vulnerability
Description: The system could be made to crash under certain conditions.
Family: unix Class: patch
Reference(s): USN-1679-1
CVE-2012-5517
Version: 7
Platform(s): Ubuntu 11.10
Product(s): linux-ti-omap4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18112
 
Oval ID: oval:org.mitre.oval:def:18112
Title: USN-1677-1 -- linux vulnerability
Description: The system could be made to crash under certain conditions.
Family: unix Class: patch
Reference(s): USN-1677-1
CVE-2012-5517
Version: 7
Platform(s): Ubuntu 11.10
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18124
 
Oval ID: oval:org.mitre.oval:def:18124
Title: USN-1699-2 -- linux regression
Description: USN-1699-1 introduced a regression in the Linux kernel.
Family: unix Class: patch
Reference(s): USN-1699-2
CVE-2012-4461
CVE-2012-4530
CVE-2012-5532
Version: 7
Platform(s): Ubuntu 12.10
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18186
 
Oval ID: oval:org.mitre.oval:def:18186
Title: USN-1726-1 -- linux-ti-omap4 vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1726-1
CVE-2012-2669
CVE-2012-4508
CVE-2012-5532
Version: 7
Platform(s): Ubuntu 11.10
Product(s): linux-ti-omap4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18273
 
Oval ID: oval:org.mitre.oval:def:18273
Title: USN-1683-1 -- linux vulnerability
Description: The system could be made to leak sensitive system information.
Family: unix Class: patch
Reference(s): USN-1683-1
CVE-2012-4530
Version: 7
Platform(s): Ubuntu 10.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18283
 
Oval ID: oval:org.mitre.oval:def:18283
Title: USN-1689-1 -- linux vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1689-1
CVE-2012-4461
CVE-2012-4530
Version: 7
Platform(s): Ubuntu 11.10
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20699
 
Oval ID: oval:org.mitre.oval:def:20699
Title: RHSA-2012:1580: kernel security, bug fix and enhancement update (Moderate)
Description: The online_pages function in mm/memory_hotplug.c in the Linux kernel before 3.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact in opportunistic circumstances by using memory that was hot-added by an administrator.
Family: unix Class: patch
Reference(s): RHSA-2012:1580-01
CESA-2012:1580
CVE-2012-2100
CVE-2012-2375
CVE-2012-4444
CVE-2012-4565
CVE-2012-5517
Version: 68
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20850
 
Oval ID: oval:org.mitre.oval:def:20850
Title: RHSA-2013:0223: kernel security and bug fix update (Moderate)
Description: The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
Family: unix Class: patch
Reference(s): RHSA-2013:0223-01
CESA-2013:0223
CVE-2012-4398
CVE-2012-4461
CVE-2012-4530
Version: 45
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21185
 
Oval ID: oval:org.mitre.oval:def:21185
Title: RHSA-2013:0807: hypervkvpd security and bug fix update (Low)
Description: The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.8-rc1, allows local users to cause a denial of service (daemon exit) via a crafted application that sends a Netlink message. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2669.
Family: unix Class: patch
Reference(s): RHSA-2013:0807-00
CESA-2013:0807
CVE-2012-5532
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): hypervkvpd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23524
 
Oval ID: oval:org.mitre.oval:def:23524
Title: ELSA-2013:0807: hypervkvpd security and bug fix update (Low)
Description: The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.8-rc1, allows local users to cause a denial of service (daemon exit) via a crafted application that sends a Netlink message. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2669.
Family: unix Class: patch
Reference(s): ELSA-2013:0807-00
CVE-2012-5532
Version: 6
Platform(s): Oracle Linux 5
Product(s): hypervkvpd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23832
 
Oval ID: oval:org.mitre.oval:def:23832
Title: ELSA-2013:0223: kernel security and bug fix update (Moderate)
Description: The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
Family: unix Class: patch
Reference(s): ELSA-2013:0223-01
CVE-2012-4398
CVE-2012-4461
CVE-2012-4530
Version: 17
Platform(s): Oracle Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23871
 
Oval ID: oval:org.mitre.oval:def:23871
Title: ELSA-2012:1580: kernel security, bug fix and enhancement update (Moderate)
Description: The online_pages function in mm/memory_hotplug.c in the Linux kernel before 3.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact in opportunistic circumstances by using memory that was hot-added by an administrator.
Family: unix Class: patch
Reference(s): ELSA-2012:1580-01
CVE-2012-2100
CVE-2012-2375
CVE-2012-4444
CVE-2012-4565
CVE-2012-5517
Version: 25
Platform(s): Oracle Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26226
 
Oval ID: oval:org.mitre.oval:def:26226
Title: SUSE-SU-2013:0259-1 -- kernel update for SLE11 SP2
Description: The SUSE Linux Enterprise 11 SP2 kernel was updated to 3.0.58, fixing various bugs and security issues.
Family: unix Class: patch
Reference(s): SUSE-SU-2013:0259-1
CVE-2012-4565
CVE-2012-0957
CVE-2012-4530
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): SLE11 SP2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26824
 
Oval ID: oval:org.mitre.oval:def:26824
Title: DEPRECATED: ELSA-2013-0223 -- kernel security and bug fix update (moderate)
Description: [2.6.32-279.22.1] - [virt] kvm: invalid opcode oops on SET_SREGS with OSXSAVE bit set (Petr Matousek) [862903 862904] {CVE-2012-4461} - [fs] fuse: optimize __fuse_direct_io() (Brian Foster) [865305 858850] - [fs] fuse: optimize fuse_get_user_pages() (Brian Foster) [865305 858850] - [fs] fuse: use get_user_pages_fast() (Brian Foster) [865305 858850] - [fs] fuse: pass iov[] to fuse_get_user_pages() (Brian Foster) [865305 858850] - [fs] mm: minor cleanup of iov_iter_single_seg_count() (Brian Foster) [865305 858850] - [fs] fuse: use req->page_descs[] for argpages cases (Brian Foster) [865305 858850] to fuse_req (Brian Foster) [865305 858850] - [fs] fuse: rework fuse_do_ioctl() (Brian Foster) [865305 858850] - [fs] fuse: rework fuse_perform_write() (Brian Foster) [865305 858850] - [fs] fuse: rework fuse_readpages() (Brian Foster) [865305 858850] - [fs] fuse: categorize fuse_get_req() (Brian Foster) [865305 858850] - [fs] fuse: general infrastructure for pages[] of variable size (Brian Foster) [865305 858850] - [fs] exec: do not leave bprm->interp on stack (Josh Poimboeuf) [880145 880146] {CVE-2012-4530} - [fs] exec: use -ELOOP for max recursion depth (Josh Poimboeuf) [880145 880146] {CVE-2012-4530} - [scsi] have scsi_internal_device_unblock take new state (Frantisek Hrbata) [878774 854140] - [scsi] add new SDEV_TRANSPORT_OFFLINE state (Chris Leech) [878774 854140] - [kernel] cpu: fix cpu_chain section mismatch (Frederic Weisbecker) [876090 852148] - [kernel] sched: Don't modify cpusets during suspend/resume (Frederic Weisbecker) [876090 852148] - [kernel] sched, cpuset: Drop __cpuexit from cpu hotplug callbacks (Frederic Weisbecker) [876090 852148] - [kernel] sched: adjust when cpu_active and cpuset configurations are updated during cpu on/offlining (Frantisek Hrbata) [876090 852148] - [kernel] cpu: return better errno on cpu hotplug failure (Frederic Weisbecker) [876090 852148] - [kernel] cpu: introduce cpu_notify(), __cpu_notify(), cpu_notify_nofail() (Frederic Weisbecker) [876090 852148] - [fs] nfs: Properly handle the case where the delegation is revoked (Steve Dickson) [846840 842435] - [fs] nfs: Move cl_delegations to the nfs_server struct (Steve Dickson) [846840 842435] - [fs] nfs: Introduce nfs_detach_delegations() (Steve Dickson) [846840 842435] - [fs] nfs: Fix a number of RCU issues in the NFSv4 delegation code (Steve Dickson) [846840 842435]
Family: unix Class: patch
Reference(s): ELSA-2013-0223
CVE-2012-4398
CVE-2012-4461
CVE-2012-4530
Version: 4
Platform(s): Oracle Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26913
 
Oval ID: oval:org.mitre.oval:def:26913
Title: ELSA-2012-2047 -- Unbreakable Enterprise kernel security update (moderate)
Description: [2.6.39-300.17.3] - mm/hotplug: correctly add new zone to all other nodes zone lists (Jiang Liu) [Orabug: 16020976 Bug-db: 14798] {CVE-2012-5517} - Divide by zero in TCP congestion control Algorithm. (Jesper Dangaard Brouer) [Orabug: 16020656 Bug-db: 14798] {CVE-2012-4565} - Fix length of buffer copied in __nfs4_get_acl_uncached (Sachin Prabhu) [Bug- db: 14798] {CVE-2012-2375} - Avoid reading past buffer when calling GETACL (Sachin Prabhu) [Bug-db: 14798] {CVE-2012-2375} - Avoid beyond bounds copy while caching ACL (Sachin Prabhu) [Bug-db: 14798] {CVE-2012-2375}
Family: unix Class: patch
Reference(s): ELSA-2012-2047
CVE-2012-2375
CVE-2012-4565
CVE-2012-5517
Version: 3
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): kernel-uek
kernel-uek-debug
kernel-uek-debug-devel
kernel-uek-devel
kernel-uek-doc
kernel-uek-firmware
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27059
 
Oval ID: oval:org.mitre.oval:def:27059
Title: DEPRECATED: ELSA-2013-0807 -- hypervkvpd security and bug fix update (low)
Description: [0-0.7.0.1.el5_9.3] - Add support for oracle os [0-0.7.3] - Fix for one more file descriptor leak (rhbz#953502) [0-0.7.2] - Validate Netlink source address (CVE-2012-5532) (rhbz#953560) [0-0.7.1] - Fix for file descriptor leak (rhbz#953502)
Family: unix Class: patch
Reference(s): ELSA-2013-0807
CVE-2012-5532
Version: 4
Platform(s): Oracle Linux 5
Product(s): hypervkvpd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27629
 
Oval ID: oval:org.mitre.oval:def:27629
Title: ELSA-2012-2048 -- Unbreakable Enterprise kernel security update (moderate)
Description: [2.6.32-300.39.2] - ext4: fix undefined behavior in ext4_fill_flex_info() (Xi Wang) [orabug 16020245] {CVE-2012-2100} - Divide by zero in TCP congestion control Algorithm (Jesper Dangaard Brouer) [orabug 16020447] {CVE-2012-4565} - ipv6: discard overlapping fragment (Luis Henriques) [orabug 16021354] {CVE-2012-4444}
Family: unix Class: patch
Reference(s): ELSA-2012-2048
CVE-2012-2100
CVE-2012-4444
CVE-2012-4565
Version: 5
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): kernel-uek
mlnx_en
ofa
kernel-uek-debug
kernel-uek-debug-devel
kernel-uek-devel
kernel-uek-doc
kernel-uek-firmware
kernel-uek-headers
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27678
 
Oval ID: oval:org.mitre.oval:def:27678
Title: DEPRECATED: ELSA-2012-1580 -- kernel security, bug fix and enhancement update (moderate)
Description: [2.6.32-279.19.1.el6] - [drm] i915: dont clobber the pipe param in sanitize_modesetting (Frantisek Hrbata) [876549 857792] - [drm] i915: Sanitize BIOS debugging bits from PIPECONF (Frantisek Hrbata) [876549 857792] - [net] fix divide by zero in tcp algorithm illinois (Flavio Leitner) [871920 866514] {CVE-2012-4565} - [fs] xfs: fix reading of wrapped log data (Dave Chinner) [876499 874322] - [x86] mm: fix signedness issue in mmap_rnd() (Petr Matousek) [876496 875036] - [net] WARN if struct ip_options was allocated directly by kmalloc (Jiri Pirko) [877950 872799] - [fs] block_dev: Fix crash when block device is read and block size is changed at the same time (Frantisek Hrbata) [864826 855906] - [mm] tracing: Move include of trace/events/kmem.h out of header into slab.c (Jeff Moyer) [864826 855906] - [mm] slab: Move kmalloc tracepoint out of inline code (Jeff Moyer) [864826 855906] - [netdrv] bnx2x: organize BDs calculation for stop/resume (Frantisek Hrbata) [874022 819842] - [netdrv] bnx2x: fix panic when TX ring is full (Michal Schmidt) [874022 819842]
Family: unix Class: patch
Reference(s): ELSA-2012-1580
CVE-2012-2100
CVE-2012-2375
CVE-2012-4444
CVE-2012-4565
CVE-2012-5517
Version: 4
Platform(s): Oracle Linux 6
Product(s): kernel
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 1802

OpenVAS Exploits

Date Description
2012-12-26 Name : CentOS Update for kernel CESA-2012:1580 centos6
File : nvt/gb_CESA-2012_1580_kernel_centos6.nasl
2012-12-26 Name : Ubuntu Update for linux-ti-omap4 USN-1679-1
File : nvt/gb_ubuntu_USN_1679_1.nasl
2012-12-26 Name : Ubuntu Update for linux-lts-backport-oneiric USN-1678-1
File : nvt/gb_ubuntu_USN_1678_1.nasl
2012-12-26 Name : Ubuntu Update for linux USN-1677-1
File : nvt/gb_ubuntu_USN_1677_1.nasl
2012-12-26 Name : Ubuntu Update for linux-ti-omap4 USN-1673-1
File : nvt/gb_ubuntu_USN_1673_1.nasl
2012-12-26 Name : Ubuntu Update for linux USN-1671-1
File : nvt/gb_ubuntu_USN_1671_1.nasl
2012-12-26 Name : Ubuntu Update for linux-ti-omap4 USN-1670-1
File : nvt/gb_ubuntu_USN_1670_1.nasl
2012-12-26 Name : Ubuntu Update for linux USN-1669-1
File : nvt/gb_ubuntu_USN_1669_1.nasl
2012-12-26 Name : RedHat Update for kernel RHSA-2012:1580-01
File : nvt/gb_RHSA-2012_1580-01_kernel.nasl
2012-12-18 Name : Fedora Update for kernel FEDORA-2012-20240
File : nvt/gb_fedora_2012_20240_kernel_fc16.nasl
2012-12-06 Name : CentOS Update for kernel CESA-2012:1540 centos5
File : nvt/gb_CESA-2012_1540_kernel_centos5.nasl
2012-12-06 Name : RedHat Update for kernel RHSA-2012:1540-01
File : nvt/gb_RHSA-2012_1540-01_kernel.nasl
2012-12-06 Name : Ubuntu Update for linux-ec2 USN-1653-1
File : nvt/gb_ubuntu_USN_1653_1.nasl
2012-12-04 Name : Ubuntu Update for linux USN-1651-1
File : nvt/gb_ubuntu_USN_1651_1.nasl
2012-12-04 Name : Ubuntu Update for linux-lts-backport-oneiric USN-1652-1
File : nvt/gb_ubuntu_USN_1652_1.nasl
2012-12-04 Name : Ubuntu Update for linux USN-1650-1
File : nvt/gb_ubuntu_USN_1650_1.nasl
2012-12-04 Name : Ubuntu Update for linux-ti-omap4 USN-1649-1
File : nvt/gb_ubuntu_USN_1649_1.nasl
2012-12-04 Name : Ubuntu Update for linux USN-1648-1
File : nvt/gb_ubuntu_USN_1648_1.nasl
2012-12-04 Name : Ubuntu Update for linux-ti-omap4 USN-1647-1
File : nvt/gb_ubuntu_USN_1647_1.nasl
2012-12-04 Name : Ubuntu Update for linux USN-1646-1
File : nvt/gb_ubuntu_USN_1646_1.nasl
2012-12-04 Name : Ubuntu Update for linux-ti-omap4 USN-1645-1
File : nvt/gb_ubuntu_USN_1645_1.nasl
2012-12-04 Name : Ubuntu Update for linux USN-1644-1
File : nvt/gb_ubuntu_USN_1644_1.nasl
2012-12-04 Name : Fedora Update for kernel FEDORA-2012-19337
File : nvt/gb_fedora_2012_19337_kernel_fc17.nasl
2012-11-29 Name : Fedora Update for kernel FEDORA-2012-18691
File : nvt/gb_fedora_2012_18691_kernel_fc16.nasl
2012-11-23 Name : Fedora Update for kernel FEDORA-2012-18684
File : nvt/gb_fedora_2012_18684_kernel_fc17.nasl
2012-11-06 Name : Fedora Update for kernel FEDORA-2012-17479
File : nvt/gb_fedora_2012_17479_kernel_fc16.nasl
2012-11-06 Name : Fedora Update for kernel FEDORA-2012-17462
File : nvt/gb_fedora_2012_17462_kernel_fc17.nasl
2012-10-29 Name : Fedora Update for kernel FEDORA-2012-16669
File : nvt/gb_fedora_2012_16669_kernel_fc17.nasl

Nessus® Vulnerability Scanner

Date Description
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-0287-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2013-1832-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2013-0674-1.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2013-0008.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2013-0003.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1783.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1519.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2013-0579.nasl - Type : ACT_GATHER_INFO
2014-11-06 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15797.nasl - Type : ACT_GATHER_INFO
2014-07-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0566.nasl - Type : ACT_GATHER_INFO
2014-07-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1491.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-176.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2013-148.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-142.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2013-166.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-2048.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-2534.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-2520.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-2507.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-2504.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-2503.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2013-0807.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0496.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0223.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-2047.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1580.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1540.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1540-1.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-194.nasl - Type : ACT_GATHER_INFO
2013-07-05 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1900-1.nasl - Type : ACT_GATHER_INFO
2013-07-05 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1899-1.nasl - Type : ACT_GATHER_INFO
2013-06-25 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-176.nasl - Type : ACT_GATHER_INFO
2013-05-31 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0882.nasl - Type : ACT_GATHER_INFO
2013-05-15 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2668.nasl - Type : ACT_GATHER_INFO
2013-05-14 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2013-0807.nasl - Type : ACT_GATHER_INFO
2013-05-10 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130509_hypervkvpd_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-05-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0807.nasl - Type : ACT_GATHER_INFO
2013-04-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-8518.nasl - Type : ACT_GATHER_INFO
2013-04-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-8527.nasl - Type : ACT_GATHER_INFO
2013-03-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0496.nasl - Type : ACT_GATHER_INFO
2013-03-10 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0496.nasl - Type : ACT_GATHER_INFO
2013-02-15 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1726-1.nasl - Type : ACT_GATHER_INFO
2013-02-13 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1719-1.nasl - Type : ACT_GATHER_INFO
2013-02-13 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1720-1.nasl - Type : ACT_GATHER_INFO
2013-02-08 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-130125.nasl - Type : ACT_GATHER_INFO
2013-02-08 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0223.nasl - Type : ACT_GATHER_INFO
2013-02-07 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130205_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-02-06 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0223.nasl - Type : ACT_GATHER_INFO
2013-02-04 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1704-2.nasl - Type : ACT_GATHER_INFO
2013-02-04 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1696-2.nasl - Type : ACT_GATHER_INFO
2013-02-04 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1699-2.nasl - Type : ACT_GATHER_INFO
2013-02-03 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1700-2.nasl - Type : ACT_GATHER_INFO
2013-02-03 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1698-2.nasl - Type : ACT_GATHER_INFO
2013-01-25 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-121203.nasl - Type : ACT_GATHER_INFO
2013-01-23 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1704-1.nasl - Type : ACT_GATHER_INFO
2013-01-18 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1696-1.nasl - Type : ACT_GATHER_INFO
2013-01-18 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1698-1.nasl - Type : ACT_GATHER_INFO
2013-01-18 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1699-1.nasl - Type : ACT_GATHER_INFO
2013-01-18 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1700-1.nasl - Type : ACT_GATHER_INFO
2013-01-15 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1691-1.nasl - Type : ACT_GATHER_INFO
2013-01-15 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1689-1.nasl - Type : ACT_GATHER_INFO
2013-01-15 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1688-1.nasl - Type : ACT_GATHER_INFO
2013-01-11 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1683-1.nasl - Type : ACT_GATHER_INFO
2013-01-11 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1684-1.nasl - Type : ACT_GATHER_INFO
2012-12-21 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1677-1.nasl - Type : ACT_GATHER_INFO
2012-12-21 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1678-1.nasl - Type : ACT_GATHER_INFO
2012-12-21 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1679-1.nasl - Type : ACT_GATHER_INFO
2012-12-20 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-1580.nasl - Type : ACT_GATHER_INFO
2012-12-20 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20121218_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-12-19 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1673-1.nasl - Type : ACT_GATHER_INFO
2012-12-19 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1671-1.nasl - Type : ACT_GATHER_INFO
2012-12-19 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1670-1.nasl - Type : ACT_GATHER_INFO
2012-12-19 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1669-1.nasl - Type : ACT_GATHER_INFO
2012-12-19 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1580.nasl - Type : ACT_GATHER_INFO
2012-12-18 Name : The remote Fedora host is missing a security update.
File : fedora_2012-20240.nasl - Type : ACT_GATHER_INFO
2012-12-07 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-1540.nasl - Type : ACT_GATHER_INFO
2012-12-07 Name : The remote Fedora host is missing a security update.
File : fedora_2012-19804.nasl - Type : ACT_GATHER_INFO
2012-12-07 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20121204_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-12-05 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1653-1.nasl - Type : ACT_GATHER_INFO
2012-12-05 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1540.nasl - Type : ACT_GATHER_INFO
2012-12-03 Name : The remote Fedora host is missing a security update.
File : fedora_2012-19337.nasl - Type : ACT_GATHER_INFO
2012-12-02 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1650-1.nasl - Type : ACT_GATHER_INFO
2012-12-02 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1652-1.nasl - Type : ACT_GATHER_INFO
2012-12-02 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1651-1.nasl - Type : ACT_GATHER_INFO
2012-12-02 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1649-1.nasl - Type : ACT_GATHER_INFO
2012-12-02 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1648-1.nasl - Type : ACT_GATHER_INFO
2012-12-02 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1647-1.nasl - Type : ACT_GATHER_INFO
2012-12-02 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1646-1.nasl - Type : ACT_GATHER_INFO
2012-12-02 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1645-1.nasl - Type : ACT_GATHER_INFO
2012-12-02 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1644-1.nasl - Type : ACT_GATHER_INFO
2012-11-29 Name : The remote Fedora host is missing a security update.
File : fedora_2012-18691.nasl - Type : ACT_GATHER_INFO
2012-11-27 Name : The remote Fedora host is missing a security update.
File : fedora_2012-18740.nasl - Type : ACT_GATHER_INFO
2012-11-23 Name : The remote Fedora host is missing a security update.
File : fedora_2012-18684.nasl - Type : ACT_GATHER_INFO
2012-11-09 Name : The remote Fedora host is missing a security update.
File : fedora_2012-16787.nasl - Type : ACT_GATHER_INFO
2012-11-08 Name : The remote Fedora host is missing a security update.
File : fedora_2012-17413.nasl - Type : ACT_GATHER_INFO
2012-11-07 Name : The remote Fedora host is missing a security update.
File : fedora_2012-17479.nasl - Type : ACT_GATHER_INFO
2012-11-07 Name : The remote Fedora host is missing a security update.
File : fedora_2012-17462.nasl - Type : ACT_GATHER_INFO
2012-10-29 Name : The remote Fedora host is missing a security update.
File : fedora_2012-16669.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
Date Informations
2016-07-22 12:05:45
  • Multiple Updates
2016-06-30 22:38:09
  • Multiple Updates
2014-02-17 12:01:24
  • Multiple Updates
2014-01-15 21:27:31
  • Multiple Updates
2014-01-08 13:23:58
  • Multiple Updates
2013-05-11 00:55:24
  • Multiple Updates
2013-02-18 13:21:45
  • Multiple Updates
2013-02-01 17:20:16
  • Multiple Updates
2013-02-01 17:18:12
  • First insertion