oval:org.mitre.oval:def:28491

Definition Id: oval:org.mitre.oval:def:28491

Oval ID:	oval:org.mitre.oval:def:28491
Title:	USN-2443-1 -- Linux kernel vulnerabilities
Description:	An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-8134">CVE-2014-8134</a>) Rabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS). (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-7826">CVE-2014-7826</a>) Rabin Vincent, Robert Swiecki, Russell Kinglaw discovered a flaw in how the perf subsystem of the Linux kernel handles private systecall numbers. A local user could exploit this to cause a denial of service (OOPS) or bypass ASLR protections via a crafted application. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-7825">CVE-2014-7825</a>) A null pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-7841">CVE-2014-7841</a>) A stack buffer overflow was discovered in the ioctl command handling for the Technotrend/Hauppauge USB DEC devices driver. A local user could exploit this flaw to cause a denial of service (system crash) or possibly gain privileges. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-8884">CVE-2014-8884</a>) Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register on the x86 architecture. A local attacker could exploit this flaw to cause a denial of service (panic). (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-9090">CVE-2014-9090</a>)
Family:	unix	Class:	patch
Reference(s):	USN-2443-1 CVE-2014-8134 CVE-2014-7826 CVE-2014-7825 CVE-2014-7841 CVE-2014-8884 CVE-2014-9090	Version:	3
Platform(s):	Ubuntu 12.04	Product(s):	linux
Definition Synopsis:
Ubuntu 12.04 is installed Packages match section linux-image-3.2.0-74-highbank is earlier than 0:3.2.0-74.109 AND linux-image-3.2.0-74-generic-pae is earlier than 0:3.2.0-74.109 AND linux-image-3.2.0-74-powerpc64-smp is earlier than 0:3.2.0-74.109 AND linux-image-3.2.0-74-omap is earlier than 0:3.2.0-74.109 AND linux-image-3.2.0-74-generic is earlier than 0:3.2.0-74.109 AND linux-image-3.2.0-74-powerpc-smp is earlier than 0:3.2.0-74.109 AND linux-image-3.2.0-74-virtual is earlier than 0:3.2.0-74.109

Definition Id: oval:org.mitre.oval:def:15824

Oval ID:	oval:org.mitre.oval:def:15824
Title:	Ubuntu 12.04 is installed
Description:	Ubuntu 12.04 is installed
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:canonical:ubuntu_linux:12.04	Version:	5
Platform(s):	Ubuntu 12.04	Product(s):
Definition Synopsis:
Ubuntu 12.04 is installed
Referenced By:
oval:org.mitre.oval:def:28491

Copyright Security-Database 2006-2024 - Powered by themself ;) in 0.0226s

Facebook rss twitter linkedin mail