Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Linux kernel (Raring HWE) vulnerabilities
Informations
Name USN-2136-1 First vendor Publication 2014-03-07
Vendor Ubuntu Last vendor Modification 2014-03-07
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description: - linux-lts-raring: Linux hardware enablement kernel from Raring

Details:

Mathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker could exploit this error to discover the original MAC address after a spoofing atack. (CVE-2013-4579)

Andrew Honig reported a flaw in the Linux Kernel's kvm_vm_ioctl_create_vcpu function of the Kernel Virtual Machine (KVM) subsystem. A local user could exploit this flaw to gain privileges on the host machine. (CVE-2013-4587)

Andrew Honig reported a flaw in the apic_get_tmcct function of the Kernel Virtual Machine (KVM) subsystem if the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service or host OS system crash. (CVE-2013-6367)

Andrew Honig reported an error in the Linux Kernel's Kernel Virtual Machine (KVM) VAPIC synchronization operation. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash). (CVE-2013-6368)

Lars Bull discovered a flaw in the recalculate_apic_map function of the Kernel Virtual Machine (KVM) subsystem in the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service (host OS crash). (CVE-2013-6376)

Nico Golde and Fabian Yamaguchi reported a flaw in the driver for Adaptec AACRAID scsi raid devices in the Linux kernel. A local user could use this flaw to cause a denial of service or possibly other unspecified impact. (CVE-2013-6380)

mpd reported an information leak in the recvfrom, recvmmsg, and recvmsg system calls in the Linux kernel. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7263)

mpb reported an information leak in the Layer Two Tunneling Protocol (l2tp) of the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7264)

mpb reported an information leak in the Phone Network protocol (phonet) in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7265)

An information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with ISDN sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7266)

An information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with apple talk sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7267)

An information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with ipx protocol sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7268)

An information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with the netrom address family in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7269)

An information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with packet address family sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7270)

An information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with x25 protocol sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7271)

mpb reported an information leak in the Low-Rate Wireless Personal Area Networks support (IEEE 802.15.4) in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7281)

halfdog reported an error in the AMD K7 and K8 platform support in the Linux kernel. An unprivileged local user could exploit this flaw on AMD based systems to cause a denial of service (task kill) or possibly gain privileges via a crafted application. (CVE-2014-1438)

An information leak was discovered in the Linux kernel's hamradio YAM driver for AX.25 packet radio. A local user with the CAP_NET_ADMIN capability could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2014-1446)

Matthew Thode reported a denial of service vulnerability in the Linux kernel when SELinux support is enabled. A local user with the CAP_MAC_ADMIN capability (and the SELinux mac_admin permission if running in enforcing mode) could exploit this flaw to cause a denial of service (kernel crash). (CVE-2014-1874)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.04 LTS:
linux-image-3.8.0-37-generic 3.8.0-37.53~precise1

After a standard system update you need to reboot your computer to make all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well.

References:
http://www.ubuntu.com/usn/usn-2136-1
CVE-2013-4579, CVE-2013-4587, CVE-2013-6367, CVE-2013-6368,
CVE-2013-6376, CVE-2013-6380, CVE-2013-7263, CVE-2013-7264,
CVE-2013-7265, CVE-2013-7266, CVE-2013-7267, CVE-2013-7268,
CVE-2013-7269, CVE-2013-7270, CVE-2013-7271, CVE-2013-7281,
CVE-2014-1438, CVE-2014-1446, CVE-2014-1874

Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-raring/3.8.0-37.53~precise1

Original Source

Url : http://www.ubuntu.com/usn/USN-2136-1

CWE : Common Weakness Enumeration

% Id Name
68 % CWE-20 Improper Input Validation
11 % CWE-189 Numeric Errors (CWE/SANS Top 25)
5 % CWE-399 Resource Management Errors
5 % CWE-310 Cryptographic Issues
5 % CWE-264 Permissions, Privileges, and Access Controls
5 % CWE-200 Information Exposure

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:20899
 
Oval ID: oval:org.mitre.oval:def:20899
Title: RHSA-2013:1801: kernel security, bug fix, and enhancement update (Important)
Description: The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address.
Family: unix Class: patch
Reference(s): RHSA-2013:1801-00
CESA-2013:1801
CVE-2013-2141
CVE-2013-4470
CVE-2013-6367
CVE-2013-6368
Version: 61
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22287
 
Oval ID: oval:org.mitre.oval:def:22287
Title: RHSA-2014:0159: kernel security and bug fix update (Important)
Description: The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
Family: unix Class: patch
Reference(s): RHSA-2014:0159-00
CESA-2014:0159
CVE-2013-2929
CVE-2013-6381
CVE-2013-7263
CVE-2013-7265
Version: 39
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22406
 
Oval ID: oval:org.mitre.oval:def:22406
Title: RHSA-2014:0163: kvm security update (Important)
Description: The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address.
Family: unix Class: patch
Reference(s): RHSA-2014:0163-00
CESA-2014:0163
CVE-2013-6367
CVE-2013-6368
Version: 23
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): kvm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23368
 
Oval ID: oval:org.mitre.oval:def:23368
Title: USN-2116-1 -- linux-ti-omap4 vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2116-1
CVE-2013-2929
CVE-2013-4592
CVE-2013-6378
CVE-2013-6380
Version: 5
Platform(s): Ubuntu 13.10
Product(s): linux-ti-omap4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23421
 
Oval ID: oval:org.mitre.oval:def:23421
Title: USN-2110-1 -- linux-ti-omap4 vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2110-1
CVE-2013-2929
CVE-2013-4345
CVE-2013-4587
CVE-2013-6367
CVE-2013-6380
CVE-2013-6382
CVE-2013-7263
CVE-2013-7264
CVE-2013-7265
CVE-2013-7266
CVE-2013-7267
CVE-2013-7268
CVE-2013-7269
CVE-2013-7270
CVE-2013-7271
CVE-2013-7281
Version: 5
Platform(s): Ubuntu 12.04
Product(s): linux-ti-omap4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23441
 
Oval ID: oval:org.mitre.oval:def:23441
Title: USN-2117-1 -- linux vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2117-1
CVE-2013-4563
CVE-2013-4579
CVE-2013-4587
CVE-2013-6367
CVE-2013-6368
CVE-2013-6376
CVE-2013-6382
CVE-2013-6432
CVE-2013-7263
CVE-2013-7264
CVE-2013-7265
CVE-2013-7266
CVE-2013-7267
CVE-2013-7268
CVE-2013-7269
CVE-2013-7270
CVE-2013-7271
CVE-2013-7281
CVE-2014-1438
CVE-2014-1446
Version: 5
Platform(s): Ubuntu 13.10
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23501
 
Oval ID: oval:org.mitre.oval:def:23501
Title: ELSA-2014:0163: kvm security update (Important)
Description: The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address.
Family: unix Class: patch
Reference(s): ELSA-2014:0163-00
CVE-2013-6367
CVE-2013-6368
Version: 13
Platform(s): Oracle Linux 5
Product(s): kvm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23857
 
Oval ID: oval:org.mitre.oval:def:23857
Title: USN-2107-1 -- linux vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2107-1
CVE-2013-6383
CVE-2013-7263
CVE-2013-7264
CVE-2013-7265
CVE-2013-7281
Version: 5
Platform(s): Ubuntu 10.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23863
 
Oval ID: oval:org.mitre.oval:def:23863
Title: ELSA-2014:0285: kernel security, bug fix, and enhancement update (Important)
Description: The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c.
Family: unix Class: patch
Reference(s): ELSA-2014:0285-00
CVE-2013-2929
CVE-2013-4483
CVE-2013-4554
CVE-2013-6381
CVE-2013-6383
CVE-2013-6885
CVE-2013-7263
Version: 12
Platform(s): Oracle Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23924
 
Oval ID: oval:org.mitre.oval:def:23924
Title: ELSA-2013:1801: kernel security, bug fix, and enhancement update (Important)
Description: The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address.
Family: unix Class: patch
Reference(s): ELSA-2013:1801-00
CVE-2013-2141
CVE-2013-4470
CVE-2013-6367
CVE-2013-6368
Version: 21
Platform(s): Oracle Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23981
 
Oval ID: oval:org.mitre.oval:def:23981
Title: ELSA-2014:0159: kernel security and bug fix update (Important)
Description: The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
Family: unix Class: patch
Reference(s): ELSA-2014:0159-00
CVE-2013-2929
CVE-2013-6381
CVE-2013-7263
CVE-2013-7265
Version: 21
Platform(s): Oracle Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24074
 
Oval ID: oval:org.mitre.oval:def:24074
Title: USN-2135-1 -- linux-lts-quantal vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2135-1
CVE-2013-4579
CVE-2013-4587
CVE-2013-6367
CVE-2013-6368
CVE-2013-6382
CVE-2013-7263
CVE-2013-7264
CVE-2013-7265
CVE-2013-7266
CVE-2013-7267
CVE-2013-7268
CVE-2013-7269
CVE-2013-7270
CVE-2013-7271
CVE-2013-7281
CVE-2014-1438
CVE-2014-1446
CVE-2014-1874
Version: 5
Platform(s): Ubuntu 12.04
Product(s): linux-lts-quantal
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24102
 
Oval ID: oval:org.mitre.oval:def:24102
Title: USN-2134-1 -- linux-ti-omap4 vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2134-1
CVE-2013-4579
CVE-2013-6368
CVE-2014-1438
CVE-2014-1446
CVE-2014-1874
Version: 5
Platform(s): Ubuntu 12.04
Product(s): linux-ti-omap4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24140
 
Oval ID: oval:org.mitre.oval:def:24140
Title: USN-2111-1 -- linux-lts-quantal vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2111-1
CVE-2013-2929
CVE-2013-4592
CVE-2013-6378
CVE-2013-6380
Version: 5
Platform(s): Ubuntu 12.04
Product(s): linux-lts-quantal
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24220
 
Oval ID: oval:org.mitre.oval:def:24220
Title: USN-2113-1 -- linux-lts-saucy vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2113-1
CVE-2013-4563
CVE-2013-4579
CVE-2013-4587
CVE-2013-6367
CVE-2013-6368
CVE-2013-6376
CVE-2013-6382
CVE-2013-6432
CVE-2013-7263
CVE-2013-7264
CVE-2013-7265
CVE-2013-7266
CVE-2013-7267
CVE-2013-7268
CVE-2013-7269
CVE-2013-7270
CVE-2013-7271
CVE-2013-7281
CVE-2014-1438
CVE-2014-1446
Version: 5
Platform(s): Ubuntu 12.04
Product(s): linux-lts-saucy
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24233
 
Oval ID: oval:org.mitre.oval:def:24233
Title: USN-2136-1 -- linux-lts-raring vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2136-1
CVE-2013-4579
CVE-2013-4587
CVE-2013-6367
CVE-2013-6368
CVE-2013-6376
CVE-2013-6380
CVE-2013-7263
CVE-2013-7264
CVE-2013-7265
CVE-2013-7266
CVE-2013-7267
CVE-2013-7268
CVE-2013-7269
CVE-2013-7270
CVE-2013-7271
CVE-2013-7281
CVE-2014-1438
CVE-2014-1446
CVE-2014-1874
Version: 5
Platform(s): Ubuntu 12.04
Product(s): linux-lts-raring
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24254
 
Oval ID: oval:org.mitre.oval:def:24254
Title: RHSA-2014:0285: kernel security, bug fix, and enhancement update (Important)
Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A buffer overflow flaw was found in the way the qeth_snmp_command() function in the Linux kernel's QETH network device driver implementation handled SNMP IOCTL requests with an out-of-bounds length. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-6381, Important) * A flaw was found in the way the ipc_rcu_putref() function in the Linux kernel's IPC implementation handled reference counter decrementing. A local, unprivileged user could use this flaw to trigger an Out of Memory (OOM) condition and, potentially, crash the system. (CVE-2013-4483, Moderate) * It was found that the Xen hypervisor implementation did not correctly check privileges of hypercall attempts made by HVM guests, allowing hypercalls to be invoked from protection rings 1 and 2 in addition to ring 0. A local attacker in an HVM guest able to execute code on privilege levels 1 and 2 could potentially use this flaw to further escalate their privileges in that guest. Note: Xen HVM guests running unmodified versions of Red Hat Enterprise Linux and Microsoft Windows are not affected by this issue because they are known to only use protection rings 0 (kernel) and 3 (userspace). (CVE-2013-4554, Moderate) * A flaw was found in the way the Linux kernel's Adaptec RAID controller (aacraid) checked permissions of compat IOCTLs. A local attacker could use this flaw to bypass intended security restrictions. (CVE-2013-6383, Moderate) * It was found that, under specific circumstances, a combination of write operations to write-combined memory and locked CPU instructions may cause a core hang on certain AMD CPUs (for more information, refer to AMD CPU erratum 793 linked in the References section). A privileged user in a guest running under the Xen hypervisor could use this flaw to cause a denial of service on the host system. This update adds a workaround to the Xen hypervisor implementation, which mitigates the AMD CPU issue. Note: this issue only affects AMD Family 16h Models 00h-0Fh Processors. Non-AMD CPUs are not vulnerable. (CVE-2013-6885, Moderate) * It was found that certain protocol handlers in the Linux kernel's networking implementation could set the addr_len value without initializing the associated data structure. A local, unprivileged user could use this flaw to leak kernel stack memory to user space using the recvmsg, recvfrom, and recvmmsg system calls. (CVE-2013-7263, Low) * A flaw was found in the way the get_dumpable() function return value was interpreted in the ptrace subsystem of the Linux kernel. When 'fs.suid_dumpable' was set to 2, a local, unprivileged local user could use this flaw to bypass intended ptrace restrictions and obtain potentially sensitive information. (CVE-2013-2929, Low) Red Hat would like to thank Vladimir Davydov of Parallels for reporting CVE-2013-4483 and the Xen project for reporting CVE-2013-4554 and CVE-2013-6885. Upstream acknowledges Jan Beulich as the original reporter of CVE-2013-4554 and CVE-2013-6885. This update also fixes several bugs and adds one enhancement. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. The system must be rebooted for this update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0285-00
CESA-2014:0285
CVE-2013-2929
CVE-2013-4483
CVE-2013-4554
CVE-2013-6381
CVE-2013-6383
CVE-2013-6885
CVE-2013-7263
Version: 21
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24256
 
Oval ID: oval:org.mitre.oval:def:24256
Title: USN-2114-1 -- linux vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2114-1
CVE-2013-2929
CVE-2013-4592
CVE-2013-6378
CVE-2013-6380
Version: 5
Platform(s): Ubuntu 12.10
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24261
 
Oval ID: oval:org.mitre.oval:def:24261
Title: USN-2109-1 -- linux vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2109-1
CVE-2013-2929
CVE-2013-4345
CVE-2013-4587
CVE-2013-6367
CVE-2013-6380
CVE-2013-6382
CVE-2013-7263
CVE-2013-7264
CVE-2013-7265
CVE-2013-7266
CVE-2013-7267
CVE-2013-7268
CVE-2013-7269
CVE-2013-7270
CVE-2013-7271
CVE-2013-7281
Version: 5
Platform(s): Ubuntu 12.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24274
 
Oval ID: oval:org.mitre.oval:def:24274
Title: USN-2108-1 -- linux-ec2 vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2108-1
CVE-2013-6383
CVE-2013-7263
CVE-2013-7264
CVE-2013-7265
CVE-2013-7281
Version: 5
Platform(s): Ubuntu 10.04
Product(s): linux-ec2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24316
 
Oval ID: oval:org.mitre.oval:def:24316
Title: USN-2138-1 -- linux vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2138-1
CVE-2013-4579
CVE-2013-4587
CVE-2013-6367
CVE-2013-6368
CVE-2013-6382
CVE-2013-7263
CVE-2013-7264
CVE-2013-7265
CVE-2013-7266
CVE-2013-7267
CVE-2013-7268
CVE-2013-7269
CVE-2013-7270
CVE-2013-7271
CVE-2013-7281
CVE-2014-1438
CVE-2014-1446
CVE-2014-1874
Version: 5
Platform(s): Ubuntu 12.10
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24325
 
Oval ID: oval:org.mitre.oval:def:24325
Title: USN-2128-1 -- linux vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2128-1
CVE-2013-0160
CVE-2013-2929
CVE-2013-4587
CVE-2013-6367
CVE-2013-6380
CVE-2013-6382
CVE-2013-7027
CVE-2013-7266
CVE-2013-7267
CVE-2013-7268
CVE-2013-7269
CVE-2013-7270
CVE-2013-7271
CVE-2014-1444
CVE-2014-1445
CVE-2014-1446
CVE-2014-1874
Version: 5
Platform(s): Ubuntu 10.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24332
 
Oval ID: oval:org.mitre.oval:def:24332
Title: USN-2115-1 -- linux-ti-omap4 vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2115-1
CVE-2013-2929
CVE-2013-4592
CVE-2013-6378
CVE-2013-6380
Version: 5
Platform(s): Ubuntu 12.10
Product(s): linux-ti-omap4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24394
 
Oval ID: oval:org.mitre.oval:def:24394
Title: USN-2139-1 -- linux-ti-omap4 vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2139-1
CVE-2013-4579
CVE-2013-4587
CVE-2013-6367
CVE-2013-6368
CVE-2013-6382
CVE-2013-7263
CVE-2013-7264
CVE-2013-7265
CVE-2013-7266
CVE-2013-7267
CVE-2013-7268
CVE-2013-7269
CVE-2013-7270
CVE-2013-7271
CVE-2013-7281
CVE-2014-1438
CVE-2014-1446
CVE-2014-1874
Version: 5
Platform(s): Ubuntu 12.10
Product(s): linux-ti-omap4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24395
 
Oval ID: oval:org.mitre.oval:def:24395
Title: USN-2133-1 -- linux vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2133-1
CVE-2013-4579
CVE-2013-6368
CVE-2014-1438
CVE-2014-1446
CVE-2014-1874
Version: 5
Platform(s): Ubuntu 12.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24404
 
Oval ID: oval:org.mitre.oval:def:24404
Title: USN-2141-1 -- linux-ti-omap4 vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2141-1
CVE-2013-4579
CVE-2013-4587
CVE-2013-6367
CVE-2013-6368
CVE-2013-6382
CVE-2013-7263
CVE-2013-7264
CVE-2013-7265
CVE-2013-7266
CVE-2013-7267
CVE-2013-7268
CVE-2013-7269
CVE-2013-7270
CVE-2013-7271
CVE-2013-7281
CVE-2014-1438
CVE-2014-1446
CVE-2014-1874
Version: 5
Platform(s): Ubuntu 13.10
Product(s): linux-ti-omap4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24423
 
Oval ID: oval:org.mitre.oval:def:24423
Title: USN-2129-1 -- linux-ec2 vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2129-1
CVE-2013-0160
CVE-2013-2929
CVE-2013-4587
CVE-2013-6367
CVE-2013-6380
CVE-2013-6382
CVE-2013-7027
CVE-2013-7266
CVE-2013-7267
CVE-2013-7268
CVE-2013-7269
CVE-2013-7270
CVE-2013-7271
CVE-2014-1444
CVE-2014-1445
CVE-2014-1446
CVE-2014-1874
Version: 5
Platform(s): Ubuntu 10.04
Product(s): linux-ec2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24665
 
Oval ID: oval:org.mitre.oval:def:24665
Title: SUSE-SU-2014:0287-1 -- Security update for Linux kernel
Description: This is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update to fix a lot of security issues and non-security bugs.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0287-1
CVE-2011-3593
CVE-2012-1601
CVE-2012-2137
CVE-2012-2372
CVE-2012-2745
CVE-2012-3375
CVE-2011-1083
CVE-2012-3412
CVE-2012-3430
CVE-2012-3511
CVE-2012-4444
CVE-2012-4530
CVE-2012-4565
CVE-2012-6537
CVE-2012-6538
CVE-2012-6539
CVE-2012-6540
CVE-2012-6541
CVE-2012-6542
CVE-2012-6544
CVE-2012-6545
CVE-2012-6546
CVE-2012-6547
CVE-2012-6548
CVE-2012-6549
CVE-2013-0160
CVE-2013-0216
CVE-2013-0231
CVE-2013-0268
CVE-2013-0310
CVE-2013-0343
CVE-2013-0349
CVE-2013-0871
CVE-2013-0914
CVE-2013-1767
CVE-2013-1773
CVE-2013-1774
CVE-2013-1792
CVE-2013-1796
CVE-2013-1797
CVE-2013-1798
CVE-2013-1827
CVE-2013-1928
CVE-2013-1943
CVE-2013-2015
CVE-2013-2141
CVE-2013-2147
CVE-2013-2164
CVE-2013-2232
CVE-2013-2234
CVE-2013-2237
CVE-2013-2634
CVE-2013-2851
CVE-2013-2852
CVE-2013-2888
CVE-2013-2889
CVE-2013-2892
CVE-2013-2893
CVE-2013-2897
CVE-2013-2929
CVE-2013-3222
CVE-2013-3223
CVE-2013-3224
CVE-2013-3225
CVE-2013-3228
CVE-2013-3229
CVE-2013-3231
CVE-2013-3232
CVE-2013-3234
CVE-2013-3235
CVE-2013-4345
CVE-2013-4470
CVE-2013-4483
CVE-2013-4511
CVE-2013-4587
CVE-2013-4588
CVE-2013-4591
CVE-2013-6367
CVE-2013-6368
CVE-2013-6378
CVE-2013-6383
CVE-2014-1444
CVE-2014-1445
CVE-2014-1446
Version: 5
Platform(s): SUSE Linux Enterprise Server 11
Product(s): Linux kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24982
 
Oval ID: oval:org.mitre.oval:def:24982
Title: SUSE-SU-2014:0536-1 -- Security update for Linux kernel
Description: The SUSE Linux Enterprise Server 10 Service Pack 4 LTSS kernel has been updated to fix various security issues and several bugs.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0536-1
CVE-2011-2492
CVE-2011-2494
CVE-2012-6537
CVE-2012-6539
CVE-2012-6540
CVE-2012-6541
CVE-2012-6542
CVE-2012-6544
CVE-2012-6545
CVE-2012-6546
CVE-2012-6547
CVE-2012-6549
CVE-2013-0343
CVE-2013-0914
CVE-2013-1827
CVE-2013-2141
CVE-2013-2164
CVE-2013-2206
CVE-2013-2232
CVE-2013-2234
CVE-2013-2237
CVE-2013-2888
CVE-2013-2893
CVE-2013-2897
CVE-2013-3222
CVE-2013-3223
CVE-2013-3224
CVE-2013-3228
CVE-2013-3229
CVE-2013-3231
CVE-2013-3232
CVE-2013-3234
CVE-2013-3235
CVE-2013-4162
CVE-2013-4387
CVE-2013-4470
CVE-2013-4483
CVE-2013-4588
CVE-2013-6383
CVE-2014-1444
CVE-2014-1445
CVE-2014-1446
Version: 3
Platform(s): SUSE Linux Enterprise Server 10
Product(s): Linux kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26325
 
Oval ID: oval:org.mitre.oval:def:26325
Title: SUSE-SU-2014:0833-1 -- Security update for compat-wireless, compat-wireless-debuginfo, compat-wireless-debugsource, compat-wireless-kmp-default, compat-wireless-kmp-pae, compat-wireless-kmp-trace, compat-wireless-kmp-xen
Description: This update for the compat-wireless kernel modules provides many fixes and enhancements.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0833-1
CVE-2014-2672
CVE-2013-4579
Version: 3
Platform(s): SUSE Linux Enterprise Desktop 11
Product(s): compat-wireless
compat-wireless-debuginfo
compat-wireless-debugsource
compat-wireless-kmp-default
compat-wireless-kmp-pae
compat-wireless-kmp-trace
compat-wireless-kmp-xen
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26571
 
Oval ID: oval:org.mitre.oval:def:26571
Title: SUSE-SU-2014:1138-1 -- Security update for the Linux Kernel
Description: The SUSE Linux Enterprise Server 11 SP1 LTSS received a roll up update to fix several security and non-security issues. The following security issues have been fixed: * CVE-2013-1860: Heap-based buffer overflow in the wdm_in_callback function in drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted cdc-wdm USB device. (bnc#806431) * CVE-2013-4162: The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel through 3.10.3 makes an incorrect function call for pending data, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call. (bnc#831058) * CVE-2014-0203: The __do_follow_link function in fs/namei.c in the Linux kernel before 2.6.33 does not properly handle the last pathname component during use of certain filesystems, which allows local users to cause a denial of service (incorrect free operations and system crash) via an open system call. (bnc#883526) * CVE-2014-3144: The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced. (bnc#877257) * CVE-2014-3145: The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced. (bnc#877257) * CVE-2014-3917: kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number. (bnc#880484) * CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000. (bnc#883724) * CVE-2014-4652: Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access. (bnc#883795) * CVE-2014-4653: sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access. (bnc#883795) * CVE-2014-4654: The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allows local users to remove kernel controls and cause a denial of service (use-after-free and system crash) by leveraging /dev/snd/controlCX access for an ioctl call. (bnc#883795) * CVE-2014-4655: The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls. (bnc#883795) * CVE-2014-4656: Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl_remove_numid_conflict function. (bnc#883795) * CVE-2014-4667: The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet. (bnc#885422) * CVE-2014-4699: The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls. (bnc#885725) * CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. (bnc#887082) * CVE-2014-5077: The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction. (bnc#889173) * CVE-2013-7266: The mISDN_sock_recvmsg function in drivers/isdn/mISDN/socket.c in the Linux kernel before 3.12.4 does not ensure that a certain length value is consistent with the size of an associated data structure, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. (bnc#854722) * CVE-2013-7267: The atalk_recvmsg function in net/appletalk/ddp.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. (bnc#854722) * CVE-2013-7268: The ipx_recvmsg function in net/ipx/af_ipx.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. (bnc#854722) * CVE-2013-7269: The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. (bnc#854722) * CVE-2013-7270: The packet_recvmsg function in net/packet/af_packet.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. (bnc#854722) * CVE-2013-7271: The x25_recvmsg function in net/x25/af_x25.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. (bnc#854722) The following bugs have been fixed: * mac80211: Fix AP powersave TX vs. wakeup race (bnc#871797). * tcp: Allow to disable cwnd moderation in TCP_CA_Loss state (bnc#879921). * tcp: Adapt selected parts of RFC 5682 and PRR logic (bnc#879921). * flock: Fix allocation and BKL (bnc#882809). * sunrpc: Close a rare race in xs_tcp_setup_socket (bnc#794824, bnc#884530). * isofs: Fix unbounded recursion when processing relocated directories (bnc#892490). * bonding: Fix a race condition on cleanup in bond_send_unsolicited_na() (bnc#856756). * block: Fix race between request completion and timeout handling (bnc#881051). * Fix kABI breakage due to addition of user_ctl_lock (bnc#883795). Security Issues: * CVE-2013-1860 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1860> * CVE-2013-4162 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4162> * CVE-2013-7266 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7266> * CVE-2013-7267 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7267> * CVE-2013-7268 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7268> * CVE-2013-7269 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7269> * CVE-2013-7270 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7270> * CVE-2013-7271 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7271> * CVE-2014-0203 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0203> * CVE-2014-3144 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3144> * CVE-2014-3145 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3145> * CVE-2014-3917 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3917> * CVE-2014-4508 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4508> * CVE-2014-4652 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4652> * CVE-2014-4653 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4653> * CVE-2014-4654 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4654> * CVE-2014-4655 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4655> * CVE-2014-4656 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4656> * CVE-2014-4667 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4667> * CVE-2014-4699 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4699> * CVE-2014-4943 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943> * CVE-2014-5077 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5077>
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1138-1
CVE-2013-1860
CVE-2013-4162
CVE-2014-0203
CVE-2014-3144
CVE-2014-3145
CVE-2014-3917
CVE-2014-4508
CVE-2014-4652
CVE-2014-4653
CVE-2014-4654
CVE-2014-4655
CVE-2014-4656
CVE-2014-4667
CVE-2014-4699
CVE-2014-4943
CVE-2014-5077
CVE-2013-7266
CVE-2013-7267
CVE-2013-7268
CVE-2013-7269
CVE-2013-7270
CVE-2013-7271
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
Product(s): Linux kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27042
 
Oval ID: oval:org.mitre.oval:def:27042
Title: ELSA-2014-3042 -- unbreakable enterprise kernel security update (important)
Description: [2.6.39-400.215.3] - SELinux: Fix kernel BUG on empty security contexts. (Stephen Smalley) [Orabug: 19028380] {CVE-2014-1874} - floppy: don't write kernel-only members to FDRAWCMD ioctl output (Matthew Daley) [Orabug: 19028444] {CVE-2014-1738} - floppy: ignore kernel-only members in FDRAWCMD ioctl input (Matthew Daley) [Orabug: 19028438] {CVE-2014-1737} - libertas: potential oops in debugfs (Dan Carpenter) [Orabug: 19028416] {CVE-2013-6378}
Family: unix Class: patch
Reference(s): ELSA-2014-3042
CVE-2014-1737
CVE-2014-1738
CVE-2013-6378
CVE-2014-1874
Version: 3
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): kernel-uek
kernel-uek-debug
kernel-uek-debug-devel
kernel-uek-devel
kernel-uek-doc
kernel-uek-firmware
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27242
 
Oval ID: oval:org.mitre.oval:def:27242
Title: ELSA-2014-3010 -- Unbreakable Enterprise kernel security update (important)
Description: [2.6.32-400.34.3] - inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu functions (Hannes Frederic Sowa) [18247290] {CVE-2013-7263} {CVE-2013-7265} [2.6.32-400.34.2] - exec/ptrace: fix get_dumpable() incorrect tests (Kees Cook) [18239033] {CVE-2013-2929} {CVE-2013-2929} - inet: prevent leakage of uninitialized memory to user in recv syscalls (Hannes Frederic Sowa) [18239036] {CVE-2013-7263} {CVE-2013-7265}
Family: unix Class: patch
Reference(s): ELSA-2014-3010
CVE-2013-2929
CVE-2013-7263
CVE-2013-7265
Version: 5
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): kernel-uek
mlnx_en
ofa
kernel-uek-debug
kernel-uek-debug-devel
kernel-uek-devel
kernel-uek-doc
kernel-uek-firmware
kernel-uek-headers
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27250
 
Oval ID: oval:org.mitre.oval:def:27250
Title: ELSA-2014-3043 -- unbreakable enterprise kernel security update (important)
Description: kernel-uek [2.6.32-400.36.3uek] - fix autofs/afs/etc. magic mountpoint breakage (Al Viro) [Orabug: 19028505] {CVE-2014-0203} - SELinux: Fix kernel BUG on empty security contexts. (Stephen Smalley) [Orabug: 19028381] {CVE-2014-1874} - floppy: don't write kernel-only members to FDRAWCMD ioctl output (Matthew Daley) [Orabug: 19028446] {CVE-2014-1738} - floppy: ignore kernel-only members in FDRAWCMD ioctl input (Matthew Daley) [Orabug: 19028439] {CVE-2014-1737} - libertas: potential oops in debugfs (Dan Carpenter) [Orabug: 19028417] {CVE-2013-6378}
Family: unix Class: patch
Reference(s): ELSA-2014-3043
CVE-2014-1737
CVE-2014-1738
CVE-2013-6378
CVE-2014-1874
Version: 5
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): kernel-uek
mlnx_en
ofa
kernel-uek-debug
kernel-uek-debug-devel
kernel-uek-devel
kernel-uek-doc
kernel-uek-firmware
kernel-uek-headers
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27259
 
Oval ID: oval:org.mitre.oval:def:27259
Title: DEPRECATED: ELSA-2013-1801 -- kernel security, bug fix, and enhancement update (important)
Description: [2.6.32-431.1.2] - [x86] kvm: fix cross page vapic_addr access (Paolo Bonzini) [1032214 1032215] {CVE-2013-6368} - [x86] kvm: fix division by zero in apic_get_tmcct (Paolo Bonzini) [1032212 1032213] {CVE-2013-6367}
Family: unix Class: patch
Reference(s): ELSA-2013-1801
CVE-2013-2141
CVE-2013-4470
CVE-2013-6367
CVE-2013-6368
Version: 4
Platform(s): Oracle Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27278
 
Oval ID: oval:org.mitre.oval:def:27278
Title: ELSA-2014-3011 -- Unbreakable Enterprise kernel security update (important)
Description: [3.8.13-26.1.1.el6uek] - inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu functions (Hannes Frederic Sowa) [18247287] {CVE-2013-7263} {CVE-2013-7265} - inet: prevent leakage of uninitialized memory to user in recv syscalls (Hannes Frederic Sowa) [18238377] {CVE-2013-7263} {CVE-2013-7265} - exec/ptrace: fix get_dumpable() incorrect tests (Kees Cook) [18238348] {CVE-2013-2929}
Family: unix Class: patch
Reference(s): ELSA-2014-3011
CVE-2013-2929
CVE-2013-7263
CVE-2013-7265
Version: 5
Platform(s): Oracle Linux 6
Product(s): dtrace-modules
kernel-uek
kernel-uek-debug
kernel-uek-debug-devel
kernel-uek-devel
kernel-uek-doc
kernel-uek-firmware
kernel-uek-headers
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27319
 
Oval ID: oval:org.mitre.oval:def:27319
Title: ELSA-2014-3009 -- unbreakable enterprise kernel security update (important)
Description: [2.6.39-400.214.3] - inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu functions (Hannes Frederic Sowa) [18247289] {CVE-2013-7263} {CVE-2013-7265} [2.6.39-400.214.2] - inet: prevent leakage of uninitialized memory to user in recv syscalls (Hannes Frederic Sowa) [18238382] {CVE-2013-7263} {CVE-2013-7265} - exec/ptrace: fix get_dumpable() incorrect tests (Kees Cook) [18238353] {CVE-2013-2929}
Family: unix Class: patch
Reference(s): ELSA-2014-3009
CVE-2013-2929
CVE-2013-7263
CVE-2013-7265
Version: 3
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): kernel-uek
kernel-uek-debug
kernel-uek-debug-devel
kernel-uek-devel
kernel-uek-doc
kernel-uek-firmware
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27343
 
Oval ID: oval:org.mitre.oval:def:27343
Title: ELSA-2013-2589 -- unbreakable enterprise kernel security update (important)
Description: kernel-uek [2.6.32-400.33.4uek] - kernel/signal.c: stop info leak via the tkill and the tgkill syscalls (Emese Revfy) [Orabug: 17951083] {CVE-2013-2141} - ip_output: do skb ufo init for peeked non ufo skb as well (Jiri Pirko) [Orabug: 17951078] {CVE-2013-4470} - KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367) (Andy Honig) [Orabug: 17951073] {CVE-2013-6367}
Family: unix Class: patch
Reference(s): ELSA-2013-2589
CVE-2013-2141
CVE-2013-4470
CVE-2013-6367
Version: 5
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): kernel-uek
mlnx_en
ofa
kernel-uek-debug
kernel-uek-debug-devel
kernel-uek-devel
kernel-uek-doc
kernel-uek-firmware
kernel-uek-headers
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27376
 
Oval ID: oval:org.mitre.oval:def:27376
Title: DEPRECATED: ELSA-2014-0163 -- kvm security update (important)
Description: [kvm-83-266.0.1.el5_10.1] - Added kvm-add-oracle-workaround-for-libvirt-bug.patch - Added kvm-Introduce-oel-machine-type.patch [kvm-83-266_10.1.el5] - KVM: x86: prevent cross page vapic_addr access (CVE-2013-6368) [bz#1032219] - KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367) [bz#1032216] - Resolves: bz#1032219 (CVE-2013-6368 kvm: cross page vapic_addr access [rhel-5.10]) - Resolves: bz#1032216 CVE-2013-6367 kvm: division by zero in apic_get_tmcct() [rhel-5.10.z]
Family: unix Class: patch
Reference(s): ELSA-2014-0163
CVE-2013-6367
CVE-2013-6368
Version: 4
Platform(s): Oracle Linux 5
Product(s): kvm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27388
 
Oval ID: oval:org.mitre.oval:def:27388
Title: ELSA-2013-2587 -- unbreakable enterprise kernel security update (important)
Description: kernel-uek [3.8.13-16.2.3.el6uek] - ip_output: do skb ufo init for peeked non ufo skb as well (Jiri Pirko) [Orabug: 17951078] {CVE-2013-4470} - ip6_output: do skb ufo init for peeked non ufo skb as well (Jiri Pirko) [Orabug: 17951080] {CVE-2013-4470} - KVM: x86: fix guest-initiated crash with x2apic (CVE-2013-6376) (Gleb Natapov) [Orabug: 17951067] {CVE-2013-6376} - KVM: x86: Convert vapic synchronization to _cached functions (CVE-2013-6368) (Andy Honig) [Orabug: 17951071] {CVE-2013-6368} - KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367) (Andy Honig) [Orabug: 17951073] {CVE-2013-6367}
Family: unix Class: patch
Reference(s): ELSA-2013-2587
CVE-2013-4470
CVE-2013-6367
CVE-2013-6368
CVE-2013-6376
Version: 5
Platform(s): Oracle Linux 6
Product(s): dtrace-modules
kernel-uek
dtrace-modules-3.8.13-16.2.3.el6uek-provider-headers
kernel-uek-debug
kernel-uek-debug-devel
kernel-uek-devel
kernel-uek-doc
kernel-uek-firmware
kernel-uek-headers
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27409
 
Oval ID: oval:org.mitre.oval:def:27409
Title: DEPRECATED: ELSA-2014-0159 -- kernel security and bug fix update (important)
Description: [2.6.32-431.5.1] - [net] sctp: fix checksum marking for outgoing packets (Daniel Borkmann) [1046041 1040385] - [kernel] ptrace: Cleanup useless header (Aaron Tomlin) [1046043 1036312] - [kernel] ptrace: kill BKL in ptrace syscall (Aaron Tomlin) [1046043 1036312] - [fs] nfs: Prevent a 3-way deadlock between layoutreturn, open and state recovery (Steve Dickson) [1045094 1034487] - [fs] nfs: Ensure that rmdir() waits for sillyrenames to complete (Steve Dickson) [1051395 1034348] - [fs] nfs: wait on recovery for async session errors (Steve Dickson) [1051393 1030049] - [fs] nfs: Re-use exit code in nfs4_async_handle_error() (Steve Dickson) [1051393 1030049] - [fs] nfs: Update list of irrecoverable errors on DELEGRETURN (Steve Dickson) [1051393 1030049] - [exec] ptrace: fix get_dumpable() incorrect tests (Petr Oros) [1039486 1039487] {CVE-2013-2929} - [net] ipv6: router reachability probing (Jiri Benc) [1043779 1029585] - [net] ipv6: remove the unnecessary statement in find_match() (Jiri Benc) [1043779 1029585] - [net] ipv6: fix route selection if kernel is not compiled with CONFIG_IPV6_ROUTER_PREF (Jiri Benc) [1043779 1029585] - [net] ipv6: Fix default route failover when CONFIG_IPV6_ROUTER_PREF=n (Jiri Benc) [1043779 1029585] - [net] ipv6: probe routes asynchronous in rt6_probe (Jiri Benc) [1040826 1030094] - [net] ndisc: Update neigh->updated with write lock (Jiri Benc) [1040826 1030094] - [net] ipv6: prevent fib6_run_gc() contention (Jiri Benc) [1040826 1030094] - [net] netfilter: push reasm skb through instead of original frag skbs (Jiri Pirko) [1049590 1011214] - [net] ip6_output: fragment outgoing reassembled skb properly (Jiri Pirko) [1049590 1011214] - [net] netfilter: nf_conntrack_ipv6: improve fragmentation handling (Jiri Pirko) [1049590 1011214] - [net] ipv4: fix path MTU discovery with connection tracking (Jiri Pirko) [1049590 1011214] - [net] ipv6: Make IP6CB(skb)->nhoff 16-bit (Jiri Pirko) [1049590 1011214] - [edac] Add error decoding support for AMD Fam16h processors (Prarit Bhargava) [1051394 1020290] - [netdrv] bnx2x: correct VF-PF channel locking scheme (Michal Schmidt) [1040498 1029203] - [netdrv] bnx2x: handle known but unsupported VF messages (Michal Schmidt) [1040498 1029203] - [netdrv] bnx2x: Lock DMAE when used by statistic flow (Michal Schmidt) [1040497 1029200] - [net] ipv6: fix leaking uninitialized port number of offender sockaddr (Florian Westphal) [1035882 1035883] {CVE-2013-6405} - [net] inet: fix addr_len/msg->msg_namelen assignment in recv_error functions (Florian Westphal) [1035882 1035883] {CVE-2013-6405} - [net] inet: prevent leakage of uninitialized memory to user in recv syscalls (Florian Westphal) [1035882 1035883] {CVE-2013-6405} - [net] ipvs: Add boundary check on ioctl arguments (Denys Vlasenko) [1030817 1030818] {CVE-2013-4588} - [s390] qeth: avoid buffer overflow in snmp ioctl (Hendrik Brueckner) [1038935 1034266] - [md] fix calculation of stacking limits on level change (Jes Sorensen) [1035347 1026864] - [ata] ahci: fix turning on LEDs in ahci_start_port() (David Milburn) [1035339 1017105] - [ata] libata: implement cross-port EH exclusion (David Milburn) [1035339 1017105] - [ata] libata add ap to ata_wait_register and intro ata_msleep (David Milburn) [1035339 1017105] - [netdrv] igb: Update link modes display in ethtool (Stefan Assmann) [1032389 1019578]
Family: unix Class: patch
Reference(s): ELSA-2014-0159
CVE-2013-2929
CVE-2013-6381
CVE-2013-7263
CVE-2013-7265
Version: 4
Platform(s): Oracle Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27413
 
Oval ID: oval:org.mitre.oval:def:27413
Title: ELSA-2013-2588 -- unbreakable enterprise kernel security update (important)
Description: [2.6.39-400.211.3] - ip6_output: do skb ufo init for peeked non ufo skb as well (Jiri Pirko) [Orabug: 17951806] {CVE-2013-4470} - ip_output: do skb ufo init for peeked non ufo skb as well (Jiri Pirko) [Orabug: 17951818] {CVE-2013-4470} - KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367) (Andy Honig) [Orabug: 17951705] {CVE-2013-6367}
Family: unix Class: patch
Reference(s): ELSA-2013-2588
CVE-2013-4470
CVE-2013-6367
Version: 3
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): kernel-uek
kernel-uek-debug
kernel-uek-debug-devel
kernel-uek-devel
kernel-uek-doc
kernel-uek-firmware
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 4
Os 2056
Os 3
Os 1
Os 1

Nessus® Vulnerability Scanner

Date Description
2017-04-03 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2017-0057.nasl - Type : ACT_GATHER_INFO
2017-02-10 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-0437-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-0140-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-0189-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-0287-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-0536-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-0772-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-0773-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-0832-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-1138-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0481-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0652-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0812-1.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-103.nasl - Type : ACT_GATHER_INFO
2015-03-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-150306.nasl - Type : ACT_GATHER_INFO
2015-01-15 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15984.nasl - Type : ACT_GATHER_INFO
2014-12-26 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-141202.nasl - Type : ACT_GATHER_INFO
2014-12-26 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-141217.nasl - Type : ACT_GATHER_INFO
2014-12-22 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-791.nasl - Type : ACT_GATHER_INFO
2014-12-22 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-793.nasl - Type : ACT_GATHER_INFO
2014-11-11 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2014-0815.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2013-1802.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0284.nasl - Type : ACT_GATHER_INFO
2014-08-23 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3070.nasl - Type : ACT_GATHER_INFO
2014-07-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0439.nasl - Type : ACT_GATHER_INFO
2014-07-17 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-140709.nasl - Type : ACT_GATHER_INFO
2014-06-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_compat-wireless-140618.nasl - Type : ACT_GATHER_INFO
2014-06-23 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0771.nasl - Type : ACT_GATHER_INFO
2014-06-23 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3042.nasl - Type : ACT_GATHER_INFO
2014-06-23 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3043.nasl - Type : ACT_GATHER_INFO
2014-06-20 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0771.nasl - Type : ACT_GATHER_INFO
2014-06-20 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0771.nasl - Type : ACT_GATHER_INFO
2014-06-20 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140619_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-124.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-113.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-114.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-375.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-376.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2233-1.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2234-1.nasl - Type : ACT_GATHER_INFO
2014-05-20 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3034.nasl - Type : ACT_GATHER_INFO
2014-04-27 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2906.nasl - Type : ACT_GATHER_INFO
2014-04-16 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-140408.nasl - Type : ACT_GATHER_INFO
2014-03-28 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-140321.nasl - Type : ACT_GATHER_INFO
2014-03-26 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0328.nasl - Type : ACT_GATHER_INFO
2014-03-26 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0328.nasl - Type : ACT_GATHER_INFO
2014-03-26 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0328.nasl - Type : ACT_GATHER_INFO
2014-03-14 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0285.nasl - Type : ACT_GATHER_INFO
2014-03-14 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0285-1.nasl - Type : ACT_GATHER_INFO
2014-03-14 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0285.nasl - Type : ACT_GATHER_INFO
2014-03-14 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140312_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-03-13 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0285.nasl - Type : ACT_GATHER_INFO
2014-03-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2133-1.nasl - Type : ACT_GATHER_INFO
2014-03-10 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2135-1.nasl - Type : ACT_GATHER_INFO
2014-03-10 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2136-1.nasl - Type : ACT_GATHER_INFO
2014-03-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2137-1.nasl - Type : ACT_GATHER_INFO
2014-03-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2138-1.nasl - Type : ACT_GATHER_INFO
2014-03-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2140-1.nasl - Type : ACT_GATHER_INFO
2014-03-06 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2128-1.nasl - Type : ACT_GATHER_INFO
2014-03-06 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2129-1.nasl - Type : ACT_GATHER_INFO
2014-03-02 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-289.nasl - Type : ACT_GATHER_INFO
2014-02-19 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2107-1.nasl - Type : ACT_GATHER_INFO
2014-02-19 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2108-1.nasl - Type : ACT_GATHER_INFO
2014-02-19 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2109-1.nasl - Type : ACT_GATHER_INFO
2014-02-19 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2111-1.nasl - Type : ACT_GATHER_INFO
2014-02-19 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2113-1.nasl - Type : ACT_GATHER_INFO
2014-02-19 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2114-1.nasl - Type : ACT_GATHER_INFO
2014-02-19 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2117-1.nasl - Type : ACT_GATHER_INFO
2014-02-18 Name : The remote Fedora host is missing a security update.
File : fedora_2014-2576.nasl - Type : ACT_GATHER_INFO
2014-02-18 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-038.nasl - Type : ACT_GATHER_INFO
2014-02-17 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3009.nasl - Type : ACT_GATHER_INFO
2014-02-17 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3010.nasl - Type : ACT_GATHER_INFO
2014-02-17 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3011.nasl - Type : ACT_GATHER_INFO
2014-02-14 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0163.nasl - Type : ACT_GATHER_INFO
2014-02-13 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0159.nasl - Type : ACT_GATHER_INFO
2014-02-13 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0163.nasl - Type : ACT_GATHER_INFO
2014-02-13 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3002.nasl - Type : ACT_GATHER_INFO
2014-02-13 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0163.nasl - Type : ACT_GATHER_INFO
2014-02-13 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140211_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-02-13 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140212_kvm_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-02-12 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0159.nasl - Type : ACT_GATHER_INFO
2014-02-12 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0159.nasl - Type : ACT_GATHER_INFO
2014-02-05 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-140124.nasl - Type : ACT_GATHER_INFO
2014-02-05 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-140125.nasl - Type : ACT_GATHER_INFO
2014-01-28 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-140116.nasl - Type : ACT_GATHER_INFO
2014-01-20 Name : The remote Fedora host is missing a security update.
File : fedora_2014-1062.nasl - Type : ACT_GATHER_INFO
2014-01-20 Name : The remote Fedora host is missing a security update.
File : fedora_2014-1072.nasl - Type : ACT_GATHER_INFO
2014-01-15 Name : The remote Fedora host is missing a security update.
File : fedora_2014-0684.nasl - Type : ACT_GATHER_INFO
2014-01-15 Name : The remote Fedora host is missing a security update.
File : fedora_2014-0696.nasl - Type : ACT_GATHER_INFO
2014-01-14 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-001.nasl - Type : ACT_GATHER_INFO
2014-01-05 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2070-1.nasl - Type : ACT_GATHER_INFO
2014-01-05 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2075-1.nasl - Type : ACT_GATHER_INFO
2013-12-23 Name : The remote Fedora host is missing a security update.
File : fedora_2013-23445.nasl - Type : ACT_GATHER_INFO
2013-12-23 Name : The remote Fedora host is missing a security update.
File : fedora_2013-23653.nasl - Type : ACT_GATHER_INFO
2013-12-18 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-291.nasl - Type : ACT_GATHER_INFO
2013-12-18 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-2587.nasl - Type : ACT_GATHER_INFO
2013-12-18 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-2589.nasl - Type : ACT_GATHER_INFO
2013-12-17 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-2588.nasl - Type : ACT_GATHER_INFO
2013-12-17 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20131212_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-12-14 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2013-258.nasl - Type : ACT_GATHER_INFO
2013-12-13 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-1801.nasl - Type : ACT_GATHER_INFO
2013-12-13 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-1801.nasl - Type : ACT_GATHER_INFO
2013-12-13 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1801.nasl - Type : ACT_GATHER_INFO
2013-12-10 Name : The remote Fedora host is missing a security update.
File : fedora_2013-22695.nasl - Type : ACT_GATHER_INFO
2013-12-10 Name : The remote Fedora host is missing a security update.
File : fedora_2013-22818.nasl - Type : ACT_GATHER_INFO
2013-12-08 Name : The remote Fedora host is missing a security update.
File : fedora_2013-22669.nasl - Type : ACT_GATHER_INFO
2013-12-05 Name : The remote Fedora host is missing a security update.
File : fedora_2013-22531.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-03-11 13:21:28
  • Multiple Updates
2014-03-07 13:18:59
  • First insertion