oval:org.mitre.oval:def:28399

Definition Id: oval:org.mitre.oval:def:28399
 
Oval ID: oval:org.mitre.oval:def:28399
Title: RHSA-2014:1971 -- kernel security and bug fix update (Important)
Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's SCTP implementation handled malformed or duplicate Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system. (CVE-2014-3673, CVE-2014-3687, Important) * A flaw was found in the way the Linux kernel's SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service. (CVE-2014-3688, Important) * Two flaws were found in the way the Apple Magic Mouse/Trackpad multi-touch driver and the Minibox PicoLCD driver handled invalid HID reports. An attacker with physical access to the system could use these flaws to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-3181, CVE-2014-3186, Moderate) * A memory corruption flaw was found in the way the USB ConnectTech WhiteHEAT serial driver processed completion commands sent via USB Request Blocks buffers. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-3185, Moderate) * A flaw was found in the way the Linux kernel's keys subsystem handled the termination condition in the associative array garbage collection functionality. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-3631, Moderate) * Multiple flaws were found in the way the Linux kernel's ALSA implementation handled user controls. A local, privileged user could use either of these flaws to crash the system. (CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, Moderate) * A flaw was found in the way the Linux kernel's VFS subsystem handled reference counting when performing unmount operations on symbolic links. A local, unprivileged user could use this flaw to exhaust all available memory on the system or, potentially, trigger a use-after-free error, resulting in a system crash or privilege escalation. (CVE-2014-5045, Moderate) * A flaw was found in the way the get_dumpable() function return value was interpreted in the ptrace subsystem of the Linux kernel. When 'fs.suid_dumpable' was set to 2, a local, unprivileged local user could use this flaw to bypass intended ptrace restrictions and obtain potentially sensitive information. (CVE-2013-2929, Low) * A stack overflow flaw caused by infinite recursion was found in the way the Linux kernel's UDF file system implementation processed indirect ICBs. An attacker with physical access to the system could use a specially crafted UDF image to crash the system. (CVE-2014-6410, Low) * An information leak flaw in the way the Linux kernel handled media device enumerate entities IOCTL requests could allow a local user able to access the /dev/media0 device file to leak kernel memory bytes. (CVE-2014-1739, Low) * An out-of-bounds read flaw in the Logitech Unifying receiver driver could allow an attacker with physical access to the system to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-3182, Low) * Multiple out-of-bounds write flaws were found in the way the Cherry Cymotion keyboard driver, KYE/Genius device drivers, Logitech device drivers, Monterey Genius KB29E keyboard driver, Petalynx Maxter remote control driver, and Sunplus wireless desktop driver handled invalid HID reports. An attacker with physical access to the system could use either of these flaws to write data past an allocated memory buffer. (CVE-2014-3184, Low) * An information leak flaw was found in the RAM Disks Memory Copy (rd_mcp) back end driver of the iSCSI Target subsystem could allow a privileged user to leak the contents of kernel memory to an iSCSI initiator remote client. (CVE-2014-4027, Low) * An information leak flaw in the Linux kernel's ALSA implementation could allow a local, privileged user to leak kernel memory to user space. (CVE-2014-4652, Low)
Family: unix Class: patch
Reference(s): RHSA-2014:1971
CESA-2014:1971
CVE-2013-2929
CVE-2014-1739
CVE-2014-3181
CVE-2014-3182
CVE-2014-3184
CVE-2014-3185
CVE-2014-3186
CVE-2014-3631
CVE-2014-3673
CVE-2014-3687
CVE-2014-3688
CVE-2014-4027
CVE-2014-4652
CVE-2014-4654
CVE-2014-4655
CVE-2014-4656
CVE-2014-5045
CVE-2014-6410
Version: 3
Platform(s): Red Hat Enterprise Linux 7
CentOS Linux 7
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24773
 
Oval ID: oval:org.mitre.oval:def:24773
Title: The operating system installed on the system is CentOS Linux 7.x
Description: The operating system installed on the system is CentOS Linux 7.x
Family: unix Class: inventory
Reference(s): cpe:/o:centos:centos:7
Version: 3
Platform(s): CentOS Linux 7
Product(s):
Definition Synopsis:
Referenced By:
oval:org.mitre.oval:def:28399
Definition Id: oval:org.mitre.oval:def:24953
 
Oval ID: oval:org.mitre.oval:def:24953
Title: The operating system installed on the system is Red Hat Enterprise Linux 7
Description: The operating system installed on the system is Red Hat Enterprise Linux 7.
Family: unix Class: inventory
Reference(s): cpe:/o:redhat:enterprise_linux:7
Version: 3
Platform(s): Red Hat Enterprise Linux 7
Product(s):
Definition Synopsis:
Referenced By:
oval:org.mitre.oval:def:28399
oval:org.mitre.oval:def:28399