{"href": "http://lists.centos.org/pipermail/centos-announce/2013-June/019784.html", "history": [{"bulletin": {"affectedPackage": [{"OS": "CentOS", "OSVersion": "6", "arch": "i686", "operator": "lt", "packageFilename": "kernel-headers-2.6.32-358.11.1.el6.i686.rpm", "packageName": "kernel-headers", "packageVersion": "2.6.32-358.11.1.el6"}, {"OS": "CentOS", "OSVersion": "6", "arch": "i686", "operator": "lt", "packageFilename": "python-perf-2.6.32-358.11.1.el6.i686.rpm", "packageName": "python-perf", "packageVersion": "2.6.32-358.11.1.el6"}, {"OS": "CentOS", "OSVersion": "6", "arch": "i686", "operator": "lt", "packageFilename": "kernel-2.6.32-358.11.1.el6.i686.rpm", "packageName": "kernel", "packageVersion": "2.6.32-358.11.1.el6"}, {"OS": "CentOS", "OSVersion": "6", "arch": "x86_64", "operator": "lt", "packageFilename": "kernel-devel-2.6.32-358.11.1.el6.x86_64.rpm", "packageName": "kernel-devel", "packageVersion": "2.6.32-358.11.1.el6"}, {"OS": "CentOS", "OSVersion": "6", "arch": "x86_64", "operator": "lt", "packageFilename": "kernel-2.6.32-358.11.1.el6.x86_64.rpm", "packageName": "kernel", "packageVersion": "2.6.32-358.11.1.el6"}, {"OS": "CentOS", "OSVersion": "6", "arch": "noarch", "operator": "lt", "packageFilename": "kernel-firmware-2.6.32-358.11.1.el6.noarch.rpm", "packageName": "kernel-firmware", "packageVersion": "2.6.32-358.11.1.el6"}, {"OS": "CentOS", "OSVersion": "6", "arch": "noarch", "operator": "lt", "packageFilename": "kernel-firmware-2.6.32-358.11.1.el6.noarch.rpm", "packageName": "kernel-firmware", "packageVersion": "2.6.32-358.11.1.el6"}, {"OS": "CentOS", "OSVersion": "6", "arch": "x86_64", "operator": "lt", "packageFilename": "kernel-debug-2.6.32-358.11.1.el6.x86_64.rpm", "packageName": "kernel-debug", "packageVersion": "2.6.32-358.11.1.el6"}, {"OS": "CentOS", "OSVersion": "6", "arch": "x86_64", "operator": "lt", "packageFilename": "kernel-headers-2.6.32-358.11.1.el6.x86_64.rpm", "packageName": "kernel-headers", "packageVersion": "2.6.32-358.11.1.el6"}, {"OS": "CentOS", "OSVersion": "6", "arch": "x86_64", "operator": "lt", "packageFilename": "python-perf-2.6.32-358.11.1.el6.x86_64.rpm", "packageName": "python-perf", "packageVersion": "2.6.32-358.11.1.el6"}, {"OS": "CentOS", "OSVersion": "6", "arch": "i686", "operator": "lt", "packageFilename": "kernel-debug-devel-2.6.32-358.11.1.el6.i686.rpm", "packageName": "kernel-debug-devel", "packageVersion": "2.6.32-358.11.1.el6"}, {"OS": "CentOS", "OSVersion": "6", "arch": "noarch", "operator": "lt", "packageFilename": "kernel-doc-2.6.32-358.11.1.el6.noarch.rpm", "packageName": "kernel-doc", "packageVersion": "2.6.32-358.11.1.el6"}, {"OS": "CentOS", "OSVersion": "6", "arch": "noarch", "operator": "lt", "packageFilename": "kernel-doc-2.6.32-358.11.1.el6.noarch.rpm", "packageName": "kernel-doc", "packageVersion": "2.6.32-358.11.1.el6"}, {"OS": "CentOS", "OSVersion": "6", "arch": "i686", "operator": "lt", "packageFilename": "perf-2.6.32-358.11.1.el6.i686.rpm", "packageName": "perf", "packageVersion": "2.6.32-358.11.1.el6"}, {"OS": "CentOS", "OSVersion": "6", "arch": "i686", "operator": "lt", "packageFilename": "kernel-debug-2.6.32-358.11.1.el6.i686.rpm", "packageName": "kernel-debug", "packageVersion": "2.6.32-358.11.1.el6"}, {"OS": "CentOS", "OSVersion": "6", "arch": "any", "operator": "lt", "packageFilename": "kernel-2.6.32-358.11.1.el6.src.rpm", "packageName": "kernel", "packageVersion": "2.6.32-358.11.1.el6"}, {"OS": "CentOS", "OSVersion": "6", "arch": "x86_64", "operator": "lt", "packageFilename": "perf-2.6.32-358.11.1.el6.x86_64.rpm", "packageName": "perf", "packageVersion": "2.6.32-358.11.1.el6"}, {"OS": "CentOS", "OSVersion": "6", "arch": "x86_64", "operator": "lt", "packageFilename": "kernel-debug-devel-2.6.32-358.11.1.el6.x86_64.rpm", "packageName": "kernel-debug-devel", "packageVersion": "2.6.32-358.11.1.el6"}, {"OS": "CentOS", "OSVersion": "6", "arch": "i686", "operator": "lt", "packageFilename": "kernel-devel-2.6.32-358.11.1.el6.i686.rpm", "packageName": "kernel-devel", "packageVersion": "2.6.32-358.11.1.el6"}], "bulletinFamily": "unix", "cvelist": ["CVE-2013-2017", "CVE-2013-2188", "CVE-2013-1943", "CVE-2013-1935"], "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "description": "**CentOS Errata and Security Advisory** CESA-2013:0911\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* A flaw was found in the way KVM (Kernel-based Virtual Machine)\ninitialized a guest's registered pv_eoi (paravirtualized end-of-interrupt)\nindication flag when entering the guest. An unprivileged guest user could\npotentially use this flaw to crash the host. (CVE-2013-1935, Important)\n\n* A missing sanity check was found in the kvm_set_memory_region() function\nin KVM, allowing a user-space process to register memory regions pointing\nto the kernel address space. A local, unprivileged user could use this flaw\nto escalate their privileges. (CVE-2013-1943, Important)\n\n* A double free flaw was found in the Linux kernel's Virtual Ethernet\nTunnel driver (veth). A remote attacker could possibly use this flaw to\ncrash a target system. (CVE-2013-2017, Moderate)\n\nRed Hat would like to thank IBM for reporting the CVE-2013-1935 issue and\nAtzm WATANABE of Stratosphere Inc. for reporting the CVE-2013-2017 issue.\nThe CVE-2013-1943 issue was discovered by Michael S. Tsirkin of Red Hat.\n\nThis update also fixes several bugs and adds one enhancement. Documentation\nfor these changes will be available shortly from the Technical Notes\ndocument linked to in the References section.\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues and add this enhancement. The system must\nbe rebooted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-June/019784.html\n\n**Affected packages:**\nkernel\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-firmware\nkernel-headers\nperf\npython-perf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0911.html", "edition": 1, "enchantments": {"dependencies": {"modified": "2017-10-03T18:24:50", "references": [{"idList": ["OPENVAS:841548", "OPENVAS:1361412562310871007", "OPENVAS:1361412562310841544", "OPENVAS:881747", "OPENVAS:1361412562310123611", "OPENVAS:841544", "OPENVAS:1361412562310881747", "OPENVAS:1361412562310123612", "OPENVAS:871007", "OPENVAS:1361412562310841548"], "type": "openvas"}, {"idList": ["ELSA-2013-2534", "ELSA-2013-0911"], "type": "oraclelinux"}, {"idList": ["CVE-2013-2017", "CVE-2013-2188", "CVE-2013-1943", "CVE-2013-1935"], "type": "cve"}, {"idList": ["REDHAT-RHSA-2013-0907.NASL", "REDHAT-RHSA-2013-0911.NASL", "CENTOS_RHSA-2013-0911.NASL", "UBUNTU_USN-1940-1.NASL", "UBUNTU_USN-1939-1.NASL", "ORACLELINUX_ELSA-2013-2534.NASL", "SUSE_SU-2014-0287-1.NASL", "ORACLELINUX_ELSA-2013-0911.NASL", "SL_20130610_KERNEL_ON_SL6_X.NASL"], "type": "nessus"}, {"idList": ["RHSA-2013:0907", "RHSA-2013:0911"], "type": "redhat"}, {"idList": ["USN-1939-1", "USN-1940-1"], "type": "ubuntu"}, {"idList": ["SECURITYVULNS:DOC:29791", "SECURITYVULNS:VULN:13265"], "type": "securityvulns"}]}, "score": {"value": 7.2, "vector": "NONE"}}, "hash": "0a4c1be2225c63cd21dc078f688df36d1af4f31a44a9345bda69b938e8a95383", "hashmap": [{"hash": "ed3111898fb94205e2b64cefef5a2081", "key": "cvss"}, {"hash": "2edcb60d3f894106046693f5c35e1231", "key": "affectedPackage"}, {"hash": "da20c65ef2fb426cec85e639b01a0140", "key": "title"}, {"hash": "9855627921475e40e00f92d60af14cb3", "key": "reporter"}, {"hash": "d677b5ca16070735bcd490f5abab87d8", "key": "href"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "cdc872db616ac66adb3166c75e9ad183", "key": "type"}, {"hash": "5a5449de782a0e1904ed0e738b7dfe33", "key": "references"}, {"hash": "67d56bf7ba08e370ea2b25fc299e0820", "key": "description"}, {"hash": "7b9a02ae147af8545f12d5a6d6ee9fb0", "key": "modified"}, {"hash": "7b9a02ae147af8545f12d5a6d6ee9fb0", "key": "published"}, {"hash": "d576888c826c0d60fe45c3dac99582a5", "key": "cvelist"}], "history": [], "href": "http://lists.centos.org/pipermail/centos-announce/2013-June/019784.html", "id": "CESA-2013:0911", "lastseen": "2017-10-03T18:24:50", "modified": "2013-06-12T13:37:13", "objectVersion": "1.3", "published": "2013-06-12T13:37:13", "references": ["https://rhn.redhat.com/errata/RHSA-2013-0911.html"], "reporter": "CentOS Project", "title": "kernel, perf, python security update", "type": "centos", "viewCount": 2}, "differentElements": ["cvelist"], "edition": 1, "lastseen": "2017-10-03T18:24:50"}], "id": "CESA-2013:0911", "reporter": "CentOS Project", "published": "2013-06-12T13:37:13", "description": "**CentOS Errata and Security Advisory** CESA-2013:0911\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* A flaw was found in the way KVM (Kernel-based Virtual Machine)\ninitialized a guest's registered pv_eoi (paravirtualized end-of-interrupt)\nindication flag when entering the guest. An unprivileged guest user could\npotentially use this flaw to crash the host. (CVE-2013-1935, Important)\n\n* A missing sanity check was found in the kvm_set_memory_region() function\nin KVM, allowing a user-space process to register memory regions pointing\nto the kernel address space. A local, unprivileged user could use this flaw\nto escalate their privileges. (CVE-2013-1943, Important)\n\n* A double free flaw was found in the Linux kernel's Virtual Ethernet\nTunnel driver (veth). A remote attacker could possibly use this flaw to\ncrash a target system. (CVE-2013-2017, Moderate)\n\nRed Hat would like to thank IBM for reporting the CVE-2013-1935 issue and\nAtzm WATANABE of Stratosphere Inc. for reporting the CVE-2013-2017 issue.\nThe CVE-2013-1943 issue was discovered by Michael S. Tsirkin of Red Hat.\n\nThis update also fixes several bugs and adds one enhancement. Documentation\nfor these changes will be available shortly from the Technical Notes\ndocument linked to in the References section.\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues and add this enhancement. The system must\nbe rebooted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-June/019784.html\n\n**Affected packages:**\nkernel\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-firmware\nkernel-headers\nperf\npython-perf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0911.html", "title": "kernel, perf, python security update", "affectedPackage": [{"arch": "i686", "packageName": "kernel-headers", "operator": "lt", "OS": "CentOS", "packageFilename": "kernel-headers-2.6.32-358.11.1.el6.i686.rpm", "packageVersion": "2.6.32-358.11.1.el6", "OSVersion": "6"}, {"arch": "i686", "packageName": "python-perf", "operator": "lt", "OS": "CentOS", "packageFilename": "python-perf-2.6.32-358.11.1.el6.i686.rpm", "packageVersion": "2.6.32-358.11.1.el6", "OSVersion": "6"}, {"arch": "i686", "packageName": "kernel", "operator": "lt", "OS": "CentOS", "packageFilename": "kernel-2.6.32-358.11.1.el6.i686.rpm", "packageVersion": "2.6.32-358.11.1.el6", "OSVersion": "6"}, {"arch": "x86_64", "packageName": "kernel-devel", "operator": "lt", "OS": "CentOS", "packageFilename": "kernel-devel-2.6.32-358.11.1.el6.x86_64.rpm", "packageVersion": "2.6.32-358.11.1.el6", "OSVersion": "6"}, {"arch": "x86_64", "packageName": "kernel", "operator": "lt", "OS": "CentOS", "packageFilename": "kernel-2.6.32-358.11.1.el6.x86_64.rpm", "packageVersion": "2.6.32-358.11.1.el6", "OSVersion": "6"}, {"arch": "noarch", "packageName": "kernel-firmware", "operator": "lt", "OS": "CentOS", "packageFilename": "kernel-firmware-2.6.32-358.11.1.el6.noarch.rpm", "packageVersion": "2.6.32-358.11.1.el6", "OSVersion": "6"}, {"arch": "noarch", "packageName": "kernel-firmware", "operator": "lt", "OS": "CentOS", "packageFilename": "kernel-firmware-2.6.32-358.11.1.el6.noarch.rpm", "packageVersion": "2.6.32-358.11.1.el6", "OSVersion": "6"}, {"arch": "x86_64", "packageName": "kernel-debug", "operator": "lt", "OS": "CentOS", "packageFilename": "kernel-debug-2.6.32-358.11.1.el6.x86_64.rpm", "packageVersion": "2.6.32-358.11.1.el6", "OSVersion": "6"}, {"arch": "x86_64", "packageName": "kernel-headers", "operator": "lt", "OS": "CentOS", "packageFilename": "kernel-headers-2.6.32-358.11.1.el6.x86_64.rpm", "packageVersion": "2.6.32-358.11.1.el6", "OSVersion": "6"}, {"arch": "x86_64", "packageName": "python-perf", "operator": "lt", "OS": "CentOS", "packageFilename": "python-perf-2.6.32-358.11.1.el6.x86_64.rpm", "packageVersion": "2.6.32-358.11.1.el6", "OSVersion": "6"}, {"arch": "i686", "packageName": "kernel-debug-devel", "operator": "lt", "OS": "CentOS", "packageFilename": "kernel-debug-devel-2.6.32-358.11.1.el6.i686.rpm", "packageVersion": "2.6.32-358.11.1.el6", "OSVersion": "6"}, {"arch": "noarch", "packageName": "kernel-doc", "operator": "lt", "OS": "CentOS", "packageFilename": "kernel-doc-2.6.32-358.11.1.el6.noarch.rpm", "packageVersion": "2.6.32-358.11.1.el6", "OSVersion": "6"}, {"arch": "noarch", "packageName": "kernel-doc", "operator": "lt", "OS": "CentOS", "packageFilename": "kernel-doc-2.6.32-358.11.1.el6.noarch.rpm", "packageVersion": "2.6.32-358.11.1.el6", "OSVersion": "6"}, {"arch": "i686", "packageName": "perf", "operator": "lt", "OS": "CentOS", "packageFilename": "perf-2.6.32-358.11.1.el6.i686.rpm", "packageVersion": "2.6.32-358.11.1.el6", "OSVersion": "6"}, {"arch": "i686", "packageName": "kernel-debug", "operator": "lt", "OS": "CentOS", "packageFilename": "kernel-debug-2.6.32-358.11.1.el6.i686.rpm", "packageVersion": "2.6.32-358.11.1.el6", "OSVersion": "6"}, {"arch": "any", "packageName": "kernel", "operator": "lt", "OS": "CentOS", "packageFilename": "kernel-2.6.32-358.11.1.el6.src.rpm", "packageVersion": "2.6.32-358.11.1.el6", "OSVersion": "6"}, {"arch": "x86_64", "packageName": "perf", "operator": "lt", "OS": "CentOS", "packageFilename": "perf-2.6.32-358.11.1.el6.x86_64.rpm", "packageVersion": "2.6.32-358.11.1.el6", "OSVersion": "6"}, {"arch": "x86_64", "packageName": "kernel-debug-devel", "operator": "lt", "OS": "CentOS", "packageFilename": "kernel-debug-devel-2.6.32-358.11.1.el6.x86_64.rpm", "packageVersion": "2.6.32-358.11.1.el6", "OSVersion": "6"}, {"arch": "i686", "packageName": "kernel-devel", "operator": "lt", "OS": "CentOS", "packageFilename": "kernel-devel-2.6.32-358.11.1.el6.i686.rpm", "packageVersion": "2.6.32-358.11.1.el6", "OSVersion": "6"}], "bulletinFamily": "unix", "type": "centos", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "hash": "5550fd81846f6ae52827beffaf508b154b858426489e72fbf8cebbf4d176c623", "references": ["https://rhn.redhat.com/errata/RHSA-2013-0911.html"], "edition": 2, "cvelist": ["CVE-2013-2017", "CVE-2013-1943", "CVE-2013-1935"], "lastseen": "2019-04-03T05:16:53", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-1935", "CVE-2013-1943", "CVE-2013-2017"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310871007", "OPENVAS:1361412562310881747", "OPENVAS:871007", "OPENVAS:1361412562310123611", "OPENVAS:881747", "OPENVAS:841544", "OPENVAS:1361412562310841548", "OPENVAS:1361412562310123612", "OPENVAS:841548", "OPENVAS:1361412562310841544"]}, {"type": "redhat", "idList": ["RHSA-2013:0911", "RHSA-2013:0907"]}, {"type": "nessus", "idList": ["SL_20130610_KERNEL_ON_SL6_X.NASL", "REDHAT-RHSA-2013-0911.NASL", "ORACLELINUX_ELSA-2013-0911.NASL", "CENTOS_RHSA-2013-0911.NASL", "REDHAT-RHSA-2013-0907.NASL", "UBUNTU_USN-1939-1.NASL", "UBUNTU_USN-1940-1.NASL", "ORACLELINUX_ELSA-2013-2534.NASL", "SUSE_SU-2014-0287-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-0911", "ELSA-2013-2534"]}, {"type": "ubuntu", "idList": ["USN-1939-1", "USN-1940-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:29791", "SECURITYVULNS:VULN:13265"]}], "modified": "2019-04-03T05:16:53"}, "score": {"value": 7.2, "vector": "NONE"}, "vulnersScore": 7.2}, "hashmap": [{"key": "affectedPackage", "hash": "2edcb60d3f894106046693f5c35e1231"}, {"key": "bulletinFamily", "hash": "4913a9178621eadcdf191db17915fbcb"}, {"key": "cvelist", "hash": "a11de95537d7c0963163180005f7e68d"}, {"key": "cvss", "hash": "ed3111898fb94205e2b64cefef5a2081"}, {"key": "description", "hash": "67d56bf7ba08e370ea2b25fc299e0820"}, {"key": "href", "hash": "d677b5ca16070735bcd490f5abab87d8"}, {"key": "modified", "hash": "7b9a02ae147af8545f12d5a6d6ee9fb0"}, {"key": "published", "hash": "7b9a02ae147af8545f12d5a6d6ee9fb0"}, {"key": "references", "hash": "5a5449de782a0e1904ed0e738b7dfe33"}, {"key": "reporter", "hash": "9855627921475e40e00f92d60af14cb3"}, {"key": "title", "hash": "da20c65ef2fb426cec85e639b01a0140"}, {"key": "type", "hash": "cdc872db616ac66adb3166c75e9ad183"}], "objectVersion": "1.3", "modified": "2013-06-12T13:37:13", "scheme": null}

{"cve": [{"lastseen": "2019-04-23T11:53:37", "bulletinFamily": "NVD", "description": "A certain Red Hat patch to the KVM subsystem in the kernel package before 2.6.32-358.11.1.el6 on Red Hat Enterprise Linux (RHEL) 6 does not properly implement the PV EOI feature, which allows guest OS users to cause a denial of service (host OS crash) by leveraging a time window during which interrupts are disabled but copy_to_user function calls are possible.", "modified": "2019-04-22T13:48:00", "published": "2013-07-16T10:08:49", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1935", "id": "CVE-2013-1935", "title": "CVE-2013-1935", "type": "cve", "cvss": {"score": 5.7, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-04-23T11:53:37", "bulletinFamily": "NVD", "description": "The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c.", "modified": "2019-04-22T13:48:00", "published": "2013-07-16T10:08:50", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1943", "id": "CVE-2013-1943", "title": "CVE-2013-1943", "type": "cve", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-10T11:53:36", "bulletinFamily": "NVD", "description": "The veth (aka virtual Ethernet) driver in the Linux kernel before 2.6.34 does not properly manage skbs during congestion, which allows remote attackers to cause a denial of service (system crash) by leveraging lack of skb consumption in conjunction with a double-free error.", "modified": "2013-05-03T07:57:45", "published": "2013-05-03T07:57:45", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2017", "id": "CVE-2013-2017", "title": "CVE-2013-2017", "type": "cve", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-11-23T15:15:13", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2013-06-13T00:00:00", "id": "OPENVAS:1361412562310871007", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871007", "title": "RedHat Update for kernel RHSA-2013:0911-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2013:0911-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871007\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-06-13 10:05:27 +0530 (Thu, 13 Jun 2013)\");\n script_cve_id(\"CVE-2013-1935\", \"CVE-2013-1943\", \"CVE-2013-2017\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"RedHat Update for kernel RHSA-2013:0911-01\");\n\n script_xref(name:\"RHSA\", value:\"2013:0911-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2013-June/msg00008.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"kernel on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n\n * A flaw was found in the way KVM (Kernel-based Virtual Machine)\n initialized a guest's registered pv_eoi (paravirtualized end-of-interrupt)\n indication flag when entering the guest. An unprivileged guest user could\n potentially use this flaw to crash the host. (CVE-2013-1935, Important)\n\n * A missing sanity check was found in the kvm_set_memory_region() function\n in KVM, allowing a user-space process to register memory regions pointing\n to the kernel address space. A local, unprivileged user could use this flaw\n to escalate their privileges. (CVE-2013-1943, Important)\n\n * A double free flaw was found in the Linux kernel's Virtual Ethernet\n Tunnel driver (veth). A remote attacker could possibly use this flaw to\n crash a target system. (CVE-2013-2017, Moderate)\n\n Red Hat would like to thank IBM for reporting the CVE-2013-1935 issue and\n Atzm WATANABE of Stratosphere Inc. for reporting the CVE-2013-2017 issue.\n The CVE-2013-1943 issue was discovered by Michael S. Tsirkin of Red Hat.\n\n This update also fixes several bugs and adds one enhancement. Documentation\n for these changes will be available shortly from the Technical Notes\n document linked to in the References section.\n\n Users should upgrade to these updated packages, which contain backported\n patches to correct these issues and add this enhancement. The system must\n be rebooted for this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~358.11.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~358.11.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.32~358.11.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~358.11.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.32~358.11.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-i686\", rpm:\"kernel-debuginfo-common-i686~2.6.32~358.11.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~358.11.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~358.11.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~358.11.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~2.6.32~358.11.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf-debuginfo\", rpm:\"python-perf-debuginfo~2.6.32~358.11.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~358.11.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~358.11.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~2.6.32~358.11.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-01-26T11:10:23", "bulletinFamily": "scanner", "description": "Check for the Version of kernel", "modified": "2018-01-26T00:00:00", "published": "2013-06-13T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=871007", "id": "OPENVAS:871007", "title": "RedHat Update for kernel RHSA-2013:0911-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2013:0911-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n\n * A flaw was found in the way KVM (Kernel-based Virtual Machine)\n initialized a guest's registered pv_eoi (paravirtualized end-of-interrupt)\n indication flag when entering the guest. An unprivileged guest user could\n potentially use this flaw to crash the host. (CVE-2013-1935, Important)\n\n * A missing sanity check was found in the kvm_set_memory_region() function\n in KVM, allowing a user-space process to register memory regions pointing\n to the kernel address space. A local, unprivileged user could use this flaw\n to escalate their privileges. (CVE-2013-1943, Important)\n\n * A double free flaw was found in the Linux kernel's Virtual Ethernet\n Tunnel driver (veth). A remote attacker could possibly use this flaw to\n crash a target system. (CVE-2013-2017, Moderate)\n\n Red Hat would like to thank IBM for reporting the CVE-2013-1935 issue and\n Atzm WATANABE of Stratosphere Inc. for reporting the CVE-2013-2017 issue.\n The CVE-2013-1943 issue was discovered by Michael S. Tsirkin of Red Hat.\n\n This update also fixes several bugs and adds one enhancement. Documentation\n for these changes will be available shortly from the Technical Notes\n document linked to in the References section.\n\n Users should upgrade to these updated packages, which contain backported\n patches to correct these issues and add this enhancement. The system must\n be rebooted for this update to take effect.\";\n\n\ntag_affected = \"kernel on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(871007);\n script_version(\"$Revision: 8542 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-26 07:57:28 +0100 (Fri, 26 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-06-13 10:05:27 +0530 (Thu, 13 Jun 2013)\");\n script_cve_id(\"CVE-2013-1935\", \"CVE-2013-1943\", \"CVE-2013-2017\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"RedHat Update for kernel RHSA-2013:0911-01\");\n\n script_xref(name: \"RHSA\", value: \"2013:0911-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2013-June/msg00008.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~358.11.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~358.11.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.32~358.11.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~358.11.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.32~358.11.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-i686\", rpm:\"kernel-debuginfo-common-i686~2.6.32~358.11.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~358.11.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~358.11.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~358.11.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~2.6.32~358.11.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf-debuginfo\", rpm:\"python-perf-debuginfo~2.6.32~358.11.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~358.11.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~358.11.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~2.6.32~358.11.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-03-18T14:39:56", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-06-13T00:00:00", "id": "OPENVAS:1361412562310881747", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881747", "title": "CentOS Update for kernel CESA-2013:0911 centos6", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2013:0911 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881747\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-06-13 10:06:02 +0530 (Thu, 13 Jun 2013)\");\n script_cve_id(\"CVE-2013-1935\", \"CVE-2013-1943\", \"CVE-2013-2017\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"CentOS Update for kernel CESA-2013:0911 centos6\");\n\n script_xref(name:\"CESA\", value:\"2013:0911\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2013-June/019784.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"kernel on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n\n * A flaw was found in the way KVM (Kernel-based Virtual Machine)\n initialized a guest's registered pv_eoi (paravirtualized end-of-interrupt)\n indication flag when entering the guest. An unprivileged guest user could\n potentially use this flaw to crash the host. (CVE-2013-1935, Important)\n\n * A missing sanity check was found in the kvm_set_memory_region() function\n in KVM, allowing a user-space process to register memory regions pointing\n to the kernel address space. A local, unprivileged user could use this flaw\n to escalate their privileges. (CVE-2013-1943, Important)\n\n * A double free flaw was found in the Linux kernel's Virtual Ethernet\n Tunnel driver (veth). A remote attacker could possibly use this flaw to\n crash a target system. (CVE-2013-2017, Moderate)\n\n Red Hat would like to thank IBM for reporting the CVE-2013-1935 issue and\n Atzm WATANABE of Stratosphere Inc. for reporting the CVE-2013-2017 issue.\n The CVE-2013-1943 issue was discovered by Michael S. Tsirkin of Red Hat.\n\n This update also fixes several bugs and adds one enhancement. Documentation\n for these changes will be available shortly from the Technical Notes\n document linked to in the References section.\n\n Users should upgrade to these updated packages, which contain backported\n patches to correct these issues and add this enhancement. The system must\n be rebooted for this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~358.11.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~358.11.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~358.11.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~358.11.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~358.11.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~358.11.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~358.11.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~358.11.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~2.6.32~358.11.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-01-18T11:09:04", "bulletinFamily": "scanner", "description": "Check for the Version of kernel", "modified": "2018-01-18T00:00:00", "published": "2013-06-13T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881747", "id": "OPENVAS:881747", "title": "CentOS Update for kernel CESA-2013:0911 centos6 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2013:0911 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n\n * A flaw was found in the way KVM (Kernel-based Virtual Machine)\n initialized a guest's registered pv_eoi (paravirtualized end-of-interrupt)\n indication flag when entering the guest. An unprivileged guest user could\n potentially use this flaw to crash the host. (CVE-2013-1935, Important)\n\n * A missing sanity check was found in the kvm_set_memory_region() function\n in KVM, allowing a user-space process to register memory regions pointing\n to the kernel address space. A local, unprivileged user could use this flaw\n to escalate their privileges. (CVE-2013-1943, Important)\n\n * A double free flaw was found in the Linux kernel's Virtual Ethernet\n Tunnel driver (veth). A remote attacker could possibly use this flaw to\n crash a target system. (CVE-2013-2017, Moderate)\n\n Red Hat would like to thank IBM for reporting the CVE-2013-1935 issue and\n Atzm WATANABE of Stratosphere Inc. for reporting the CVE-2013-2017 issue.\n The CVE-2013-1943 issue was discovered by Michael S. Tsirkin of Red Hat.\n\n This update also fixes several bugs and adds one enhancement. Documentation\n for these changes will be available shortly from the Technical Notes\n document linked to in the References section.\n\n Users should upgrade to these updated packages, which contain backported\n patches to correct these issues and add this enhancement. The system must\n be rebooted for this update to take effect.\";\n\n\ntag_affected = \"kernel on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(881747);\n script_version(\"$Revision: 8456 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-18 07:58:40 +0100 (Thu, 18 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-06-13 10:06:02 +0530 (Thu, 13 Jun 2013)\");\n script_cve_id(\"CVE-2013-1935\", \"CVE-2013-1943\", \"CVE-2013-2017\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"CentOS Update for kernel CESA-2013:0911 centos6 \");\n\n script_xref(name: \"CESA\", value: \"2013:0911\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2013-June/019784.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~358.11.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~358.11.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~358.11.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~358.11.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~358.11.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~358.11.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~358.11.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~358.11.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~2.6.32~358.11.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-09-28T18:24:37", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2013-0911", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123611", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123611", "title": "Oracle Linux Local Check: ELSA-2013-0911", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2013-0911.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123611\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:06:16 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-0911\");\n script_tag(name:\"insight\", value:\"ELSA-2013-0911 - kernel security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-0911\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-0911.html\");\n script_cve_id(\"CVE-2013-1935\", \"CVE-2013-1943\", \"CVE-2013-2017\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~358.11.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~358.11.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~358.11.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~358.11.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~358.11.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~358.11.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~358.11.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~358.11.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~2.6.32~358.11.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-03-14T14:30:48", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2013-09-12T00:00:00", "id": "OPENVAS:1361412562310841548", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841548", "title": "Ubuntu Update for linux-ec2 USN-1940-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1940_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-ec2 USN-1940-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841548\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-12 11:45:59 +0530 (Thu, 12 Sep 2013)\");\n script_cve_id(\"CVE-2013-1060\", \"CVE-2013-1943\", \"CVE-2013-2206\", \"CVE-2013-4162\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux-ec2 USN-1940-1\");\n\n script_tag(name:\"affected\", value:\"linux-ec2 on Ubuntu 10.04 LTS\");\n script_tag(name:\"insight\", value:\"Vasily Kulikov discovered a flaw in the Linux Kernel's perf tool that\nallows for privilege escalation. A local user could exploit this flaw to\nrun commands as root when using the perf tool. (CVE-2013-1060)\n\nMichael S. Tsirkin discovered a flaw in how the Linux kernel's KVM\nsubsystem allocates memory slots for the guest's address space. A local\nuser could exploit this flaw to gain system privileges or obtain sensitive\ninformation from kernel memory. (CVE-2013-1943)\n\nA flaw was discovered in the SCTP (stream control transfer protocol)\nnetwork protocol's handling of duplicate cookies in the Linux kernel. A\nremote attacker could exploit this flaw to cause a denial of service\n(system crash) on another remote user querying the SCTP connection.\n(CVE-2013-2206)\n\nHannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option in the\nLinux kernel's IPv6 stack. A local user could exploit this flaw to cause a\ndenial of service (system crash). (CVE-2013-4162)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"1940-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1940-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-ec2'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-356-ec2\", ver:\"2.6.32-356.69\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-03-14T14:31:19", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2013-09-12T00:00:00", "id": "OPENVAS:1361412562310841544", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841544", "title": "Ubuntu Update for linux USN-1939-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1939_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux USN-1939-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841544\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-12 11:39:49 +0530 (Thu, 12 Sep 2013)\");\n script_cve_id(\"CVE-2013-1060\", \"CVE-2013-1943\", \"CVE-2013-2206\", \"CVE-2013-4162\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux USN-1939-1\");\n\n script_tag(name:\"affected\", value:\"linux on Ubuntu 10.04 LTS\");\n script_tag(name:\"insight\", value:\"Vasily Kulikov discovered a flaw in the Linux Kernel's perf tool that\nallows for privilege escalation. A local user could exploit this flaw to\nrun commands as root when using the perf tool.\n(CVE-2013-1060)\n\nMichael S. Tsirkin discovered a flaw in how the Linux kernel's KVM\nsubsystem allocates memory slots for the guest's address space. A local\nuser could exploit this flaw to gain system privileges or obtain sensitive\ninformation from kernel memory. (CVE-2013-1943)\n\nA flaw was discovered in the SCTP (stream control transfer protocol)\nnetwork protocol's handling of duplicate cookies in the Linux kernel. A\nremote attacker could exploit this flaw to cause a denial of service\n(system crash) on another remote user querying the SCTP connection.\n(CVE-2013-2206)\n\nHannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option in the\nLinux kernel's IPv6 stack. A local user could exploit this flaw to cause a\ndenial of service (system crash). (CVE-2013-4162)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"1939-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1939-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-51-386\", ver:\"2.6.32-51.113\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-51-generic\", ver:\"2.6.32-51.113\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-51-generic-pae\", ver:\"2.6.32-51.113\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-51-ia64\", ver:\"2.6.32-51.113\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-51-lpia\", ver:\"2.6.32-51.113\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-51-powerpc\", ver:\"2.6.32-51.113\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-51-powerpc-smp\", ver:\"2.6.32-51.113\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-51-powerpc64-smp\", ver:\"2.6.32-51.113\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-51-preempt\", ver:\"2.6.32-51.113\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-51-server\", ver:\"2.6.32-51.113\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-51-sparc64\", ver:\"2.6.32-51.113\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-51-sparc64-smp\", ver:\"2.6.32-51.113\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-51-versatile\", ver:\"2.6.32-51.113\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-51-virtual\", ver:\"2.6.32-51.113\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:22:13", "bulletinFamily": "scanner", "description": "Check for the Version of linux-ec2", "modified": "2017-12-01T00:00:00", "published": "2013-09-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=841548", "id": "OPENVAS:841548", "title": "Ubuntu Update for linux-ec2 USN-1940-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1940_1.nasl 7958 2017-12-01 06:47:47Z santu $\n#\n# Ubuntu Update for linux-ec2 USN-1940-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(841548);\n script_version(\"$Revision: 7958 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:47:47 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-12 11:45:59 +0530 (Thu, 12 Sep 2013)\");\n script_cve_id(\"CVE-2013-1060\", \"CVE-2013-1943\", \"CVE-2013-2206\", \"CVE-2013-4162\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux-ec2 USN-1940-1\");\n\n tag_insight = \"Vasily Kulikov discovered a flaw in the Linux Kernel's perf tool that\nallows for privilege escalation. A local user could exploit this flaw to\nrun commands as root when using the perf tool. (CVE-2013-1060)\n\nMichael S. Tsirkin discovered a flaw in how the Linux kernel's KVM\nsubsystem allocates memory slots for the guest's address space. A local\nuser could exploit this flaw to gain system privileges or obtain sensitive\ninformation from kernel memory. (CVE-2013-1943)\n\nA flaw was discovered in the SCTP (stream control transfer protocol)\nnetwork protocol's handling of duplicate cookies in the Linux kernel. A\nremote attacker could exploit this flaw to cause a denial of service\n(system crash) on another remote user querying the SCTP connection.\n(CVE-2013-2206)\n\nHannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option in the\nLinux kernel's IPv6 stack. A local user could exploit this flaw to cause a\ndenial of service (system crash). (CVE-2013-4162)\";\n\n tag_affected = \"linux-ec2 on Ubuntu 10.04 LTS\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"1940-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1940-1/\");\n script_summary(\"Check for the Version of linux-ec2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-356-ec2\", ver:\"2.6.32-356.69\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-28T18:25:20", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2013-2534", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123612", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123612", "title": "Oracle Linux Local Check: ELSA-2013-2534", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2013-2534.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123612\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:06:16 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-2534\");\n script_tag(name:\"insight\", value:\"ELSA-2013-2534 - Unbreakable Enterprise kernel Security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-2534\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-2534.html\");\n script_cve_id(\"CVE-2012-4542\", \"CVE-2012-6542\", \"CVE-2013-1943\", \"CVE-2013-1929\", \"CVE-2013-1860\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.32~400.29.1.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.32~400.29.1.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.32~400.29.1.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.32~400.29.1.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.32~400.29.1.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.32~400.29.1.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-headers\", rpm:\"kernel-uek-headers~2.6.32~400.29.1.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mlnx_en\", rpm:\"mlnx_en~2.6.32~400.29.1.el5uek~1.5.7~2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mlnx_en\", rpm:\"mlnx_en~2.6.32~400.29.1.el5uekdebug~1.5.7~2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~400.29.1.el5uek~1.5.1~4.0.58\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~400.29.1.el5uekdebug~1.5.1~4.0.58\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.32~400.29.1.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.32~400.29.1.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.32~400.29.1.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.32~400.29.1.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.32~400.29.1.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.32~400.29.1.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-headers\", rpm:\"kernel-uek-headers~2.6.32~400.29.1.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mlnx_en\", rpm:\"mlnx_en~2.6.32~400.29.1.el6uek~1.5.7~0.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mlnx_en\", rpm:\"mlnx_en~2.6.32~400.29.1.el6uekdebug~1.5.7~0.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~400.29.1.el6uek~1.5.1~4.0.58\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~400.29.1.el6uekdebug~1.5.1~4.0.58\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-26T11:10:22", "bulletinFamily": "scanner", "description": "Check for the Version of linux", "modified": "2018-01-26T00:00:00", "published": "2013-09-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=841544", "id": "OPENVAS:841544", "title": "Ubuntu Update for linux USN-1939-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1939_1.nasl 8542 2018-01-26 06:57:28Z teissa $\n#\n# Ubuntu Update for linux USN-1939-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(841544);\n script_version(\"$Revision: 8542 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-26 07:57:28 +0100 (Fri, 26 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-12 11:39:49 +0530 (Thu, 12 Sep 2013)\");\n script_cve_id(\"CVE-2013-1060\", \"CVE-2013-1943\", \"CVE-2013-2206\", \"CVE-2013-4162\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux USN-1939-1\");\n\n tag_insight = \"Vasily Kulikov discovered a flaw in the Linux Kernel's perf tool that\nallows for privilege escalation. A local user could exploit this flaw to\nrun commands as root when using the perf tool.\n(CVE-2013-1060)\n\nMichael S. Tsirkin discovered a flaw in how the Linux kernel's KVM\nsubsystem allocates memory slots for the guest's address space. A local\nuser could exploit this flaw to gain system privileges or obtain sensitive\ninformation from kernel memory. (CVE-2013-1943)\n\nA flaw was discovered in the SCTP (stream control transfer protocol)\nnetwork protocol's handling of duplicate cookies in the Linux kernel. A\nremote attacker could exploit this flaw to cause a denial of service\n(system crash) on another remote user querying the SCTP connection.\n(CVE-2013-2206)\n\nHannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option in the\nLinux kernel's IPv6 stack. A local user could exploit this flaw to cause a\ndenial of service (system crash). (CVE-2013-4162)\";\n\n tag_affected = \"linux on Ubuntu 10.04 LTS\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"1939-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1939-1/\");\n script_tag(name: \"summary\" , value: \"Check for the Version of linux\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-51-386\", ver:\"2.6.32-51.113\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-51-generic\", ver:\"2.6.32-51.113\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-51-generic-pae\", ver:\"2.6.32-51.113\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-51-ia64\", ver:\"2.6.32-51.113\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-51-lpia\", ver:\"2.6.32-51.113\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-51-powerpc\", ver:\"2.6.32-51.113\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-51-powerpc-smp\", ver:\"2.6.32-51.113\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-51-powerpc64-smp\", ver:\"2.6.32-51.113\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-51-preempt\", ver:\"2.6.32-51.113\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-51-server\", ver:\"2.6.32-51.113\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-51-sparc64\", ver:\"2.6.32-51.113\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-51-sparc64-smp\", ver:\"2.6.32-51.113\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-51-versatile\", ver:\"2.6.32-51.113\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-51-virtual\", ver:\"2.6.32-51.113\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-12-11T19:41:14", "bulletinFamily": "unix", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* A flaw was found in the way KVM (Kernel-based Virtual Machine)\ninitialized a guest's registered pv_eoi (paravirtualized end-of-interrupt)\nindication flag when entering the guest. An unprivileged guest user could\npotentially use this flaw to crash the host. (CVE-2013-1935, Important)\n\n* A missing sanity check was found in the kvm_set_memory_region() function\nin KVM, allowing a user-space process to register memory regions pointing\nto the kernel address space. A local, unprivileged user could use this flaw\nto escalate their privileges. (CVE-2013-1943, Important)\n\n* A double free flaw was found in the Linux kernel's Virtual Ethernet\nTunnel driver (veth). A remote attacker could possibly use this flaw to\ncrash a target system. (CVE-2013-2017, Moderate)\n\nRed Hat would like to thank IBM for reporting the CVE-2013-1935 issue and\nAtzm WATANABE of Stratosphere Inc. for reporting the CVE-2013-2017 issue.\nThe CVE-2013-1943 issue was discovered by Michael S. Tsirkin of Red Hat.\n\nThis update also fixes several bugs and adds one enhancement. Documentation\nfor these changes will be available shortly from the Technical Notes\ndocument linked to in the References section.\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues and add this enhancement. The system must\nbe rebooted for this update to take effect.\n", "modified": "2018-06-06T20:24:08", "published": "2013-06-10T04:00:00", "id": "RHSA-2013:0911", "href": "https://access.redhat.com/errata/RHSA-2013:0911", "type": "redhat", "title": "(RHSA-2013:0911) Important: kernel security, bug fix, and enhancement update", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:43:07", "bulletinFamily": "unix", "description": "The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nA flaw was found in the way KVM initialized a guest's registered pv_eoi\n(paravirtualized end-of-interrupt) indication flag when entering the guest.\nAn unprivileged guest user could potentially use this flaw to crash the\nhost. (CVE-2013-1935)\n\nA flaw was found in the way unexpected fields in guestInfo dictionaries\nwere processed. A privileged guest user could potentially use this flaw to\nmake the host the guest is running on unavailable to the management server.\n(CVE-2013-0167)\n\nRed Hat would like to thank IBM for reporting the CVE-2013-1935 issue. The\nCVE-2013-0167 issue was discovered by Dan Kenigsberg of the Red Hat\nEnterprise Virtualization team.\n\nThis updated package provides updated components that include fixes for\nvarious security issues. These issues have no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2013-1962 (libvirt issue)\n\nCVE-2013-2017 and CVE-2013-1943 (kernel issues)\n\nCVE-2012-6137 (subscription-manager issue)\n\nThis update also contains the fixes from the following errata:\n\n* vdsm: RHSA-2013:0886, which adds support for Red Hat Enterprise\nVirtualization 3.2 clusters.\n\n* ovirt-node: RHBA-2013:0908\n\nUpgrade Note: If you upgrade the Red Hat Enterprise Virtualization\nHypervisor through the 3.2 Manager administration portal, the Host may\nappear with the status of \"Install Failed\". If this happens, place the host\ninto maintenance mode, then activate it again to get the host back to an\n\"Up\" state.\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which corrects these issues.\n", "modified": "2018-06-07T08:59:36", "published": "2013-06-10T04:00:00", "id": "RHSA-2013:0907", "href": "https://access.redhat.com/errata/RHSA-2013:0907", "type": "redhat", "title": "(RHSA-2013:0907) Important: rhev-hypervisor6 security and bug fix update", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-02-21T01:19:01", "bulletinFamily": "scanner", "description": "This update fixes the following security issues :\n\n - A flaw was found in the way KVM (Kernel-based Virtual Machine) initialized a guest's registered pv_eoi (paravirtualized end-of-interrupt) indication flag when entering the guest. An unprivileged guest user could potentially use this flaw to crash the host.\n (CVE-2013-1935, Important)\n\n - A missing sanity check was found in the kvm_set_memory_region() function in KVM, allowing a user-space process to register memory regions pointing to the kernel address space. A local, unprivileged user could use this flaw to escalate their privileges.\n (CVE-2013-1943, Important)\n\n - A double free flaw was found in the Linux kernel's Virtual Ethernet Tunnel driver (veth). A remote attacker could possibly use this flaw to crash a target system.\n (CVE-2013-2017, Moderate)\n\nThe system must be rebooted for this update to take effect.", "modified": "2018-12-31T00:00:00", "id": "SL_20130610_KERNEL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=66884", "published": "2013-06-13T00:00:00", "title": "Scientific Linux Security Update : kernel on SL6.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(66884);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/12/31 11:35:01\");\n\n script_cve_id(\"CVE-2013-1935\", \"CVE-2013-1943\", \"CVE-2013-2017\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issues :\n\n - A flaw was found in the way KVM (Kernel-based Virtual\n Machine) initialized a guest's registered pv_eoi\n (paravirtualized end-of-interrupt) indication flag when\n entering the guest. An unprivileged guest user could\n potentially use this flaw to crash the host.\n (CVE-2013-1935, Important)\n\n - A missing sanity check was found in the\n kvm_set_memory_region() function in KVM, allowing a\n user-space process to register memory regions pointing\n to the kernel address space. A local, unprivileged user\n could use this flaw to escalate their privileges.\n (CVE-2013-1943, Important)\n\n - A double free flaw was found in the Linux kernel's\n Virtual Ethernet Tunnel driver (veth). A remote attacker\n could possibly use this flaw to crash a target system.\n (CVE-2013-2017, Moderate)\n\nThe system must be rebooted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1306&L=scientific-linux-errata&T=0&P=821\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4e7a02d3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"kernel-2.6.32-358.11.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-2.6.32-358.11.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-debuginfo-2.6.32-358.11.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-devel-2.6.32-358.11.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debuginfo-2.6.32-358.11.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"i386\", reference:\"kernel-debuginfo-common-i686-2.6.32-358.11.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-358.11.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-devel-2.6.32-358.11.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-doc-2.6.32-358.11.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-firmware-2.6.32-358.11.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-headers-2.6.32-358.11.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-2.6.32-358.11.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-debuginfo-2.6.32-358.11.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-perf-2.6.32-358.11.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-perf-debuginfo-2.6.32-358.11.1.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:19:01", "bulletinFamily": "scanner", "description": "Updated kernel packages that fix three security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* A flaw was found in the way KVM (Kernel-based Virtual Machine) initialized a guest's registered pv_eoi (paravirtualized end-of-interrupt) indication flag when entering the guest. An unprivileged guest user could potentially use this flaw to crash the host. (CVE-2013-1935, Important)\n\n* A missing sanity check was found in the kvm_set_memory_region() function in KVM, allowing a user-space process to register memory regions pointing to the kernel address space. A local, unprivileged user could use this flaw to escalate their privileges. (CVE-2013-1943, Important)\n\n* A double free flaw was found in the Linux kernel's Virtual Ethernet Tunnel driver (veth). A remote attacker could possibly use this flaw to crash a target system. (CVE-2013-2017, Moderate)\n\nRed Hat would like to thank IBM for reporting the CVE-2013-1935 issue and Atzm WATANABE of Stratosphere Inc. for reporting the CVE-2013-2017 issue. The CVE-2013-1943 issue was discovered by Michael S. Tsirkin of Red Hat.\n\nThis update also fixes several bugs and adds one enhancement.\nDocumentation for these changes will be available shortly from the Technical Notes document linked to in the References section.\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement.\nThe system must be rebooted for this update to take effect.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2013-0911.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=66887", "published": "2013-06-14T00:00:00", "title": "CentOS 6 : kernel (CESA-2013:0911)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0911 and \n# CentOS Errata and Security Advisory 2013:0911 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(66887);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/11/10 11:49:30\");\n\n script_cve_id(\"CVE-2013-1935\", \"CVE-2013-1943\", \"CVE-2013-2017\", \"CVE-2013-2188\");\n script_bugtraq_id(59549, 60463, 60466, 61195);\n script_xref(name:\"RHSA\", value:\"2013:0911\");\n\n script_name(english:\"CentOS 6 : kernel (CESA-2013:0911)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix three security issues, several bugs,\nand add one enhancement are now available for Red Hat Enterprise Linux\n6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* A flaw was found in the way KVM (Kernel-based Virtual Machine)\ninitialized a guest's registered pv_eoi (paravirtualized\nend-of-interrupt) indication flag when entering the guest. An\nunprivileged guest user could potentially use this flaw to crash the\nhost. (CVE-2013-1935, Important)\n\n* A missing sanity check was found in the kvm_set_memory_region()\nfunction in KVM, allowing a user-space process to register memory\nregions pointing to the kernel address space. A local, unprivileged\nuser could use this flaw to escalate their privileges. (CVE-2013-1943,\nImportant)\n\n* A double free flaw was found in the Linux kernel's Virtual Ethernet\nTunnel driver (veth). A remote attacker could possibly use this flaw\nto crash a target system. (CVE-2013-2017, Moderate)\n\nRed Hat would like to thank IBM for reporting the CVE-2013-1935 issue\nand Atzm WATANABE of Stratosphere Inc. for reporting the CVE-2013-2017\nissue. The CVE-2013-1943 issue was discovered by Michael S. Tsirkin of\nRed Hat.\n\nThis update also fixes several bugs and adds one enhancement.\nDocumentation for these changes will be available shortly from the\nTechnical Notes document linked to in the References section.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues and add this enhancement.\nThe system must be rebooted for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-June/019784.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6cd508fd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-2.6.32-358.11.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-debug-2.6.32-358.11.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-debug-devel-2.6.32-358.11.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-devel-2.6.32-358.11.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-doc-2.6.32-358.11.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-firmware-2.6.32-358.11.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-headers-2.6.32-358.11.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perf-2.6.32-358.11.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"python-perf-2.6.32-358.11.1.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:19:00", "bulletinFamily": "scanner", "description": "Updated kernel packages that fix three security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* A flaw was found in the way KVM (Kernel-based Virtual Machine) initialized a guest's registered pv_eoi (paravirtualized end-of-interrupt) indication flag when entering the guest. An unprivileged guest user could potentially use this flaw to crash the host. (CVE-2013-1935, Important)\n\n* A missing sanity check was found in the kvm_set_memory_region() function in KVM, allowing a user-space process to register memory regions pointing to the kernel address space. A local, unprivileged user could use this flaw to escalate their privileges. (CVE-2013-1943, Important)\n\n* A double free flaw was found in the Linux kernel's Virtual Ethernet Tunnel driver (veth). A remote attacker could possibly use this flaw to crash a target system. (CVE-2013-2017, Moderate)\n\nRed Hat would like to thank IBM for reporting the CVE-2013-1935 issue and Atzm WATANABE of Stratosphere Inc. for reporting the CVE-2013-2017 issue. The CVE-2013-1943 issue was discovered by Michael S. Tsirkin of Red Hat.\n\nThis update also fixes several bugs and adds one enhancement.\nDocumentation for these changes will be available shortly from the Technical Notes document linked to in the References section.\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement.\nThe system must be rebooted for this update to take effect.", "modified": "2018-11-10T00:00:00", "id": "REDHAT-RHSA-2013-0911.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=66853", "published": "2013-06-11T00:00:00", "title": "RHEL 6 : kernel (RHSA-2013:0911)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0911. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(66853);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/10 11:49:52\");\n\n script_cve_id(\"CVE-2013-1935\", \"CVE-2013-1943\", \"CVE-2013-2017\", \"CVE-2013-2188\");\n script_bugtraq_id(59549, 61195);\n script_xref(name:\"RHSA\", value:\"2013:0911\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2013:0911)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix three security issues, several bugs,\nand add one enhancement are now available for Red Hat Enterprise Linux\n6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* A flaw was found in the way KVM (Kernel-based Virtual Machine)\ninitialized a guest's registered pv_eoi (paravirtualized\nend-of-interrupt) indication flag when entering the guest. An\nunprivileged guest user could potentially use this flaw to crash the\nhost. (CVE-2013-1935, Important)\n\n* A missing sanity check was found in the kvm_set_memory_region()\nfunction in KVM, allowing a user-space process to register memory\nregions pointing to the kernel address space. A local, unprivileged\nuser could use this flaw to escalate their privileges. (CVE-2013-1943,\nImportant)\n\n* A double free flaw was found in the Linux kernel's Virtual Ethernet\nTunnel driver (veth). A remote attacker could possibly use this flaw\nto crash a target system. (CVE-2013-2017, Moderate)\n\nRed Hat would like to thank IBM for reporting the CVE-2013-1935 issue\nand Atzm WATANABE of Stratosphere Inc. for reporting the CVE-2013-2017\nissue. The CVE-2013-1943 issue was discovered by Michael S. Tsirkin of\nRed Hat.\n\nThis update also fixes several bugs and adds one enhancement.\nDocumentation for these changes will be available shortly from the\nTechnical Notes document linked to in the References section.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues and add this enhancement.\nThe system must be rebooted for this update to take effect.\"\n );\n # https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c6b506c4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0911\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1935\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1943\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2188\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0911\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-2.6.32-358.11.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-2.6.32-358.11.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-2.6.32-358.11.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-2.6.32-358.11.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-2.6.32-358.11.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-358.11.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-2.6.32-358.11.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-2.6.32-358.11.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-358.11.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.32-358.11.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.32-358.11.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-358.11.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-2.6.32-358.11.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-2.6.32-358.11.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-358.11.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-2.6.32-358.11.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-2.6.32-358.11.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-358.11.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-devel-2.6.32-358.11.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-devel-2.6.32-358.11.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-358.11.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-doc-2.6.32-358.11.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-firmware-2.6.32-358.11.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-headers-2.6.32-358.11.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-headers-2.6.32-358.11.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-358.11.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.32-358.11.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-2.6.32-358.11.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.32-358.11.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-2.6.32-358.11.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-2.6.32-358.11.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-2.6.32-358.11.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-debuginfo-2.6.32-358.11.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-debuginfo-2.6.32-358.11.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-358.11.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-perf-2.6.32-358.11.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-perf-2.6.32-358.11.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-perf-2.6.32-358.11.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-perf-debuginfo-2.6.32-358.11.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-perf-debuginfo-2.6.32-358.11.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-2.6.32-358.11.1.el6\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debug / kernel-debug-debuginfo / kernel-debug-devel / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:19:42", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2013:0911 :\n\nUpdated kernel packages that fix three security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* A flaw was found in the way KVM (Kernel-based Virtual Machine) initialized a guest's registered pv_eoi (paravirtualized end-of-interrupt) indication flag when entering the guest. An unprivileged guest user could potentially use this flaw to crash the host. (CVE-2013-1935, Important)\n\n* A missing sanity check was found in the kvm_set_memory_region() function in KVM, allowing a user-space process to register memory regions pointing to the kernel address space. A local, unprivileged user could use this flaw to escalate their privileges. (CVE-2013-1943, Important)\n\n* A double free flaw was found in the Linux kernel's Virtual Ethernet Tunnel driver (veth). A remote attacker could possibly use this flaw to crash a target system. (CVE-2013-2017, Moderate)\n\nRed Hat would like to thank IBM for reporting the CVE-2013-1935 issue and Atzm WATANABE of Stratosphere Inc. for reporting the CVE-2013-2017 issue. The CVE-2013-1943 issue was discovered by Michael S. Tsirkin of Red Hat.\n\nThis update also fixes several bugs and adds one enhancement.\nDocumentation for these changes will be available shortly from the Technical Notes document linked to in the References section.\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement.\nThe system must be rebooted for this update to take effect.", "modified": "2018-07-18T00:00:00", "id": "ORACLELINUX_ELSA-2013-0911.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68834", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 6 : kernel (ELSA-2013-0911)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:0911 and \n# Oracle Linux Security Advisory ELSA-2013-0911 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68834);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/18 17:43:57\");\n\n script_cve_id(\"CVE-2013-1935\", \"CVE-2013-1943\", \"CVE-2013-2017\", \"CVE-2013-2188\");\n script_bugtraq_id(59549, 59846, 60463, 60466, 61195);\n script_xref(name:\"RHSA\", value:\"2013:0911\");\n\n script_name(english:\"Oracle Linux 6 : kernel (ELSA-2013-0911)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:0911 :\n\nUpdated kernel packages that fix three security issues, several bugs,\nand add one enhancement are now available for Red Hat Enterprise Linux\n6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* A flaw was found in the way KVM (Kernel-based Virtual Machine)\ninitialized a guest's registered pv_eoi (paravirtualized\nend-of-interrupt) indication flag when entering the guest. An\nunprivileged guest user could potentially use this flaw to crash the\nhost. (CVE-2013-1935, Important)\n\n* A missing sanity check was found in the kvm_set_memory_region()\nfunction in KVM, allowing a user-space process to register memory\nregions pointing to the kernel address space. A local, unprivileged\nuser could use this flaw to escalate their privileges. (CVE-2013-1943,\nImportant)\n\n* A double free flaw was found in the Linux kernel's Virtual Ethernet\nTunnel driver (veth). A remote attacker could possibly use this flaw\nto crash a target system. (CVE-2013-2017, Moderate)\n\nRed Hat would like to thank IBM for reporting the CVE-2013-1935 issue\nand Atzm WATANABE of Stratosphere Inc. for reporting the CVE-2013-2017\nissue. The CVE-2013-1943 issue was discovered by Michael S. Tsirkin of\nRed Hat.\n\nThis update also fixes several bugs and adds one enhancement.\nDocumentation for these changes will be available shortly from the\nTechnical Notes document linked to in the References section.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues and add this enhancement.\nThe system must be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-June/003511.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-2.6.32-358.11.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-debug-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-debug-2.6.32-358.11.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-debug-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-debug-devel-2.6.32-358.11.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-devel-2.6.32-358.11.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-doc-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-doc-2.6.32-358.11.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-firmware-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-firmware-2.6.32-358.11.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-headers-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-headers-2.6.32-358.11.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perf-2.6.32-358.11.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"python-perf-2.6.32-358.11.1.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:22:41", "bulletinFamily": "scanner", "description": "An updated rhev-hypervisor6 package that fixes two security issues and various bugs is now available.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions.\n\nA flaw was found in the way KVM initialized a guest's registered pv_eoi (paravirtualized end-of-interrupt) indication flag when entering the guest. An unprivileged guest user could potentially use this flaw to crash the host. (CVE-2013-1935)\n\nA flaw was found in the way unexpected fields in guestInfo dictionaries were processed. A privileged guest user could potentially use this flaw to make the host the guest is running on unavailable to the management server. (CVE-2013-0167)\n\nRed Hat would like to thank IBM for reporting the CVE-2013-1935 issue.\nThe CVE-2013-0167 issue was discovered by Dan Kenigsberg of the Red Hat Enterprise Virtualization team.\n\nThis updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers :\n\nCVE-2013-1962 (libvirt issue)\n\nCVE-2013-2017 and CVE-2013-1943 (kernel issues)\n\nCVE-2012-6137 (subscription-manager issue)\n\nThis update also contains the fixes from the following errata :\n\n* vdsm: RHSA-2013:0886, which adds support for Red Hat Enterprise Virtualization 3.2 clusters.\n\n* ovirt-node: RHBA-2013:0908\n\nUpgrade Note: If you upgrade the Red Hat Enterprise Virtualization Hypervisor through the 3.2 Manager administration portal, the Host may appear with the status of 'Install Failed'. If this happens, place the host into maintenance mode, then activate it again to get the host back to an 'Up' state.\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which corrects these issues.", "modified": "2018-12-20T00:00:00", "id": "REDHAT-RHSA-2013-0907.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78961", "published": "2014-11-08T00:00:00", "title": "RHEL 6 : rhev-hypervisor6 (RHSA-2013:0907)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0907. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78961);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/12/20 11:08:45\");\n\n script_cve_id(\"CVE-2013-0167\", \"CVE-2013-1935\");\n script_xref(name:\"RHSA\", value:\"2013:0907\");\n\n script_name(english:\"RHEL 6 : rhev-hypervisor6 (RHSA-2013:0907)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated rhev-hypervisor6 package that fixes two security issues and\nvarious bugs is now available.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe rhev-hypervisor6 package provides a Red Hat Enterprise\nVirtualization Hypervisor ISO disk image. The Red Hat Enterprise\nVirtualization Hypervisor is a dedicated Kernel-based Virtual Machine\n(KVM) hypervisor. It includes everything necessary to run and manage\nvirtual machines: A subset of the Red Hat Enterprise Linux operating\nenvironment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available\nfor the Intel 64 and AMD64 architectures with virtualization\nextensions.\n\nA flaw was found in the way KVM initialized a guest's registered\npv_eoi (paravirtualized end-of-interrupt) indication flag when\nentering the guest. An unprivileged guest user could potentially use\nthis flaw to crash the host. (CVE-2013-1935)\n\nA flaw was found in the way unexpected fields in guestInfo\ndictionaries were processed. A privileged guest user could potentially\nuse this flaw to make the host the guest is running on unavailable to\nthe management server. (CVE-2013-0167)\n\nRed Hat would like to thank IBM for reporting the CVE-2013-1935 issue.\nThe CVE-2013-0167 issue was discovered by Dan Kenigsberg of the Red\nHat Enterprise Virtualization team.\n\nThis updated package provides updated components that include fixes\nfor various security issues. These issues have no security impact on\nRed Hat Enterprise Virtualization Hypervisor itself, however. The\nsecurity fixes included in this update address the following CVE\nnumbers :\n\nCVE-2013-1962 (libvirt issue)\n\nCVE-2013-2017 and CVE-2013-1943 (kernel issues)\n\nCVE-2012-6137 (subscription-manager issue)\n\nThis update also contains the fixes from the following errata :\n\n* vdsm: RHSA-2013:0886, which adds support for Red Hat Enterprise\nVirtualization 3.2 clusters.\n\n* ovirt-node: RHBA-2013:0908\n\nUpgrade Note: If you upgrade the Red Hat Enterprise Virtualization\nHypervisor through the 3.2 Manager administration portal, the Host may\nappear with the status of 'Install Failed'. If this happens, place the\nhost into maintenance mode, then activate it again to get the host\nback to an 'Up' state.\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised\nto upgrade to this updated package, which corrects these issues.\"\n );\n # https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c6b506c4\"\n );\n # https://rhn.redhat.com/errata/RHSA-2013-0886.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0886\"\n );\n # https://rhn.redhat.com/errata/RHBA-2013-0908.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHBA-2013:0908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1935\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0167\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rhev-hypervisor6 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0907\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"rhev-hypervisor6-6.4-20130528.0.el6_4\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rhev-hypervisor6\");\n }\n}\n", "cvss": {"score": 5.7, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:19:59", "bulletinFamily": "scanner", "description": "Vasily Kulikov discovered a flaw in the Linux Kernel's perf tool that allows for privilege escalation. A local user could exploit this flaw to run commands as root when using the perf tool. (CVE-2013-1060)\n\nMichael S. Tsirkin discovered a flaw in how the Linux kernel's KVM subsystem allocates memory slots for the guest's address space. A local user could exploit this flaw to gain system privileges or obtain sensitive information from kernel memory. (CVE-2013-1943)\n\nA flaw was discovered in the SCTP (stream control transfer protocol) network protocol's handling of duplicate cookies in the Linux kernel.\nA remote attacker could exploit this flaw to cause a denial of service (system crash) on another remote user querying the SCTP connection.\n(CVE-2013-2206)\n\nHannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option in the Linux kernel's IPv6 stack. A local user could exploit this flaw to cause a denial of service (system crash). (CVE-2013-4162).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-1940-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=69808", "published": "2013-09-07T00:00:00", "title": "Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1940-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1940-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69808);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/12/01 13:19:08\");\n\n script_cve_id(\"CVE-2013-1060\", \"CVE-2013-1943\", \"CVE-2013-2206\", \"CVE-2013-4162\");\n script_bugtraq_id(60466, 60715);\n script_xref(name:\"USN\", value:\"1940-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1940-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vasily Kulikov discovered a flaw in the Linux Kernel's perf tool that\nallows for privilege escalation. A local user could exploit this flaw\nto run commands as root when using the perf tool. (CVE-2013-1060)\n\nMichael S. Tsirkin discovered a flaw in how the Linux kernel's KVM\nsubsystem allocates memory slots for the guest's address space. A\nlocal user could exploit this flaw to gain system privileges or obtain\nsensitive information from kernel memory. (CVE-2013-1943)\n\nA flaw was discovered in the SCTP (stream control transfer protocol)\nnetwork protocol's handling of duplicate cookies in the Linux kernel.\nA remote attacker could exploit this flaw to cause a denial of service\n(system crash) on another remote user querying the SCTP connection.\n(CVE-2013-2206)\n\nHannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option\nin the Linux kernel's IPv6 stack. A local user could exploit this flaw\nto cause a denial of service (system crash). (CVE-2013-4162).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1940-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected linux-image-2.6-ec2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-356-ec2\", pkgver:\"2.6.32-356.69\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-ec2\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:19:59", "bulletinFamily": "scanner", "description": "Vasily Kulikov discovered a flaw in the Linux Kernel's perf tool that allows for privilege escalation. A local user could exploit this flaw to run commands as root when using the perf tool. (CVE-2013-1060)\n\nMichael S. Tsirkin discovered a flaw in how the Linux kernel's KVM subsystem allocates memory slots for the guest's address space. A local user could exploit this flaw to gain system privileges or obtain sensitive information from kernel memory. (CVE-2013-1943)\n\nA flaw was discovered in the SCTP (stream control transfer protocol) network protocol's handling of duplicate cookies in the Linux kernel.\nA remote attacker could exploit this flaw to cause a denial of service (system crash) on another remote user querying the SCTP connection.\n(CVE-2013-2206)\n\nHannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option in the Linux kernel's IPv6 stack. A local user could exploit this flaw to cause a denial of service (system crash). (CVE-2013-4162).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-1939-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=69807", "published": "2013-09-07T00:00:00", "title": "Ubuntu 10.04 LTS : linux vulnerabilities (USN-1939-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1939-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69807);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/12/01 13:19:08\");\n\n script_cve_id(\"CVE-2013-1060\", \"CVE-2013-1943\", \"CVE-2013-2206\", \"CVE-2013-4162\");\n script_bugtraq_id(60466, 60715);\n script_xref(name:\"USN\", value:\"1939-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux vulnerabilities (USN-1939-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vasily Kulikov discovered a flaw in the Linux Kernel's perf tool that\nallows for privilege escalation. A local user could exploit this flaw\nto run commands as root when using the perf tool. (CVE-2013-1060)\n\nMichael S. Tsirkin discovered a flaw in how the Linux kernel's KVM\nsubsystem allocates memory slots for the guest's address space. A\nlocal user could exploit this flaw to gain system privileges or obtain\nsensitive information from kernel memory. (CVE-2013-1943)\n\nA flaw was discovered in the SCTP (stream control transfer protocol)\nnetwork protocol's handling of duplicate cookies in the Linux kernel.\nA remote attacker could exploit this flaw to cause a denial of service\n(system crash) on another remote user querying the SCTP connection.\n(CVE-2013-2206)\n\nHannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option\nin the Linux kernel's IPv6 stack. A local user could exploit this flaw\nto cause a denial of service (system crash). (CVE-2013-4162).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1939-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-51-386\", pkgver:\"2.6.32-51.113\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-51-generic\", pkgver:\"2.6.32-51.113\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-51-generic-pae\", pkgver:\"2.6.32-51.113\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-51-lpia\", pkgver:\"2.6.32-51.113\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-51-preempt\", pkgver:\"2.6.32-51.113\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-51-server\", pkgver:\"2.6.32-51.113\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-51-versatile\", pkgver:\"2.6.32-51.113\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-51-virtual\", pkgver:\"2.6.32-51.113\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-386 / linux-image-2.6-generic / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:19:43", "bulletinFamily": "scanner", "description": "Description of changes:\n\n\n[2.6.32-400.29.1.el6uek]\n- KVM: add missing void __user COPYING CREDITS Documentation Kbuild MAINTAINERS Makefile README REPORTING-BUGS arch block crypto drivers firmware fs include init ipc kernel lib mm net samples scripts security sound tools uek-rpm usr virt cast to access_ok() call (Heiko Carstens) [Orabug: 16941620] {CVE-2013-1943}\n- KVM: Validate userspace_addr of memslot when registered (Takuya Yoshikawa) [Orabug: 16941620] {CVE-2013-1943}\n\n[2.6.32-400.28.1.el6uek]\n- do_add_mount()/umount -l races (Jerry Snitselaar) [Orabug: 16311974]\n- tg3: fix length overflow in VPD firmware parsing (Kees Cook) [Orabug: 16837019] {CVE-2013-1929}\n- USB: cdc-wdm: fix buffer overflow (Oliver Neukum) [Orabug: 16837003] {CVE-2013-1860}\n- bonding: emit event when bonding changes MAC (Weiping Pan) [Orabug: 16579025]\n- sched: Fix ancient race in do_exit() (Joe Jin)\n- open debug in page_move_anon_rmap by default. (Xiaowei.Hu) [Orabug: 14046035]\n- block: default SCSI command filter does not accomodate commands overlap across device classes (Jamie Iles) [Orabug: 16387136] {CVE-2012-4542}\n- vma_adjust: fix the copying of anon_vma chains (Linus Torvalds) [Orabug: 14046035]\n- xen-netfront: delay gARP until backend switches to Connected (Laszlo Ersek) [Orabug: 16182568]\n- svcrpc: don't hold sv_lock over svc_xprt_put() (J. Bruce Fields) [Orabug: 16032824]\n- mm/hotplug: correctly add new zone to all other nodes' zone lists (Jiang Liu) [Orabug: 16603569] {CVE-2012-5517}\n- ptrace: ptrace_resume() shouldn't wake up !TASK_TRACED thread (Oleg Nesterov) [Orabug: 16405868] {CVE-2013-0871}\n- ptrace: ensure arch_ptrace/ptrace_request can never race with SIGKILL (Oleg Nesterov) [Orabug: 16405868] {CVE-2013-0871}\n- ptrace: introduce signal_wake_up_state() and ptrace_signal_wake_up() (Oleg Nesterov) [Orabug: 16405868] {CVE-2013-0871}\n- Bluetooth: Fix incorrect strncpy() in hidp_setup_hid() (Anderson Lizardo) [Orabug: 16711062] {CVE-2013-0349}\n- dccp: check ccid before dereferencing (Mathias Krause) [Orabug: 16711040] {CVE-2013-1827}\n- USB: io_ti: Fix NULL dereference in chase_port() (Wolfgang Frisch) [Orabug: 16425435] {CVE-2013-1774}\n- keys: fix race with concurrent install_user_keyrings() (David Howells) [Orabug: 16493369] {CVE-2013-1792}\n- KVM: Fix bounds checking in ioapic indirect register reads (CVE-2013-1798) (Andy Honig) [Orabug: 16710937] {CVE-2013-1798}\n- KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (CVE-2013-1796) (Jerry Snitselaar) [Orabug: 16710794] {CVE-2013-1796}\n\n[2.6.32-400.27.1.el6uek]\n- net/tun: fix ioctl() based info leaks (Mathias Krause) [Orabug: 16675501] {CVE-2012-6547}\n- atm: fix info leak via getsockname() (Mathias Krause) [Orabug: 16675501] {CVE-2012-6546}\n- atm: fix info leak in getsockopt(SO_ATMPVC) (Mathias Krause) [Orabug: 16675501] {CVE-2012-6546}\n- xfrm_user: fix info leak in copy_to_user_tmpl() (Mathias Krause) [Orabug: 16675501] {CVE-2012-6537}\n- xfrm_user: fix info leak in copy_to_user_policy() (Mathias Krause) [Orabug: 16675501] {CVE-2012-6537}\n- xfrm_user: fix info leak in copy_to_user_state() (Mathias Krause) [Orabug: 16675501] {CVE-2013-6537}\n- xfrm_user: return error pointer instead of NULL #2 (Mathias Krause) [Orabug: 16675501] {CVE-2013-1826}\n- xfrm_user: return error pointer instead of NULL (Mathias Krause) [Orabug: 16675501] {CVE-2013-1826}\n- llc: fix info leak via getsockname() (Mathias Krause) [Orabug: 16675501] {CVE-2012-6542}\n- x86/mm: Check if PUD is large when validating a kernel address (Mel Gorman) [Orabug: 14251997]", "modified": "2016-05-20T00:00:00", "id": "ORACLELINUX_ELSA-2013-2534.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68856", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2013-2534)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2013-2534.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68856);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2016/05/20 14:21:44 $\");\n\n script_cve_id(\"CVE-2012-4542\", \"CVE-2012-5517\", \"CVE-2012-6537\", \"CVE-2012-6542\", \"CVE-2012-6546\", \"CVE-2012-6547\", \"CVE-2013-0349\", \"CVE-2013-0871\", \"CVE-2013-1774\", \"CVE-2013-1792\", \"CVE-2013-1796\", \"CVE-2013-1798\", \"CVE-2013-1826\", \"CVE-2013-1827\", \"CVE-2013-1860\", \"CVE-2013-1929\", \"CVE-2013-1943\");\n script_bugtraq_id(56527, 57986, 58088, 58112, 58202, 58368, 58381, 58383, 58510, 58604, 58607, 58908, 58977, 58989, 58992, 58996, 60466);\n\n script_name(english:\"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2013-2534)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n\n[2.6.32-400.29.1.el6uek]\n- KVM: add missing void __user COPYING CREDITS Documentation Kbuild \nMAINTAINERS Makefile README REPORTING-BUGS arch block crypto drivers \nfirmware fs include init ipc kernel lib mm net samples scripts security \nsound tools uek-rpm usr virt cast to access_ok() call (Heiko Carstens) \n[Orabug: 16941620] {CVE-2013-1943}\n- KVM: Validate userspace_addr of memslot when registered (Takuya \nYoshikawa) [Orabug: 16941620] {CVE-2013-1943}\n\n[2.6.32-400.28.1.el6uek]\n- do_add_mount()/umount -l races (Jerry Snitselaar) [Orabug: 16311974]\n- tg3: fix length overflow in VPD firmware parsing (Kees Cook) [Orabug: \n16837019] {CVE-2013-1929}\n- USB: cdc-wdm: fix buffer overflow (Oliver Neukum) [Orabug: 16837003] \n{CVE-2013-1860}\n- bonding: emit event when bonding changes MAC (Weiping Pan) [Orabug: \n16579025]\n- sched: Fix ancient race in do_exit() (Joe Jin)\n- open debug in page_move_anon_rmap by default. (Xiaowei.Hu) [Orabug: \n14046035]\n- block: default SCSI command filter does not accomodate commands \noverlap across device classes (Jamie Iles) [Orabug: 16387136] \n{CVE-2012-4542}\n- vma_adjust: fix the copying of anon_vma chains (Linus Torvalds) \n[Orabug: 14046035]\n- xen-netfront: delay gARP until backend switches to Connected (Laszlo \nErsek) [Orabug: 16182568]\n- svcrpc: don't hold sv_lock over svc_xprt_put() (J. Bruce Fields) \n[Orabug: 16032824]\n- mm/hotplug: correctly add new zone to all other nodes' zone lists \n(Jiang Liu) [Orabug: 16603569] {CVE-2012-5517}\n- ptrace: ptrace_resume() shouldn't wake up !TASK_TRACED thread (Oleg \nNesterov) [Orabug: 16405868] {CVE-2013-0871}\n- ptrace: ensure arch_ptrace/ptrace_request can never race with SIGKILL \n(Oleg Nesterov) [Orabug: 16405868] {CVE-2013-0871}\n- ptrace: introduce signal_wake_up_state() and ptrace_signal_wake_up() \n(Oleg Nesterov) [Orabug: 16405868] {CVE-2013-0871}\n- Bluetooth: Fix incorrect strncpy() in hidp_setup_hid() (Anderson \nLizardo) [Orabug: 16711062] {CVE-2013-0349}\n- dccp: check ccid before dereferencing (Mathias Krause) [Orabug: \n16711040] {CVE-2013-1827}\n- USB: io_ti: Fix NULL dereference in chase_port() (Wolfgang Frisch) \n[Orabug: 16425435] {CVE-2013-1774}\n- keys: fix race with concurrent install_user_keyrings() (David Howells) \n[Orabug: 16493369] {CVE-2013-1792}\n- KVM: Fix bounds checking in ioapic indirect register reads \n(CVE-2013-1798) (Andy Honig) [Orabug: 16710937] {CVE-2013-1798}\n- KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME \n(CVE-2013-1796) (Jerry Snitselaar) [Orabug: 16710794] {CVE-2013-1796}\n\n[2.6.32-400.27.1.el6uek]\n- net/tun: fix ioctl() based info leaks (Mathias Krause) [Orabug: \n16675501] {CVE-2012-6547}\n- atm: fix info leak via getsockname() (Mathias Krause) [Orabug: \n16675501] {CVE-2012-6546}\n- atm: fix info leak in getsockopt(SO_ATMPVC) (Mathias Krause) [Orabug: \n16675501] {CVE-2012-6546}\n- xfrm_user: fix info leak in copy_to_user_tmpl() (Mathias Krause) \n[Orabug: 16675501] {CVE-2012-6537}\n- xfrm_user: fix info leak in copy_to_user_policy() (Mathias Krause) \n[Orabug: 16675501] {CVE-2012-6537}\n- xfrm_user: fix info leak in copy_to_user_state() (Mathias Krause) \n[Orabug: 16675501] {CVE-2013-6537}\n- xfrm_user: return error pointer instead of NULL #2 (Mathias Krause) \n[Orabug: 16675501] {CVE-2013-1826}\n- xfrm_user: return error pointer instead of NULL (Mathias Krause) \n[Orabug: 16675501] {CVE-2013-1826}\n- llc: fix info leak via getsockname() (Mathias Krause) [Orabug: \n16675501] {CVE-2012-6542}\n- x86/mm: Check if PUD is large when validating a kernel address (Mel \nGorman) [Orabug: 14251997]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-June/003512.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-June/003513.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.29.1.el5uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.29.1.el5uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.29.1.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.29.1.el6uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-400.29.1.el5uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-400.29.1.el5uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-400.29.1.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-400.29.1.el6uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-2.6.32\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-2.6.32-400.29.1.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-2.6.32\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-2.6.32-400.29.1.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-devel-2.6.32\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-devel-2.6.32-400.29.1.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-devel-2.6.32\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-devel-2.6.32-400.29.1.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-doc-2.6.32\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-doc-2.6.32-400.29.1.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-firmware-2.6.32\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-firmware-2.6.32-400.29.1.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-headers-2.6.32\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-headers-2.6.32-400.29.1.el5uek\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"mlnx_en-2.6.32-400.29.1.el5uek-1.5.7-2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"mlnx_en-2.6.32-400.29.1.el5uekdebug-1.5.7-2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"ofa-2.6.32-400.29.1.el5uek-1.5.1-4.0.58\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"ofa-2.6.32-400.29.1.el5uekdebug-1.5.1-4.0.58\")) flag++;\n\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-2.6.32-400.29.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-2.6.32-400.29.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-devel-2.6.32-400.29.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-devel-2.6.32-400.29.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-doc-2.6.32-400.29.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-firmware-2.6.32-400.29.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-headers-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-headers-2.6.32-400.29.1.el6uek\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"mlnx_en-2.6.32-400.29.1.el6uek-1.5.7-0.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"mlnx_en-2.6.32-400.29.1.el6uekdebug-1.5.7-0.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"ofa-2.6.32-400.29.1.el6uek-1.5.1-4.0.58\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"ofa-2.6.32-400.29.1.el6uekdebug-1.5.1-4.0.58\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:24:11", "bulletinFamily": "scanner", "description": "This is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update to fix a lot of security issues and non-security bugs.\n\nThe following security bugs have been fixed :\n\nCVE-2011-3593: A certain Red Hat patch to the vlan_hwaccel_do_receive function in net/8021q/vlan_core.c in the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 allows remote attackers to cause a denial of service (system crash) via priority-tagged VLAN frames.\n(bnc#735347)\n\nCVE-2012-1601: The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists. (bnc#754898)\n\nCVE-2012-2137: Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the Linux kernel before 3.2.24 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to Message Signaled Interrupts (MSI), irq routing entries, and an incorrect check by the setup_routing_entry function before invoking the kvm_set_irq function. (bnc#767612)\n\nCVE-2012-2372: The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interfaces own IP address, as demonstrated by rds-ping. (bnc#767610)\n\nCVE-2012-2745: The copy_creds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement session keyring to a child process, which allows local users to cause a denial of service (panic) via a crafted application that uses the fork system call.\n(bnc#770695)\n\nCVE-2012-3375: The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083. (bnc#769896)\n\nCVE-2012-3412: The sfc (aka Solarflare Solarstorm) driver in the Linux kernel before 3.2.30 allows remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value. (bnc#774523)\n\nCVE-2012-3430: The rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg system call on an RDS socket. (bnc#773383)\n\nCVE-2012-3511: Multiple race conditions in the madvise_remove function in mm/madvise.c in the Linux kernel before 3.4.5 allow local users to cause a denial of service (use-after-free and system crash) via vectors involving a (1) munmap or (2) close system call. (bnc#776885)\n\nCVE-2012-4444: The ip6_frag_queue function in net/ipv6/reassembly.c in the Linux kernel before 2.6.36 allows remote attackers to bypass intended network restrictions via overlapping IPv6 fragments. (bnc#789831)\n\nCVE-2012-4530: The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#786013)\n\nCVE-2012-4565: The tcp_illinois_info function in net/ipv4/tcp_illinois.c in the Linux kernel before 3.4.19, when the net.ipv4.tcp_congestion_control illinois setting is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) by reading TCP stats.\n(bnc#787576)\n\nCVE-2012-6537: net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability.\n(bnc#809889)\n\nCVE-2012-6538: The copy_to_user_auth function in net/xfrm/xfrm_user.c in the Linux kernel before 3.6 uses an incorrect C library function for copying a string, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability. (bnc#809889)\n\nCVE-2012-6539: The dev_ifconf function in net/socket.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809891)\n\nCVE-2012-6540: The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 3.6 does not initialize a certain structure for IP_VS_SO_GET_TIMEOUT commands, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809892)\n\nCVE-2012-6541: The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809893)\n\nCVE-2012-6542: The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel before 3.6 has an incorrect return value in certain circumstances, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that leverages an uninitialized pointer argument. (bnc#809894)\n\nCVE-2012-6544: The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation. (bnc#809898)\n\nCVE-2012-6545: The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application.\n(bnc#809899)\n\nCVE-2012-6546: The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809900)\n\nCVE-2012-6547: The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809901)\n\nCVE-2012-6548: The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application. (bnc#809902)\n\nCVE-2012-6549: The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application. (bnc#809903)\n\nCVE-2013-0160: The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device.\n(bnc#797175)\n\nCVE-2013-0216: The Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (loop) by triggering ring pointer corruption.\n(bnc#800280)(XSA-39)\n\nCVE-2013-0231: The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third-party information.\n(bnc#801178)(XSA-43)\n\nCVE-2013-0268: The msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c. (bnc#802642)\n\nCVE-2013-0310: The cipso_v4_validate function in net/ipv4/cipso_ipv4.c in the Linux kernel before 3.4.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an IPOPT_CIPSO IP_OPTIONS setsockopt system call. (bnc#804653)\n\nCVE-2013-0343: The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.8 does not properly handle problems with the generation of IPv6 temporary addresses, which allows remote attackers to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information, via ICMPv6 Router Advertisement (RA) messages. (bnc#805226)\n\nCVE-2013-0349: The hidp_setup_hid function in net/bluetooth/hidp/core.c in the Linux kernel before 3.7.6 does not properly copy a certain name field, which allows local users to obtain sensitive information from kernel memory by setting a long name and making an HIDPCONNADD ioctl call. (bnc#805227)\n\nCVE-2013-0871: Race condition in the ptrace functionality in the Linux kernel before 3.7.5 allows local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death.\n(bnc#804154)\n\nCVE-2013-0914: The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call. (bnc#808827)\n\nCVE-2013-1767: Use-after-free vulnerability in the shmem_remount_fs function in mm/shmem.c in the Linux kernel before 3.7.10 allows local users to gain privileges or cause a denial of service (system crash) by remounting a tmpfs filesystem without specifying a required mpol (aka mempolicy) mount option. (bnc#806138)\n\nCVE-2013-1773: Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion. (bnc#806977)\n\nCVE-2013-1774: The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter. (bnc#806976)\n\nCVE-2013-1792: Race condition in the install_user_keyrings function in security/keys/process_keys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) via crafted keyctl system calls that trigger keyring operations in simultaneous threads. (bnc#808358)\n\nCVE-2013-1796: The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required time_page alignment during an MSR_KVM_SYSTEM_TIME operation, which allows guest OS users to cause a denial of service (buffer overflow and host OS memory corruption) or possibly have unspecified other impact via a crafted application. (bnc#806980)\n\nCVE-2013-1797: Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address (GPA) in (1) movable or (2) removable memory during an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation.\n(bnc#806980)\n\nCVE-2013-1798: The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application. (bnc#806980)\n\nCVE-2013-1827: net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for a certain (1) sender or (2) receiver getsockopt call.\n(bnc#811354)\n\nCVE-2013-1928: The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device. (bnc#813735)\n\nCVE-2013-1943: The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guests physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c.\n(bnc#828012)\n\nCVE-2013-2015: The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers to cause a denial of service (system hang) via a crafted filesystem on removable media, as demonstrated by the e2fsprogs tests/f_orphan_extents_inode/image.gz test.\n(bnc#817377)\n\nCVE-2013-2141: The do_tkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call.\n(bnc#823267)\n\nCVE-2013-2147: The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c. (bnc#823260)\n\nCVE-2013-2164: The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive. (bnc#824295)\n\nCVE-2013-2232: The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface. (bnc#827750)\n\nCVE-2013-2234: The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket.\n(bnc#827749)\n\nCVE-2013-2237: The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket. (bnc#828119)\n\nCVE-2013-2634: net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#810473)\n\nCVE-2013-2851: Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name. (bnc#822575)\n\nCVE-2013-2852: Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message.\n(bnc#822579)\n\nCVE-2013-2888: Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID. (bnc#835839)\n\nCVE-2013-2889: drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. (bnc#835839)\n\nCVE-2013-2892: drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. (bnc#835839)\n\nCVE-2013-2893: The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c.\n(bnc#835839)\n\nCVE-2013-2897: Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allow physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device. (bnc#835839)\n\nCVE-2013-2929: The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h. (bnc#847652)\n\nCVE-2013-3222: The vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668)\n\nCVE-2013-3223: The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.\n(bnc#816668)\n\nCVE-2013-3224: The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668)\n\nCVE-2013-3225: The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668)\n\nCVE-2013-3228: The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.\n(bnc#816668)\n\nCVE-2013-3229: The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.\n(bnc#816668)\n\nCVE-2013-3231: The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.\n(bnc#816668)\n\nCVE-2013-3232: The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.\n(bnc#816668)\n\nCVE-2013-3234: The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.\n(bnc#816668)\n\nCVE-2013-3235: net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668)\n\nCVE-2013-4345: Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. (bnc#840226)\n\nCVE-2013-4470: The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c.\n(bnc#847672)\n\nCVE-2013-4483: The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. (bnc#848321)\n\nCVE-2013-4511: Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. (bnc#849021)\n\nCVE-2013-4587: Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value.\n(bnc#853050)\n\nCVE-2013-4588: Multiple stack-based buffer overflows in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 2.6.33, when CONFIG_IP_VS is used, allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability for (1) a getsockopt system call, related to the do_ip_vs_get_ctl function, or (2) a setsockopt system call, related to the do_ip_vs_set_ctl function. (bnc#851095)\n\nCVE-2013-4591: Buffer overflow in the\n__nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the Linux kernel before 3.7.2 allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via a getxattr system call for the system.nfs4_acl extended attribute of a pathname on an NFSv4 filesystem. (bnc#851103)\n\nCVE-2013-6367: The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. (bnc#853051)\n\nCVE-2013-6368: The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. (bnc#853052)\n\nCVE-2013-6378: The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (bnc#852559)\n\nCVE-2013-6383: The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (bnc#852558)\n\nCVE-2014-1444: The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call. (bnc#858869)\n\nCVE-2014-1445: The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an ioctl call. (bnc#858870)\n\nCVE-2014-1446: The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call. (bnc#858872)\n\nAlso the following non-security bugs have been fixed :\n\n - x86: Clear HPET configuration registers on startup (bnc#748896).\n\n - sched: fix divide by zero in task_utime() (bnc#761774).\n\n - sched: Fix pick_next_highest_task_rt() for cgroups (bnc#760596).\n\n - mm: hugetlbfs: Close race during teardown of hugetlbfs shared page tables.\n\n - mm: hugetlbfs: Correctly detect if page tables have just been shared. (Fix bad PMD message displayed while using hugetlbfs (bnc#762366)).\n\n - cpumask: Partition_sched_domains takes array of cpumask_var_t (bnc#812364).\n\n - cpumask: Simplify sched_rt.c (bnc#812364).\n\n - kabi: protect bind_conflict callback in struct inet_connection_sock_af_ops (bnc#823618).\n\n - memcg: fix init_section_page_cgroup pfn alignment (bnc#835481).\n\n - tty: fix up atime/mtime mess, take three (bnc#797175).\n\n - tty: fix atime/mtime regression (bnc#815745).\n\n - ptrace: ptrace_resume() should not wake up !TASK_TRACED thread (bnc#804154).\n\n - kbuild: Fix gcc -x syntax (bnc#773831).\n\n - ftrace: Disable function tracing during suspend/resume and hibernation, again (bnc#768668). proc: fix pagemap_read() error case (bnc#787573).\n\n net: Upgrade device features irrespective of mask (bnc#715250).\n\n - tcp: bind() fix autoselection to share ports (bnc#823618).\n\n - tcp: bind() use stronger condition for bind_conflict (bnc#823618).\n\n - tcp: ipv6: bind() use stronger condition for bind_conflict (bnc#823618).\n\n - netfilter: use RCU safe kfree for conntrack extensions (bnc#827416).\n\n - netfilter: prevent race condition breaking net reference counting (bnc#835094).\n\n - netfilter: send ICMPv6 message on fragment reassembly timeout (bnc#773577).\n\n - netfilter: fix sending ICMPv6 on netfilter reassembly timeout (bnc#773577).\n\n - tcp_cubic: limit delayed_ack ratio to prevent divide error (bnc#810045). bonding: in balance-rr mode, set curr_active_slave only if it is up (bnc#789648).\n\n scsi: Add 'eh_deadline' to limit SCSI EH runtime (bnc#798050).\n\n - scsi: Allow error handling timeout to be specified (bnc#798050).\n\n - scsi: Fixup compilation warning (bnc#798050).\n\n - scsi: Retry failfast commands after EH (bnc#798050).\n\n - scsi: Warn on invalid command completion (bnc#798050).\n\n - scsi: Always retry internal target error (bnc#745640, bnc#825227).\n\n - scsi: kABI fixes (bnc#798050).\n\n - scsi: remove check for 'resetting' (bnc#798050).\n\n - scsi: Eliminate error handler overload of the SCSI serial number (bnc#798050).\n\n - scsi: Reduce error recovery time by reducing use of TURs (bnc#798050).\n\n - scsi: Reduce sequential pointer derefs in scsi_error.c and reduce size as well (bnc#798050).\n\n - scsi: cleanup setting task state in scsi_error_handler() (bnc#798050).\n\n - scsi: fix eh wakeup (scsi_schedule_eh vs scsi_restart_operations) (bnc#798050). scsi: fix id computation in scsi_eh_target_reset() (bnc#798050).\n\n advansys: Remove 'last_reset' references (bnc#798050).\n\n - dc395: Move 'last_reset' into internal host structure (bnc#798050).\n\n - dpt_i2o: Remove DPTI_STATE_IOCTL (bnc#798050).\n\n - dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset (bnc#798050).\n\n - fc class: fix scanning when devs are offline (bnc#798050). tmscsim: Move 'last_reset' into host structure (bnc#798050).\n\n st: Store page order before driver buffer allocation (bnc#769644).\n\n - st: Increase success probability in driver buffer allocation (bnc#769644). st: work around broken\n __bio_add_page logic (bnc#769644).\n\n avoid race by ignoring flush_time in cache_check (bnc#814363).\n\n writeback: remove the internal 5% low bound on dirty_ratio\n\n - writeback: skip balance_dirty_pages() for in-memory fs (Do not dirty throttle ram-based filesystems (bnc#840858)). writeback: Do not sync data dirtied after sync start (bnc#833820).\n\n blkdev_max_block: make private to fs/buffer.c (bnc#820338).\n\n - vfs: avoid 'attempt to access beyond end of device' warnings (bnc#820338). vfs: fix O_DIRECT read past end of block device (bnc#820338).\n\n lib/radix-tree.c: make radix_tree_node_alloc() work correctly within interrupt (bnc#763463).\n\n xfs: allow writeback from kswapd (bnc#826707).\n\n - xfs: skip writeback from reclaim context (bnc#826707).\n\n - xfs: Serialize file-extending direct IO (bnc#818371).\n\n - xfs: Avoid pathological backwards allocation (bnc#805945). xfs: fix inode lookup race (bnc#763463).\n\n cifs: clarify the meaning of tcpStatus == CifsGood (bnc#776024).\n\n cifs: do not allow cifs_reconnect to exit with NULL socket pointer (bnc#776024).\n\n ocfs2: Add a missing journal credit in ocfs2_link_credits() -v2 (bnc#773320).\n\n usb: Fix deadlock in hid_reset when Dell iDRAC is reset (bnc#814716).\n\n usb: xhci: Fix command completion after a drop endpoint (bnc#807320).\n\n netiucv: Hold rtnl between name allocation and device registration (bnc#824159).\n\n rwsem: Test for no active locks in __rwsem_do_wake undo code (bnc#813276).\n\n nfs: NFSv3/v2: Fix data corruption with NFS short reads (bnc#818337).\n\n - nfs: Allow sec=none mounts in certain cases (bnc#795354).\n\n - nfs: Make nfsiod a multi-thread queue (bnc#815352).\n\n - nfs: increase number of permitted callback connections (bnc#771706).\n\n - nfs: Fix Oops in nfs_lookup_revalidate (bnc#780008).\n\n - nfs: do not allow TASK_KILLABLE sleeps to block the freezer (bnc#775182). nfs: Avoid race in d_splice_alias and vfs_rmdir (bnc#845028).\n\n svcrpc: take lock on turning entry NEGATIVE in cache_check (bnc#803320).\n\n - svcrpc: ensure cache_check caller sees updated entry (bnc#803320).\n\n - sunrpc/cache: remove races with queuing an upcall (bnc#803320).\n\n - sunrpc/cache: use cache_fresh_unlocked consistently and correctly (bnc#803320).\n\n - sunrpc/cache: ensure items removed from cache do not have pending upcalls (bnc#803320).\n\n - sunrpc/cache: do not schedule update on cache item that has been replaced (bnc#803320). sunrpc/cache: fix test in try_to_negate (bnc#803320).\n\n xenbus: fix overflow check in xenbus_dev_write().\n\n - x86: do not corrupt %eip when returning from a signal handler.\n\n - scsiback/usbback: move cond_resched() invocations to proper place. netback: fix netbk_count_requests().\n\n dm: add dm_deleting_md function (bnc#785016).\n\n - dm: bind new table before destroying old (bnc#785016).\n\n - dm: keep old table until after resume succeeded (bnc#785016). dm: rename dm_get_table to dm_get_live_table (bnc#785016).\n\n drm/edid: Fix up partially corrupted headers (bnc#780004).\n\n drm/edid: Retry EDID fetch up to four times (bnc#780004).\n\n i2c-algo-bit: Fix spurious SCL timeouts under heavy load (bnc#780004).\n\n hpilo: remove pci_disable_device (bnc#752544).\n\n mptsas: handle 'Initializing Command Required' ASCQ (bnc#782178).\n\n mpt2sas: Fix race on shutdown (bnc#856917).\n\n ipmi: decrease the IPMI message transaction time in interrupt mode (bnc#763654).\n\n - ipmi: simplify locking (bnc#763654). ipmi: use a tasklet for handling received messages (bnc#763654).\n\n bnx2x: bug fix when loading after SAN boot (bnc#714906).\n\n bnx2x: previous driver unload revised (bnc#714906).\n\n ixgbe: Address fact that RSC was not setting GSO size for incoming frames (bnc#776144).\n\n ixgbe: pull PSRTYPE configuration into a separate function (bnc#780572 bnc#773640 bnc#776144).\n\n e1000e: clear REQ and GNT in EECD (82571 && 82572) (bnc#762099).\n\n hpsa: do not attempt to read from a write-only register (bnc#777473).\n\n aio: Fixup kABI for the aio-implement-request-batching patch (bnc#772849).\n\n - aio: bump i_count instead of using igrab (bnc#772849).\n aio: implement request batching (bnc#772849).\n\n Driver core: Do not remove kobjects in device_shutdown (bnc#771992).\n\n resources: fix call to alignf() in allocate_resource() (bnc#744955).\n\n - resources: when allocate_resource() fails, leave resource untouched (bnc#744955).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-07-31T00:00:00", "id": "SUSE_SU-2014-0287-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83611", "published": "2015-05-20T00:00:00", "title": "SUSE SLES11 Security Update : kernel (SUSE-SU-2014:0287-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2014:0287-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83611);\n script_version(\"2.3\");\n script_cvs_date(\"Date: 2018/07/31 17:27:54\");\n\n script_cve_id(\"CVE-2011-1083\", \"CVE-2011-3593\", \"CVE-2012-1601\", \"CVE-2012-2137\", \"CVE-2012-2372\", \"CVE-2012-2745\", \"CVE-2012-3375\", \"CVE-2012-3412\", \"CVE-2012-3430\", \"CVE-2012-3511\", \"CVE-2012-4444\", \"CVE-2012-4530\", \"CVE-2012-4565\", \"CVE-2012-6537\", \"CVE-2012-6538\", \"CVE-2012-6539\", \"CVE-2012-6540\", \"CVE-2012-6541\", \"CVE-2012-6542\", \"CVE-2012-6544\", \"CVE-2012-6545\", \"CVE-2012-6546\", \"CVE-2012-6547\", \"CVE-2012-6548\", \"CVE-2012-6549\", \"CVE-2013-0160\", \"CVE-2013-0216\", \"CVE-2013-0231\", \"CVE-2013-0268\", \"CVE-2013-0310\", \"CVE-2013-0343\", \"CVE-2013-0349\", \"CVE-2013-0871\", \"CVE-2013-0914\", \"CVE-2013-1767\", \"CVE-2013-1773\", \"CVE-2013-1774\", \"CVE-2013-1792\", \"CVE-2013-1796\", \"CVE-2013-1797\", \"CVE-2013-1798\", \"CVE-2013-1827\", \"CVE-2013-1928\", \"CVE-2013-1943\", \"CVE-2013-2015\", \"CVE-2013-2141\", \"CVE-2013-2147\", \"CVE-2013-2164\", \"CVE-2013-2232\", \"CVE-2013-2234\", \"CVE-2013-2237\", \"CVE-2013-2634\", \"CVE-2013-2851\", \"CVE-2013-2852\", \"CVE-2013-2888\", \"CVE-2013-2889\", \"CVE-2013-2892\", \"CVE-2013-2893\", \"CVE-2013-2897\", \"CVE-2013-2929\", \"CVE-2013-3222\", \"CVE-2013-3223\", \"CVE-2013-3224\", \"CVE-2013-3225\", \"CVE-2013-3228\", \"CVE-2013-3229\", \"CVE-2013-3231\", \"CVE-2013-3232\", \"CVE-2013-3234\", \"CVE-2013-3235\", \"CVE-2013-4345\", \"CVE-2013-4470\", \"CVE-2013-4483\", \"CVE-2013-4511\", \"CVE-2013-4587\", \"CVE-2013-4588\", \"CVE-2013-4591\", \"CVE-2013-6367\", \"CVE-2013-6368\", \"CVE-2013-6378\", \"CVE-2013-6383\", \"CVE-2014-1444\", \"CVE-2014-1445\", \"CVE-2014-1446\");\n script_bugtraq_id(46630, 50767, 53488, 54062, 54063, 54283, 54365, 54702, 54763, 55151, 55878, 56346, 56891, 57176, 57740, 57743, 57838, 57986, 58052, 58112, 58177, 58200, 58202, 58368, 58383, 58409, 58426, 58597, 58604, 58605, 58607, 58795, 58906, 58977, 58978, 58985, 58986, 58987, 58989, 58990, 58991, 58992, 58993, 58994, 58996, 59377, 59380, 59381, 59383, 59385, 59389, 59390, 59393, 59394, 59397, 59512, 60254, 60280, 60375, 60409, 60410, 60466, 60874, 60893, 60953, 62042, 62043, 62044, 62049, 62050, 62740, 63359, 63445, 63512, 63744, 63791, 63886, 63888, 64111, 64270, 64291, 64328, 64952, 64953, 64954);\n\n script_name(english:\"SUSE SLES11 Security Update : kernel (SUSE-SU-2014:0287-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update to\nfix a lot of security issues and non-security bugs.\n\nThe following security bugs have been fixed :\n\nCVE-2011-3593: A certain Red Hat patch to the vlan_hwaccel_do_receive\nfunction in net/8021q/vlan_core.c in the Linux kernel 2.6.32 on Red\nHat Enterprise Linux (RHEL) 6 allows remote attackers to cause a\ndenial of service (system crash) via priority-tagged VLAN frames.\n(bnc#735347)\n\nCVE-2012-1601: The KVM implementation in the Linux kernel\nbefore 3.3.6 allows host OS users to cause a denial of\nservice (NULL pointer dereference and host OS crash) by\nmaking a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU\nalready exists. (bnc#754898)\n\nCVE-2012-2137: Buffer overflow in virt/kvm/irq_comm.c in the\nKVM subsystem in the Linux kernel before 3.2.24 allows local\nusers to cause a denial of service (crash) and possibly\nexecute arbitrary code via vectors related to Message\nSignaled Interrupts (MSI), irq routing entries, and an\nincorrect check by the setup_routing_entry function before\ninvoking the kvm_set_irq function. (bnc#767612)\n\nCVE-2012-2372: The rds_ib_xmit function in net/rds/ib_send.c\nin the Reliable Datagram Sockets (RDS) protocol\nimplementation in the Linux kernel 3.7.4 and earlier allows\nlocal users to cause a denial of service (BUG_ON and kernel\npanic) by establishing an RDS connection with the source IP\naddress equal to the IPoIB interfaces own IP address, as\ndemonstrated by rds-ping. (bnc#767610)\n\nCVE-2012-2745: The copy_creds function in kernel/cred.c in\nthe Linux kernel before 3.3.2 provides an invalid\nreplacement session keyring to a child process, which allows\nlocal users to cause a denial of service (panic) via a\ncrafted application that uses the fork system call.\n(bnc#770695)\n\nCVE-2012-3375: The epoll_ctl system call in fs/eventpoll.c\nin the Linux kernel before 3.2.24 does not properly handle\nELOOP errors in EPOLL_CTL_ADD operations, which allows local\nusers to cause a denial of service (file-descriptor\nconsumption and system crash) via a crafted application that\nattempts to create a circular epoll dependency. NOTE: this\nvulnerability exists because of an incorrect fix for\nCVE-2011-1083. (bnc#769896)\n\nCVE-2012-3412: The sfc (aka Solarflare Solarstorm) driver in\nthe Linux kernel before 3.2.30 allows remote attackers to\ncause a denial of service (DMA descriptor consumption and\nnetwork-controller outage) via crafted TCP packets that\ntrigger a small MSS value. (bnc#774523)\n\nCVE-2012-3430: The rds_recvmsg function in net/rds/recv.c in\nthe Linux kernel before 3.0.44 does not initialize a certain\nstructure member, which allows local users to obtain\npotentially sensitive information from kernel stack memory\nvia a (1) recvfrom or (2) recvmsg system call on an RDS\nsocket. (bnc#773383)\n\nCVE-2012-3511: Multiple race conditions in the\nmadvise_remove function in mm/madvise.c in the Linux kernel\nbefore 3.4.5 allow local users to cause a denial of service\n(use-after-free and system crash) via vectors involving a\n(1) munmap or (2) close system call. (bnc#776885)\n\nCVE-2012-4444: The ip6_frag_queue function in\nnet/ipv6/reassembly.c in the Linux kernel before 2.6.36\nallows remote attackers to bypass intended network\nrestrictions via overlapping IPv6 fragments. (bnc#789831)\n\nCVE-2012-4530: The load_script function in\nfs/binfmt_script.c in the Linux kernel before 3.7.2 does not\nproperly handle recursion, which allows local users to\nobtain sensitive information from kernel stack memory via a\ncrafted application. (bnc#786013)\n\nCVE-2012-4565: The tcp_illinois_info function in\nnet/ipv4/tcp_illinois.c in the Linux kernel before 3.4.19,\nwhen the net.ipv4.tcp_congestion_control illinois setting is\nenabled, allows local users to cause a denial of service\n(divide-by-zero error and OOPS) by reading TCP stats.\n(bnc#787576)\n\nCVE-2012-6537: net/xfrm/xfrm_user.c in the Linux kernel\nbefore 3.6 does not initialize certain structures, which\nallows local users to obtain sensitive information from\nkernel memory by leveraging the CAP_NET_ADMIN capability.\n(bnc#809889)\n\nCVE-2012-6538: The copy_to_user_auth function in\nnet/xfrm/xfrm_user.c in the Linux kernel before 3.6 uses an\nincorrect C library function for copying a string, which\nallows local users to obtain sensitive information from\nkernel heap memory by leveraging the CAP_NET_ADMIN\ncapability. (bnc#809889)\n\nCVE-2012-6539: The dev_ifconf function in net/socket.c in\nthe Linux kernel before 3.6 does not initialize a certain\nstructure, which allows local users to obtain sensitive\ninformation from kernel stack memory via a crafted\napplication. (bnc#809891)\n\nCVE-2012-6540: The do_ip_vs_get_ctl function in\nnet/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before\n3.6 does not initialize a certain structure for\nIP_VS_SO_GET_TIMEOUT commands, which allows local users to\nobtain sensitive information from kernel stack memory via a\ncrafted application. (bnc#809892)\n\nCVE-2012-6541: The ccid3_hc_tx_getsockopt function in\nnet/dccp/ccids/ccid3.c in the Linux kernel before 3.6 does\nnot initialize a certain structure, which allows local users\nto obtain sensitive information from kernel stack memory via\na crafted application. (bnc#809893)\n\nCVE-2012-6542: The llc_ui_getname function in\nnet/llc/af_llc.c in the Linux kernel before 3.6 has an\nincorrect return value in certain circumstances, which\nallows local users to obtain sensitive information from\nkernel stack memory via a crafted application that leverages\nan uninitialized pointer argument. (bnc#809894)\n\nCVE-2012-6544: The Bluetooth protocol stack in the Linux\nkernel before 3.6 does not properly initialize certain\nstructures, which allows local users to obtain sensitive\ninformation from kernel stack memory via a crafted\napplication that targets the (1) L2CAP or (2) HCI\nimplementation. (bnc#809898)\n\nCVE-2012-6545: The Bluetooth RFCOMM implementation in the\nLinux kernel before 3.6 does not properly initialize certain\nstructures, which allows local users to obtain sensitive\ninformation from kernel memory via a crafted application.\n(bnc#809899)\n\nCVE-2012-6546: The ATM implementation in the Linux kernel\nbefore 3.6 does not initialize certain structures, which\nallows local users to obtain sensitive information from\nkernel stack memory via a crafted application. (bnc#809900)\n\nCVE-2012-6547: The __tun_chr_ioctl function in\ndrivers/net/tun.c in the Linux kernel before 3.6 does not\ninitialize a certain structure, which allows local users to\nobtain sensitive information from kernel stack memory via a\ncrafted application. (bnc#809901)\n\nCVE-2012-6548: The udf_encode_fh function in fs/udf/namei.c\nin the Linux kernel before 3.6 does not initialize a certain\nstructure member, which allows local users to obtain\nsensitive information from kernel heap memory via a crafted\napplication. (bnc#809902)\n\nCVE-2012-6549: The isofs_export_encode_fh function in\nfs/isofs/export.c in the Linux kernel before 3.6 does not\ninitialize a certain structure member, which allows local\nusers to obtain sensitive information from kernel heap\nmemory via a crafted application. (bnc#809903)\n\nCVE-2013-0160: The Linux kernel through 3.7.9 allows local\nusers to obtain sensitive information about keystroke timing\nby using the inotify API on the /dev/ptmx device.\n(bnc#797175)\n\nCVE-2013-0216: The Xen netback functionality in the Linux\nkernel before 3.7.8 allows guest OS users to cause a denial\nof service (loop) by triggering ring pointer corruption.\n(bnc#800280)(XSA-39)\n\nCVE-2013-0231: The pciback_enable_msi function in the PCI\nbackend driver\n(drivers/xen/pciback/conf_space_capability_msi.c) in Xen for\nthe Linux kernel 2.6.18 and 3.8 allows guest OS users with\nPCI device access to cause a denial of service via a large\nnumber of kernel log messages. NOTE: some of these details\nare obtained from third-party information.\n(bnc#801178)(XSA-43)\n\nCVE-2013-0268: The msr_open function in\narch/x86/kernel/msr.c in the Linux kernel before 3.7.6\nallows local users to bypass intended capability\nrestrictions by executing a crafted application as root, as\ndemonstrated by msr32.c. (bnc#802642)\n\nCVE-2013-0310: The cipso_v4_validate function in\nnet/ipv4/cipso_ipv4.c in the Linux kernel before 3.4.8\nallows local users to cause a denial of service (NULL\npointer dereference and system crash) or possibly have\nunspecified other impact via an IPOPT_CIPSO IP_OPTIONS\nsetsockopt system call. (bnc#804653)\n\nCVE-2013-0343: The ipv6_create_tempaddr function in\nnet/ipv6/addrconf.c in the Linux kernel through 3.8 does not\nproperly handle problems with the generation of IPv6\ntemporary addresses, which allows remote attackers to cause\na denial of service (excessive retries and\naddress-generation outage), and consequently obtain\nsensitive information, via ICMPv6 Router Advertisement (RA)\nmessages. (bnc#805226)\n\nCVE-2013-0349: The hidp_setup_hid function in\nnet/bluetooth/hidp/core.c in the Linux kernel before 3.7.6\ndoes not properly copy a certain name field, which allows\nlocal users to obtain sensitive information from kernel\nmemory by setting a long name and making an HIDPCONNADD\nioctl call. (bnc#805227)\n\nCVE-2013-0871: Race condition in the ptrace functionality in\nthe Linux kernel before 3.7.5 allows local users to gain\nprivileges via a PTRACE_SETREGS ptrace system call in a\ncrafted application, as demonstrated by ptrace_death.\n(bnc#804154)\n\nCVE-2013-0914: The flush_signal_handlers function in\nkernel/signal.c in the Linux kernel before 3.8.4 preserves\nthe value of the sa_restorer field across an exec operation,\nwhich makes it easier for local users to bypass the ASLR\nprotection mechanism via a crafted application containing a\nsigaction system call. (bnc#808827)\n\nCVE-2013-1767: Use-after-free vulnerability in the\nshmem_remount_fs function in mm/shmem.c in the Linux kernel\nbefore 3.7.10 allows local users to gain privileges or cause\na denial of service (system crash) by remounting a tmpfs\nfilesystem without specifying a required mpol (aka\nmempolicy) mount option. (bnc#806138)\n\nCVE-2013-1773: Buffer overflow in the VFAT filesystem\nimplementation in the Linux kernel before 3.3 allows local\nusers to gain privileges or cause a denial of service\n(system crash) via a VFAT write operation on a filesystem\nwith the utf8 mount option, which is not properly handled\nduring UTF-8 to UTF-16 conversion. (bnc#806977)\n\nCVE-2013-1774: The chase_port function in\ndrivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4\nallows local users to cause a denial of service (NULL\npointer dereference and system crash) via an attempted\n/dev/ttyUSB read or write operation on a disconnected\nEdgeport USB serial converter. (bnc#806976)\n\nCVE-2013-1792: Race condition in the install_user_keyrings\nfunction in security/keys/process_keys.c in the Linux kernel\nbefore 3.8.3 allows local users to cause a denial of service\n(NULL pointer dereference and system crash) via crafted\nkeyctl system calls that trigger keyring operations in\nsimultaneous threads. (bnc#808358)\n\nCVE-2013-1796: The kvm_set_msr_common function in\narch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does\nnot ensure a required time_page alignment during an\nMSR_KVM_SYSTEM_TIME operation, which allows guest OS users\nto cause a denial of service (buffer overflow and host OS\nmemory corruption) or possibly have unspecified other impact\nvia a crafted application. (bnc#806980)\n\nCVE-2013-1797: Use-after-free vulnerability in\narch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows\nguest OS users to cause a denial of service (host OS memory\ncorruption) or possibly have unspecified other impact via a\ncrafted application that triggers use of a guest physical\naddress (GPA) in (1) movable or (2) removable memory during\nan MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation.\n(bnc#806980)\n\nCVE-2013-1798: The ioapic_read_indirect function in\nvirt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not\nproperly handle a certain combination of invalid\nIOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which\nallows guest OS users to obtain sensitive information from\nhost OS memory or cause a denial of service (host OS OOPS)\nvia a crafted application. (bnc#806980)\n\nCVE-2013-1827: net/dccp/ccid.h in the Linux kernel before\n3.5.4 allows local users to gain privileges or cause a\ndenial of service (NULL pointer dereference and system\ncrash) by leveraging the CAP_NET_ADMIN capability for a\ncertain (1) sender or (2) receiver getsockopt call.\n(bnc#811354)\n\nCVE-2013-1928: The do_video_set_spu_palette function in\nfs/compat_ioctl.c in the Linux kernel before 3.6.5 on\nunspecified architectures lacks a certain error check, which\nmight allow local users to obtain sensitive information from\nkernel stack memory via a crafted VIDEO_SET_SPU_PALETTE\nioctl call on a /dev/dvb device. (bnc#813735)\n\nCVE-2013-1943: The KVM subsystem in the Linux kernel before\n3.0 does not check whether kernel addresses are specified\nduring allocation of memory slots for use in a guests\nphysical address space, which allows local users to gain\nprivileges or obtain sensitive information from kernel\nmemory via a crafted application, related to\narch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c.\n(bnc#828012)\n\nCVE-2013-2015: The ext4_orphan_del function in\nfs/ext4/namei.c in the Linux kernel before 3.7.3 does not\nproperly handle orphan-list entries for non-journal\nfilesystems, which allows physically proximate attackers to\ncause a denial of service (system hang) via a crafted\nfilesystem on removable media, as demonstrated by the\ne2fsprogs tests/f_orphan_extents_inode/image.gz test.\n(bnc#817377)\n\nCVE-2013-2141: The do_tkill function in kernel/signal.c in\nthe Linux kernel before 3.8.9 does not initialize a certain\ndata structure, which allows local users to obtain sensitive\ninformation from kernel memory via a crafted application\nthat makes a (1) tkill or (2) tgkill system call.\n(bnc#823267)\n\nCVE-2013-2147: The HP Smart Array controller disk-array\ndriver and Compaq SMART2 controller disk-array driver in the\nLinux kernel through 3.9.4 do not initialize certain data\nstructures, which allows local users to obtain sensitive\ninformation from kernel memory via (1) a crafted\nIDAGETPCIINFO command for a /dev/ida device, related to the\nida_locked_ioctl function in drivers/block/cpqarray.c or (2)\na crafted CCISS_PASSTHRU32 command for a /dev/cciss device,\nrelated to the cciss_ioctl32_passthru function in\ndrivers/block/cciss.c. (bnc#823260)\n\nCVE-2013-2164: The mmc_ioctl_cdrom_read_data function in\ndrivers/cdrom/cdrom.c in the Linux kernel through 3.10\nallows local users to obtain sensitive information from\nkernel memory via a read operation on a malfunctioning\nCD-ROM drive. (bnc#824295)\n\nCVE-2013-2232: The ip6_sk_dst_check function in\nnet/ipv6/ip6_output.c in the Linux kernel before 3.10 allows\nlocal users to cause a denial of service (system crash) by\nusing an AF_INET6 socket for a connection to an IPv4\ninterface. (bnc#827750)\n\nCVE-2013-2234: The (1) key_notify_sa_flush and (2)\nkey_notify_policy_flush functions in net/key/af_key.c in the\nLinux kernel before 3.10 do not initialize certain structure\nmembers, which allows local users to obtain sensitive\ninformation from kernel heap memory by reading a broadcast\nmessage from the notify interface of an IPSec key_socket.\n(bnc#827749)\n\nCVE-2013-2237: The key_notify_policy_flush function in\nnet/key/af_key.c in the Linux kernel before 3.9 does not\ninitialize a certain structure member, which allows local\nusers to obtain sensitive information from kernel heap\nmemory by reading a broadcast message from the notify_policy\ninterface of an IPSec key_socket. (bnc#828119)\n\nCVE-2013-2634: net/dcb/dcbnl.c in the Linux kernel before\n3.8.4 does not initialize certain structures, which allows\nlocal users to obtain sensitive information from kernel\nstack memory via a crafted application. (bnc#810473)\n\nCVE-2013-2851: Format string vulnerability in the\nregister_disk function in block/genhd.c in the Linux kernel\nthrough 3.9.4 allows local users to gain privileges by\nleveraging root access and writing format string specifiers\nto /sys/module/md_mod/parameters/new_array in order to\ncreate a crafted /dev/md device name. (bnc#822575)\n\nCVE-2013-2852: Format string vulnerability in the\nb43_request_firmware function in\ndrivers/net/wireless/b43/main.c in the Broadcom B43 wireless\ndriver in the Linux kernel through 3.9.4 allows local users\nto gain privileges by leveraging root access and including\nformat string specifiers in an fwpostfix modprobe parameter,\nleading to improper construction of an error message.\n(bnc#822579)\n\nCVE-2013-2888: Multiple array index errors in\ndrivers/hid/hid-core.c in the Human Interface Device (HID)\nsubsystem in the Linux kernel through 3.11 allow physically\nproximate attackers to execute arbitrary code or cause a\ndenial of service (heap memory corruption) via a crafted\ndevice that provides an invalid Report ID. (bnc#835839)\n\nCVE-2013-2889: drivers/hid/hid-zpff.c in the Human Interface\nDevice (HID) subsystem in the Linux kernel through 3.11,\nwhen CONFIG_HID_ZEROPLUS is enabled, allows physically\nproximate attackers to cause a denial of service (heap-based\nout-of-bounds write) via a crafted device. (bnc#835839)\n\nCVE-2013-2892: drivers/hid/hid-pl.c in the Human Interface\nDevice (HID) subsystem in the Linux kernel through 3.11,\nwhen CONFIG_HID_PANTHERLORD is enabled, allows physically\nproximate attackers to cause a denial of service (heap-based\nout-of-bounds write) via a crafted device. (bnc#835839)\n\nCVE-2013-2893: The Human Interface Device (HID) subsystem in\nthe Linux kernel through 3.11, when CONFIG_LOGITECH_FF,\nCONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled,\nallows physically proximate attackers to cause a denial of\nservice (heap-based out-of-bounds write) via a crafted\ndevice, related to (1) drivers/hid/hid-lgff.c, (2)\ndrivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c.\n(bnc#835839)\n\nCVE-2013-2897: Multiple array index errors in\ndrivers/hid/hid-multitouch.c in the Human Interface Device\n(HID) subsystem in the Linux kernel through 3.11, when\nCONFIG_HID_MULTITOUCH is enabled, allow physically proximate\nattackers to cause a denial of service (heap memory\ncorruption, or NULL pointer dereference and OOPS) via a\ncrafted device. (bnc#835839)\n\nCVE-2013-2929: The Linux kernel before 3.12.2 does not\nproperly use the get_dumpable function, which allows local\nusers to bypass intended ptrace restrictions or obtain\nsensitive information from IA64 scratch registers via a\ncrafted application, related to kernel/ptrace.c and\narch/ia64/include/asm/processor.h. (bnc#847652)\n\nCVE-2013-3222: The vcc_recvmsg function in net/atm/common.c\nin the Linux kernel before 3.9-rc7 does not initialize a\ncertain length variable, which allows local users to obtain\nsensitive information from kernel stack memory via a crafted\nrecvmsg or recvfrom system call. (bnc#816668)\n\nCVE-2013-3223: The ax25_recvmsg function in\nnet/ax25/af_ax25.c in the Linux kernel before 3.9-rc7 does\nnot initialize a certain data structure, which allows local\nusers to obtain sensitive information from kernel stack\nmemory via a crafted recvmsg or recvfrom system call.\n(bnc#816668)\n\nCVE-2013-3224: The bt_sock_recvmsg function in\nnet/bluetooth/af_bluetooth.c in the Linux kernel before\n3.9-rc7 does not properly initialize a certain length\nvariable, which allows local users to obtain sensitive\ninformation from kernel stack memory via a crafted recvmsg\nor recvfrom system call. (bnc#816668)\n\nCVE-2013-3225: The rfcomm_sock_recvmsg function in\nnet/bluetooth/rfcomm/sock.c in the Linux kernel before\n3.9-rc7 does not initialize a certain length variable, which\nallows local users to obtain sensitive information from\nkernel stack memory via a crafted recvmsg or recvfrom system\ncall. (bnc#816668)\n\nCVE-2013-3228: The irda_recvmsg_dgram function in\nnet/irda/af_irda.c in the Linux kernel before 3.9-rc7 does\nnot initialize a certain length variable, which allows local\nusers to obtain sensitive information from kernel stack\nmemory via a crafted recvmsg or recvfrom system call.\n(bnc#816668)\n\nCVE-2013-3229: The iucv_sock_recvmsg function in\nnet/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does\nnot initialize a certain length variable, which allows local\nusers to obtain sensitive information from kernel stack\nmemory via a crafted recvmsg or recvfrom system call.\n(bnc#816668)\n\nCVE-2013-3231: The llc_ui_recvmsg function in\nnet/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not\ninitialize a certain length variable, which allows local\nusers to obtain sensitive information from kernel stack\nmemory via a crafted recvmsg or recvfrom system call.\n(bnc#816668)\n\nCVE-2013-3232: The nr_recvmsg function in\nnet/netrom/af_netrom.c in the Linux kernel before 3.9-rc7\ndoes not initialize a certain data structure, which allows\nlocal users to obtain sensitive information from kernel\nstack memory via a crafted recvmsg or recvfrom system call.\n(bnc#816668)\n\nCVE-2013-3234: The rose_recvmsg function in\nnet/rose/af_rose.c in the Linux kernel before 3.9-rc7 does\nnot initialize a certain data structure, which allows local\nusers to obtain sensitive information from kernel stack\nmemory via a crafted recvmsg or recvfrom system call.\n(bnc#816668)\n\nCVE-2013-3235: net/tipc/socket.c in the Linux kernel before\n3.9-rc7 does not initialize a certain data structure and a\ncertain length variable, which allows local users to obtain\nsensitive information from kernel stack memory via a crafted\nrecvmsg or recvfrom system call. (bnc#816668)\n\nCVE-2013-4345: Off-by-one error in the get_prng_bytes\nfunction in crypto/ansi_cprng.c in the Linux kernel through\n3.11.4 makes it easier for context-dependent attackers to\ndefeat cryptographic protection mechanisms via multiple\nrequests for small amounts of data, leading to improper\nmanagement of the state of the consumed data. (bnc#840226)\n\nCVE-2013-4470: The Linux kernel before 3.12, when UDP\nFragmentation Offload (UFO) is enabled, does not properly\ninitialize certain data structures, which allows local users\nto cause a denial of service (memory corruption and system\ncrash) or possibly gain privileges via a crafted application\nthat uses the UDP_CORK option in a setsockopt system call\nand sends both short and long packets, related to the\nip_ufo_append_data function in net/ipv4/ip_output.c and the\nip6_ufo_append_data function in net/ipv6/ip6_output.c.\n(bnc#847672)\n\nCVE-2013-4483: The ipc_rcu_putref function in ipc/util.c in\nthe Linux kernel before 3.10 does not properly manage a\nreference count, which allows local users to cause a denial\nof service (memory consumption or system crash) via a\ncrafted application. (bnc#848321)\n\nCVE-2013-4511: Multiple integer overflows in Alchemy LCD\nframe-buffer drivers in the Linux kernel before 3.12 allow\nlocal users to create a read-write memory mapping for the\nentirety of kernel memory, and consequently gain privileges,\nvia crafted mmap operations, related to the (1)\nau1100fb_fb_mmap function in drivers/video/au1100fb.c and\nthe (2) au1200fb_fb_mmap function in\ndrivers/video/au1200fb.c. (bnc#849021)\n\nCVE-2013-4587: Array index error in the\nkvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in\nthe KVM subsystem in the Linux kernel through 3.12.5 allows\nlocal users to gain privileges via a large id value.\n(bnc#853050)\n\nCVE-2013-4588: Multiple stack-based buffer overflows in\nnet/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before\n2.6.33, when CONFIG_IP_VS is used, allow local users to gain\nprivileges by leveraging the CAP_NET_ADMIN capability for\n(1) a getsockopt system call, related to the\ndo_ip_vs_get_ctl function, or (2) a setsockopt system call,\nrelated to the do_ip_vs_set_ctl function. (bnc#851095)\n\nCVE-2013-4591: Buffer overflow in the\n__nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the\nLinux kernel before 3.7.2 allows local users to cause a\ndenial of service (memory corruption and system crash) or\npossibly have unspecified other impact via a getxattr system\ncall for the system.nfs4_acl extended attribute of a\npathname on an NFSv4 filesystem. (bnc#851103)\n\nCVE-2013-6367: The apic_get_tmcct function in\narch/x86/kvm/lapic.c in the KVM subsystem in the Linux\nkernel through 3.12.5 allows guest OS users to cause a\ndenial of service (divide-by-zero error and host OS crash)\nvia crafted modifications of the TMICT value. (bnc#853051)\n\nCVE-2013-6368: The KVM subsystem in the Linux kernel through\n3.12.5 allows local users to gain privileges or cause a\ndenial of service (system crash) via a VAPIC synchronization\noperation involving a page-end address. (bnc#853052)\n\nCVE-2013-6378: The lbs_debugfs_write function in\ndrivers/net/wireless/libertas/debugfs.c in the Linux kernel\nthrough 3.12.1 allows local users to cause a denial of\nservice (OOPS) by leveraging root privileges for a\nzero-length write operation. (bnc#852559)\n\nCVE-2013-6383: The aac_compat_ioctl function in\ndrivers/scsi/aacraid/linit.c in the Linux kernel before\n3.11.8 does not require the CAP_SYS_RAWIO capability, which\nallows local users to bypass intended access restrictions\nvia a crafted ioctl call. (bnc#852558)\n\nCVE-2014-1444: The fst_get_iface function in\ndrivers/net/wan/farsync.c in the Linux kernel before 3.11.7\ndoes not properly initialize a certain data structure, which\nallows local users to obtain sensitive information from\nkernel memory by leveraging the CAP_NET_ADMIN capability for\nan SIOCWANDEV ioctl call. (bnc#858869)\n\nCVE-2014-1445: The wanxl_ioctl function in\ndrivers/net/wan/wanxl.c in the Linux kernel before 3.11.7\ndoes not properly initialize a certain data structure, which\nallows local users to obtain sensitive information from\nkernel memory via an ioctl call. (bnc#858870)\n\nCVE-2014-1446: The yam_ioctl function in\ndrivers/net/hamradio/yam.c in the Linux kernel before 3.12.8\ndoes not initialize a certain structure member, which allows\nlocal users to obtain sensitive information from kernel\nmemory by leveraging the CAP_NET_ADMIN capability for an\nSIOCYAMGCFG ioctl call. (bnc#858872)\n\nAlso the following non-security bugs have been fixed :\n\n - x86: Clear HPET configuration registers on startup\n (bnc#748896).\n\n - sched: fix divide by zero in task_utime() (bnc#761774).\n\n - sched: Fix pick_next_highest_task_rt() for cgroups\n (bnc#760596).\n\n - mm: hugetlbfs: Close race during teardown of hugetlbfs\n shared page tables.\n\n - mm: hugetlbfs: Correctly detect if page tables have just\n been shared. (Fix bad PMD message displayed while using\n hugetlbfs (bnc#762366)).\n\n - cpumask: Partition_sched_domains takes array of\n cpumask_var_t (bnc#812364).\n\n - cpumask: Simplify sched_rt.c (bnc#812364).\n\n - kabi: protect bind_conflict callback in struct\n inet_connection_sock_af_ops (bnc#823618).\n\n - memcg: fix init_section_page_cgroup pfn alignment\n (bnc#835481).\n\n - tty: fix up atime/mtime mess, take three (bnc#797175).\n\n - tty: fix atime/mtime regression (bnc#815745).\n\n - ptrace: ptrace_resume() should not wake up !TASK_TRACED\n thread (bnc#804154).\n\n - kbuild: Fix gcc -x syntax (bnc#773831).\n\n - ftrace: Disable function tracing during suspend/resume\n and hibernation, again (bnc#768668). proc: fix\n pagemap_read() error case (bnc#787573).\n\n net: Upgrade device features irrespective of mask\n (bnc#715250).\n\n - tcp: bind() fix autoselection to share ports\n (bnc#823618).\n\n - tcp: bind() use stronger condition for bind_conflict\n (bnc#823618).\n\n - tcp: ipv6: bind() use stronger condition for\n bind_conflict (bnc#823618).\n\n - netfilter: use RCU safe kfree for conntrack extensions\n (bnc#827416).\n\n - netfilter: prevent race condition breaking net reference\n counting (bnc#835094).\n\n - netfilter: send ICMPv6 message on fragment reassembly\n timeout (bnc#773577).\n\n - netfilter: fix sending ICMPv6 on netfilter reassembly\n timeout (bnc#773577).\n\n - tcp_cubic: limit delayed_ack ratio to prevent divide\n error (bnc#810045). bonding: in balance-rr mode, set\n curr_active_slave only if it is up (bnc#789648).\n\n scsi: Add 'eh_deadline' to limit SCSI EH runtime\n (bnc#798050).\n\n - scsi: Allow error handling timeout to be specified\n (bnc#798050).\n\n - scsi: Fixup compilation warning (bnc#798050).\n\n - scsi: Retry failfast commands after EH (bnc#798050).\n\n - scsi: Warn on invalid command completion (bnc#798050).\n\n - scsi: Always retry internal target error (bnc#745640,\n bnc#825227).\n\n - scsi: kABI fixes (bnc#798050).\n\n - scsi: remove check for 'resetting' (bnc#798050).\n\n - scsi: Eliminate error handler overload of the SCSI\n serial number (bnc#798050).\n\n - scsi: Reduce error recovery time by reducing use of TURs\n (bnc#798050).\n\n - scsi: Reduce sequential pointer derefs in scsi_error.c\n and reduce size as well (bnc#798050).\n\n - scsi: cleanup setting task state in scsi_error_handler()\n (bnc#798050).\n\n - scsi: fix eh wakeup (scsi_schedule_eh vs\n scsi_restart_operations) (bnc#798050). scsi: fix id\n computation in scsi_eh_target_reset() (bnc#798050).\n\n advansys: Remove 'last_reset' references (bnc#798050).\n\n - dc395: Move 'last_reset' into internal host structure\n (bnc#798050).\n\n - dpt_i2o: Remove DPTI_STATE_IOCTL (bnc#798050).\n\n - dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset\n (bnc#798050).\n\n - fc class: fix scanning when devs are offline\n (bnc#798050). tmscsim: Move 'last_reset' into host\n structure (bnc#798050).\n\n st: Store page order before driver buffer allocation\n (bnc#769644).\n\n - st: Increase success probability in driver buffer\n allocation (bnc#769644). st: work around broken\n __bio_add_page logic (bnc#769644).\n\n avoid race by ignoring flush_time in cache_check\n (bnc#814363).\n\n writeback: remove the internal 5% low bound on\n dirty_ratio\n\n - writeback: skip balance_dirty_pages() for in-memory fs\n (Do not dirty throttle ram-based filesystems\n (bnc#840858)). writeback: Do not sync data dirtied after\n sync start (bnc#833820).\n\n blkdev_max_block: make private to fs/buffer.c\n (bnc#820338).\n\n - vfs: avoid 'attempt to access beyond end of device'\n warnings (bnc#820338). vfs: fix O_DIRECT read past end\n of block device (bnc#820338).\n\n lib/radix-tree.c: make radix_tree_node_alloc() work\n correctly within interrupt (bnc#763463).\n\n xfs: allow writeback from kswapd (bnc#826707).\n\n - xfs: skip writeback from reclaim context (bnc#826707).\n\n - xfs: Serialize file-extending direct IO (bnc#818371).\n\n - xfs: Avoid pathological backwards allocation\n (bnc#805945). xfs: fix inode lookup race (bnc#763463).\n\n cifs: clarify the meaning of tcpStatus == CifsGood\n (bnc#776024).\n\n cifs: do not allow cifs_reconnect to exit with NULL\n socket pointer (bnc#776024).\n\n ocfs2: Add a missing journal credit in\n ocfs2_link_credits() -v2 (bnc#773320).\n\n usb: Fix deadlock in hid_reset when Dell iDRAC is reset\n (bnc#814716).\n\n usb: xhci: Fix command completion after a drop endpoint\n (bnc#807320).\n\n netiucv: Hold rtnl between name allocation and device\n registration (bnc#824159).\n\n rwsem: Test for no active locks in __rwsem_do_wake undo\n code (bnc#813276).\n\n nfs: NFSv3/v2: Fix data corruption with NFS short reads\n (bnc#818337).\n\n - nfs: Allow sec=none mounts in certain cases\n (bnc#795354).\n\n - nfs: Make nfsiod a multi-thread queue (bnc#815352).\n\n - nfs: increase number of permitted callback connections\n (bnc#771706).\n\n - nfs: Fix Oops in nfs_lookup_revalidate (bnc#780008).\n\n - nfs: do not allow TASK_KILLABLE sleeps to block the\n freezer (bnc#775182). nfs: Avoid race in d_splice_alias\n and vfs_rmdir (bnc#845028).\n\n svcrpc: take lock on turning entry NEGATIVE in\n cache_check (bnc#803320).\n\n - svcrpc: ensure cache_check caller sees updated entry\n (bnc#803320).\n\n - sunrpc/cache: remove races with queuing an upcall\n (bnc#803320).\n\n - sunrpc/cache: use cache_fresh_unlocked consistently and\n correctly (bnc#803320).\n\n - sunrpc/cache: ensure items removed from cache do not\n have pending upcalls (bnc#803320).\n\n - sunrpc/cache: do not schedule update on cache item that\n has been replaced (bnc#803320). sunrpc/cache: fix test\n in try_to_negate (bnc#803320).\n\n xenbus: fix overflow check in xenbus_dev_write().\n\n - x86: do not corrupt %eip when returning from a signal\n handler.\n\n - scsiback/usbback: move cond_resched() invocations to\n proper place. netback: fix netbk_count_requests().\n\n dm: add dm_deleting_md function (bnc#785016).\n\n - dm: bind new table before destroying old (bnc#785016).\n\n - dm: keep old table until after resume succeeded\n (bnc#785016). dm: rename dm_get_table to\n dm_get_live_table (bnc#785016).\n\n drm/edid: Fix up partially corrupted headers\n (bnc#780004).\n\n drm/edid: Retry EDID fetch up to four times\n (bnc#780004).\n\n i2c-algo-bit: Fix spurious SCL timeouts under heavy load\n (bnc#780004).\n\n hpilo: remove pci_disable_device (bnc#752544).\n\n mptsas: handle 'Initializing Command Required' ASCQ\n (bnc#782178).\n\n mpt2sas: Fix race on shutdown (bnc#856917).\n\n ipmi: decrease the IPMI message transaction time in\n interrupt mode (bnc#763654).\n\n - ipmi: simplify locking (bnc#763654). ipmi: use a tasklet\n for handling received messages (bnc#763654).\n\n bnx2x: bug fix when loading after SAN boot (bnc#714906).\n\n bnx2x: previous driver unload revised (bnc#714906).\n\n ixgbe: Address fact that RSC was not setting GSO size\n for incoming frames (bnc#776144).\n\n ixgbe: pull PSRTYPE configuration into a separate\n function (bnc#780572 bnc#773640 bnc#776144).\n\n e1000e: clear REQ and GNT in EECD (82571 && 82572)\n (bnc#762099).\n\n hpsa: do not attempt to read from a write-only register\n (bnc#777473).\n\n aio: Fixup kABI for the aio-implement-request-batching\n patch (bnc#772849).\n\n - aio: bump i_count instead of using igrab (bnc#772849).\n aio: implement request batching (bnc#772849).\n\n Driver core: Do not remove kobjects in device_shutdown\n (bnc#771992).\n\n resources: fix call to alignf() in allocate_resource()\n (bnc#744955).\n\n - resources: when allocate_resource() fails, leave\n resource untouched (bnc#744955).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://download.novell.com/patch/finder/?keywords=36a4c03a7a6e23326bdc75867718c3f5\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?499ef588\"\n );\n # http://download.novell.com/patch/finder/?keywords=78a90ce26186ad3c08d3168f7c56498f\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6524481b\"\n );\n # http://download.novell.com/patch/finder/?keywords=92db776383896ad395b93d570e1b0440\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c3b1d361\"\n );\n # http://download.novell.com/patch/finder/?keywords=c00b87e84b1ec845f992a53432644809\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3327c148\"\n );\n # http://download.novell.com/patch/finder/?keywords=cebd648c35a6ff05d60a592debc063f7\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?85cb8767\"\n );\n # http://download.novell.com/patch/finder/?keywords=f67e971841459d6799882fcccab88393\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7458efe4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1083.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3593.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1601.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-2137.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-2372.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-2745.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-3375.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-3412.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-3430.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-3511.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-4444.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-4530.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-4565.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-6537.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-6538.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-6539.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-6540.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-6541.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-6542.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-6544.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-6545.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-6546.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-6547.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-6548.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-6549.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0160.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0216.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0231.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0268.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0310.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0343.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0349.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0871.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0914.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1767.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1773.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1774.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1792.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1796.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1797.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1798.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1827.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1928.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1943.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2015.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2141.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2147.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2164.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2232.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2234.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2237.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2634.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2851.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2852.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2888.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2889.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2892.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2893.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2897.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2929.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3222.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3223.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3224.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3225.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3228.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3229.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3231.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3232.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3234.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3235.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4345.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4470.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4483.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4511.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4587.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4588.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4591.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6367.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6368.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6378.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6383.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1444.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1445.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1446.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/714906\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/715250\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/735347\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/744955\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/745640\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/748896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/752544\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/754898\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/760596\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/761774\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/762099\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/762366\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/763463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/763654\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/767610\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/767612\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/768668\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/769644\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/769896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/770695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/771706\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/771992\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/772849\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/773320\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/773383\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/773577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/773640\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/773831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/774523\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/775182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/776024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/776144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/776885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/777473\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/780004\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/780008\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/780572\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/782178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/785016\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/786013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/787573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/787576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/789648\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/789831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/795354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/797175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/798050\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/800280\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/801178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/802642\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/803320\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/804154\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/804653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/805226\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/805227\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/805945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/806138\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/806976\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/806977\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/806980\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/807320\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/808358\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/808827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/809889\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/809891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/809892\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/809893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/809894\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/809898\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/809899\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/809900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/809901\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/809902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/809903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/810045\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/810473\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/811354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/812364\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/813276\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/813735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/814363\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/814716\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/815352\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/815745\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/816668\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/817377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/818337\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/818371\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/820338\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/822575\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/822579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/823260\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/823267\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/823618\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/824159\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/824295\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/825227\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/826707\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/827416\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/827749\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/827750\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/828012\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/828119\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/833820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/835094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/835481\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/835839\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/840226\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/840858\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/845028\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/847652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/847672\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/848321\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/849021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/851095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/851103\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/852558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/852559\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/853050\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/853051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/853052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/856917\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/858869\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/858870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/858872\"\n );\n # https://www.suse.com/support/update/announcement/2014/suse-su-20140287-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3c7c0d67\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11 SP1 LTSS :\n\nzypper in -t patch slessp1-kernel-8847 slessp1-kernel-8848\nslessp1-kernel-8849\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:btrfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:btrfs-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:btrfs-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ext4dev-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ext4dev-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ext4dev-kmp-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ext4dev-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:hyper-v-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:hyper-v-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:hyper-v-kmp-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! ereg(pattern:\"^1$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"btrfs-kmp-xen-0_2.6.32.59_0.9-0.3.151\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"ext4dev-kmp-xen-0_2.6.32.59_0.9-7.9.118\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"hyper-v-kmp-default-0_2.6.32.59_0.9-0.18.37\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"hyper-v-kmp-trace-0_2.6.32.59_0.9-0.18.37\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-ec2-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-base-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"btrfs-kmp-pae-0_2.6.32.59_0.9-0.3.151\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"ext4dev-kmp-pae-0_2.6.32.59_0.9-7.9.118\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"hyper-v-kmp-pae-0_2.6.32.59_0.9-0.18.37\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-pae-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-pae-base-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-pae-devel-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"btrfs-kmp-default-0_2.6.32.59_0.9-0.3.151\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"ext4dev-kmp-default-0_2.6.32.59_0.9-7.9.118\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"ext4dev-kmp-trace-0_2.6.32.59_0.9-7.9.118\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"kernel-default-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"kernel-default-base-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"kernel-default-devel-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"kernel-source-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"kernel-syms-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"kernel-trace-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"kernel-trace-base-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"kernel-trace-devel-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"i586\", reference:\"btrfs-kmp-xen-0_2.6.32.59_0.9-0.3.151\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"i586\", reference:\"ext4dev-kmp-xen-0_2.6.32.59_0.9-7.9.118\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"i586\", reference:\"hyper-v-kmp-default-0_2.6.32.59_0.9-0.18.37\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"i586\", reference:\"hyper-v-kmp-trace-0_2.6.32.59_0.9-0.18.37\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"i586\", reference:\"kernel-ec2-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"i586\", reference:\"kernel-ec2-base-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"i586\", reference:\"kernel-ec2-devel-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"i586\", reference:\"kernel-xen-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"i586\", reference:\"kernel-xen-base-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"i586\", reference:\"kernel-xen-devel-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"i586\", reference:\"btrfs-kmp-pae-0_2.6.32.59_0.9-0.3.151\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"i586\", reference:\"ext4dev-kmp-pae-0_2.6.32.59_0.9-7.9.118\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"i586\", reference:\"hyper-v-kmp-pae-0_2.6.32.59_0.9-0.18.37\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"i586\", reference:\"kernel-pae-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"i586\", reference:\"kernel-pae-base-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"i586\", reference:\"kernel-pae-devel-2.6.32.59-0.9.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:45:55", "bulletinFamily": "unix", "description": "[2.6.32-358.11.1]\n- [kernel] perf: fix perf_swevent_enabled array out-of-bound access (Petr Matousek) [962793 962794] {CVE-2013-2094}\n[2.6.32-358.10.1]\n- [scsi] be2iscsi : Fix the NOP-In handling code path (Nikola Pajkovsky) [955504 947550]\n- [scsi] be2iscsi: Fix memory leak in control path of driver (Rob Evers) [955504 947550]\n- [virt] kvm: validate userspace_addr of memslot (Petr Matousek) [950496 950498] {CVE-2013-1943}\n- [virt] kvm: fix copy to user with irq disabled (Michael S. Tsirkin) [949985 906602] {CVE-2013-1935}\n- [net] veth: Dont kfree_skb() after dev_forward_skb() (Jiri Benc) [957712 957713] {CVE-2013-2017}\n- [net] tcp: Reallocate headroom if it would overflow csum_start (Thomas Graf) [954298 896233]\n- [net] tcp: take care of misalignments (Thomas Graf) [954298 896233]\n- [net] skbuff.c cleanup (Thomas Graf) [954298 896233]\n- [idle] intel_idle: Initialize driver_data correctly in ivb_cstates on IVB processor (Prarit Bhargava) [960864 953630]\n- [x86] Prevent panic in init_memory_mapping() when booting more than 1TB on AMD systems (Larry Woodman) [962482 869736]\n- [mm] enforce mmap_min_addr on x86_64 (Rik van Riel) [961431 790921]\n- [mm] optional next-fit policy for arch_get_unmapped_area (Rik van Riel) [961431 790921]\n- [mm] fix quadratic behaviour in get_unmapped_area_topdown (Rik van Riel) [961431 790921]\n- [scsi] Revert: qla2xxx: Optimize existing port name server query matching (Chad Dupuis) [950529 924804]\n- [scsi] Revert: qla2xxx: Avoid losing any fc ports when loop id's are exhausted (Chad Dupuis) [950529 924804]\n- [fs] defer do_filp_open() access checks to may_open() (Eric Sandeen) [928683 920752]\n- [md] dm thin: bump the target version numbers (Mike Snitzer) [924823 922931]\n- [md] dm-thin: fix discard corruption (Mike Snitzer) [924823 922931]\n- [md] persistent-data: rename node to btree_node (Mike Snitzer) [924823 922931]\n- [md] dm: fix limits initialization when there are no data devices (Mike Snitzer) [923096 908851]\n[2.6.32-358.9.1]\n- [fs] nfs: Fix handling of revoked delegations by setattr (Steve Dickson) [960415 952329]\n- [fs] nfs: Return the delegation if the server returns NFS4ERR_OPENMODE (Steve Dickson) [960415 952329]\n- [fs] nfs: Fix another potential state manager deadlock (Steve Dickson) [960436 950598]\n- [fs] nfs: Fix another open/open_recovery deadlock (Steve Dickson) [960433 916806]\n- [fs] nfs: Hold reference to layout hdr in layoutget (Steve Dickson) [960429 916726]\n- [fs] nfs: add 'pnfs_' prefix to get_layout_hdr() and put_layout_hdr() (Steve Dickson) [960429 916726]\n- [fs] nfs: nfs4_open_done first must check that GETATTR decoded a file type (Steve Dickson) [960412 916722]\n- [net] sunrpc: Dont start the retransmission timer when out of socket space (Steve Dickson) [960426 916735]\n- [fs] nfs: Dont use SetPageError in the NFS writeback code (Steve Dickson) [960420 912867]\n- [fs] nfs: Dont decode skipped layoutgets (Steve Dickson) [927294 904025]\n- [fs] nfs: nfs4_proc_layoutget returns void (Steve Dickson) [927294 904025]\n- [fs] nfs: defer release of pages in layoutget (Steve Dickson) [927294 904025]\n- [fs] nfs: Use kcalloc() when allocating arrays (Steve Dickson) [927294 904025]\n- [fs] nfs: Fix an ABBA locking issue with session and state serialisation (Steve Dickson) [960417 912842]\n- [fs] nfs: Fix a race in the pNFS return-on-close code (Steve Dickson) [960417 912842]\n- [fs] nfs: Do not accept delegated opens when a delegation recall is in effect (Steve Dickson) [960417 912842]\n- [fs] nfs: Fix a reboot recovery race when opening a file (Steve Dickson) [952613 908524]\n- [fs] nfs: Ensure delegation recall and byte range lock removal don't conflict (Steve Dickson) [952613 908524]\n- [fs] nfs: Fix up the return values of nfs4_open_delegation_recall (Steve Dickson) [952613 908524]\n- [fs] nfs: Dont lose locks when a server reboots during delegation return (Steve Dickson) [952613 908524]\n- [fs] nfs: Move nfs4_wait_clnt_recover and nfs4_client_recover_expired_lease (Steve Dickson) [952613 908524]\n- [fs] nfs: Add NFSDBG_STATE (Steve Dickson) [952613 908524]\n- [fs] nfs: nfs_inode_return_delegation() should always flush dirty data (Steve Dickson) [952613 908524]\n- [fs] nfs: nfs_client_return_marked_delegations cant flush data (Steve Dickson) [952613 908524]\n- [fs] nfs: Prevent deadlocks between state recovery and file locking (Steve Dickson) [952613 908524]\n- [fs] nfs: Allow the state manager to mark an open_owner as being recovered (Steve Dickson) [952613 908524]\n- [kernel] seqlock: Dont smp_rmb in seqlock reader spin loop (Steve Dickson) [952613 908524]\n- [kernel] seqlock: add 'raw_seqcount_begin()' function (Steve Dickson) [952613 908524]\n- [kernel] seqlock: optimise seqlock (Steve Dickson) [952613 908524]\n- [fs] nfs: don't allow nfs_find_actor to match inodes of the wrong type (Jeff Layton) [921964 913660]\n- [net] sunrpc: Add barriers to ensure read ordering in rpc_wake_up_task_queue_locked (Dave Wysochanski) [956979 840860]\n[2.6.32-358.8.1]\n- [fs] raw: don't call set_blocksize when not changing the blocksize (Jeff Moyer) [951406 909482]\n- [x86] Allow greater than 1TB of RAM on AMD x86_64 sytems (Larry Woodman) [952570 876275]\n- [netdrv] ixgbe: Only set gso_type to SKB_GSO_TCPV4 as RSC does not support IPv6 (Michael S. Tsirkin) [927292 908196]\n- [netdrv] bnx2x: set gso_type (Michael S. Tsirkin) [927292 908196]\n- [netdrv] qlcnic: set gso_type (Michael S. Tsirkin) [927292 908196]\n- [netdrv] ixgbe: fix gso type (Michael S. Tsirkin) [927292 908196]\n- [fs] gfs2: Allocate reservation structure before rename and link (Robert S Peterson) [924847 922999]\n[2.6.32-358.7.1]\n- [infiniband] ipoib: Add missing locking when CM object is deleted (Doug Ledford) [928817 913645]", "modified": "2013-06-11T00:00:00", "published": "2013-06-11T00:00:00", "id": "ELSA-2013-0911", "href": "http://linux.oracle.com/errata/ELSA-2013-0911.html", "title": "kernel security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:43:09", "bulletinFamily": "unix", "description": "[2.6.32-400.29.1]\n- KVM: add missing void __user COPYING CREDITS Documentation Kbuild MAINTAINERS Makefile README REPORTING-BUGS arch block crypto drivers firmware fs include init ipc kernel lib mm net samples scripts security sound tools uek-rpm usr virt cast to access_ok() call (Heiko Carstens) [Orabug: 16941620] {CVE-2013-1943}\n- KVM: Validate userspace_addr of memslot when registered (Takuya Yoshikawa) [Orabug: 16941620] {CVE-2013-1943}\n[2.6.32-400.28.1]\n- do_add_mount()/umount -l races (Jerry Snitselaar) [Orabug: 16311974]\n- tg3: fix length overflow in VPD firmware parsing (Kees Cook) [Orabug: 16837019] {CVE-2013-1929}\n- USB: cdc-wdm: fix buffer overflow (Oliver Neukum) [Orabug: 16837003] {CVE-2013-1860}\n- bonding: emit event when bonding changes MAC (Weiping Pan) [Orabug: 16579025]\n- sched: Fix ancient race in do_exit() (Joe Jin)\n- open debug in page_move_anon_rmap by default. (Xiaowei.Hu) [Orabug: 14046035]\n- block: default SCSI command filter does not accomodate commands overlap across device classes (Jamie Iles) [Orabug: 16387136] {CVE-2012-4542}\n- vma_adjust: fix the copying of anon_vma chains (Linus Torvalds) [Orabug: 14046035]\n- xen-netfront: delay gARP until backend switches to Connected (Laszlo Ersek) [Orabug: 16182568]\n- svcrpc: don't hold sv_lock over svc_xprt_put() (J. Bruce Fields) [Orabug: 16032824]\n- mm/hotplug: correctly add new zone to all other nodes' zone lists (Jiang Liu) [Orabug: 16603569] {CVE-2012-5517}\n- ptrace: ptrace_resume() shouldn't wake up !TASK_TRACED thread (Oleg Nesterov) [Orabug: 16405868] {CVE-2013-0871}\n- ptrace: ensure arch_ptrace/ptrace_request can never race with SIGKILL (Oleg Nesterov) [Orabug: 16405868] {CVE-2013-0871}\n- ptrace: introduce signal_wake_up_state() and ptrace_signal_wake_up() (Oleg Nesterov) [Orabug: 16405868] {CVE-2013-0871}\n- Bluetooth: Fix incorrect strncpy() in hidp_setup_hid() (Anderson Lizardo) [Orabug: 16711062] {CVE-2013-0349}\n- dccp: check ccid before dereferencing (Mathias Krause) [Orabug: 16711040] {CVE-2013-1827}\n- USB: io_ti: Fix NULL dereference in chase_port() (Wolfgang Frisch) [Orabug: 16425435] {CVE-2013-1774}\n- keys: fix race with concurrent install_user_keyrings() (David Howells) [Orabug: 16493369] {CVE-2013-1792}\n- KVM: Fix bounds checking in ioapic indirect register reads (CVE-2013-1798) (Andy Honig) [Orabug: 16710937] {CVE-2013-1798}\n- KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (CVE-2013-1796) (Jerry Snitselaar) [Orabug: 16710794] {CVE-2013-1796}\n[2.6.32-400.27.1]\n- net/tun: fix ioctl() based info leaks (Mathias Krause) [Orabug: 16675501] {CVE-2012-6547}\n- atm: fix info leak via getsockname() (Mathias Krause) [Orabug: 16675501] {CVE-2012-6546}\n- atm: fix info leak in getsockopt(SO_ATMPVC) (Mathias Krause) [Orabug: 16675501] {CVE-2012-6546}\n- xfrm_user: fix info leak in copy_to_user_tmpl() (Mathias Krause) [Orabug: 16675501] {CVE-2012-6537}\n- xfrm_user: fix info leak in copy_to_user_policy() (Mathias Krause) [Orabug: 16675501] {CVE-2012-6537}\n- xfrm_user: fix info leak in copy_to_user_state() (Mathias Krause) [Orabug: 16675501] {CVE-2013-6537}\n- xfrm_user: return error pointer instead of NULL #2 (Mathias Krause) [Orabug: 16675501] {CVE-2013-1826}\n- xfrm_user: return error pointer instead of NULL (Mathias Krause) [Orabug: 16675501] {CVE-2013-1826}\n- llc: fix info leak via getsockname() (Mathias Krause) [Orabug: 16675501] {CVE-2012-6542}\n- x86/mm: Check if PUD is large when validating a kernel address (Mel Gorman) [Orabug: 14251997]", "modified": "2013-06-11T00:00:00", "published": "2013-06-11T00:00:00", "id": "ELSA-2013-2534", "href": "http://linux.oracle.com/errata/ELSA-2013-2534.html", "title": "Unbreakable Enterprise kernel Security update", "type": "oraclelinux", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:49", "bulletinFamily": "software", "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-1939-1\r\nSeptember 06, 2013\r\n\r\nlinux vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 10.04 LTS\r\n\r\nSummary:\r\n\r\nSeveral security issues were fixed in the kernel.\r\n\r\nSoftware Description:\r\n- linux: Linux kernel\r\n\r\nDetails:\r\n\r\nVasily Kulikov discovered a flaw in the Linux Kernel&#39;s perf tool that\r\nallows for privilege escalation. A local user could exploit this flaw to\r\nrun commands as root when using the perf tool.\r\n&#40;CVE-2013-1060&#41;\r\n\r\nMichael S. Tsirkin discovered a flaw in how the Linux kernel&#39;s KVM\r\nsubsystem allocates memory slots for the guest&#39;s address space. A local\r\nuser could exploit this flaw to gain system privileges or obtain sensitive\r\ninformation from kernel memory. &#40;CVE-2013-1943&#41;\r\n\r\nA flaw was discovered in the SCTP &#40;stream control transfer protocol&#41;\r\nnetwork protocol&#39;s handling of duplicate cookies in the Linux kernel. A\r\nremote attacker could exploit this flaw to cause a denial of service\r\n&#40;system crash&#41; on another remote user querying the SCTP connection.\r\n&#40;CVE-2013-2206&#41;\r\n\r\nHannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option in the\r\nLinux kernel&#39;s IPv6 stack. A local user could exploit this flaw to cause a\r\ndenial of service &#40;system crash&#41;. &#40;CVE-2013-4162&#41;\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 10.04 LTS:\r\n linux-image-2.6.32-51-386 2.6.32-51.113\r\n linux-image-2.6.32-51-generic 2.6.32-51.113\r\n linux-image-2.6.32-51-generic-pae 2.6.32-51.113\r\n linux-image-2.6.32-51-ia64 2.6.32-51.113\r\n linux-image-2.6.32-51-lpia 2.6.32-51.113\r\n linux-image-2.6.32-51-powerpc 2.6.32-51.113\r\n linux-image-2.6.32-51-powerpc-smp 2.6.32-51.113\r\n linux-image-2.6.32-51-powerpc64-smp 2.6.32-51.113\r\n linux-image-2.6.32-51-preempt 2.6.32-51.113\r\n linux-image-2.6.32-51-server 2.6.32-51.113\r\n linux-image-2.6.32-51-sparc64 2.6.32-51.113\r\n linux-image-2.6.32-51-sparc64-smp 2.6.32-51.113\r\n linux-image-2.6.32-51-versatile 2.6.32-51.113\r\n linux-image-2.6.32-51-virtual 2.6.32-51.113\r\n\r\nAfter a standard system update you need to reboot your computer to make\r\nall the necessary changes.\r\n\r\nATTENTION: Due to an unavoidable ABI change the kernel updates have\r\nbeen given a new version number, which requires you to recompile and\r\nreinstall all third party kernel modules you might have installed. If\r\nyou use linux-restricted-modules, you have to update that package as\r\nwell to get modules which work with the new kernel version. Unless you\r\nmanually uninstalled the standard kernel metapackages &#40;e.g. linux-generic,\r\nlinux-server, linux-powerpc&#41;, a standard system upgrade will automatically\r\nperform this as well.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1939-1\r\n CVE-2013-1060, CVE-2013-1943, CVE-2013-2206, CVE-2013-4162\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/linux/2.6.32-51.113\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "modified": "2013-09-09T00:00:00", "published": "2013-09-09T00:00:00", "id": "SECURITYVULNS:DOC:29791", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29791", "title": "[USN-1939-1] Linux kernel vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:52", "bulletinFamily": "software", "description": "Privilege escalations, information leakages, DoS conditions.", "modified": "2013-10-28T00:00:00", "published": "2013-10-28T00:00:00", "id": "SECURITYVULNS:VULN:13265", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13265", "title": "Linux kernel mulriple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:08:56", "bulletinFamily": "unix", "description": "Vasily Kulikov discovered a flaw in the Linux Kernel\u2019s perf tool that allows for privilege escalation. A local user could exploit this flaw to run commands as root when using the perf tool. (CVE-2013-1060)\n\nMichael S. Tsirkin discovered a flaw in how the Linux kernel\u2019s KVM subsystem allocates memory slots for the guest\u2019s address space. A local user could exploit this flaw to gain system privileges or obtain sensitive information from kernel memory. (CVE-2013-1943)\n\nA flaw was discovered in the SCTP (stream control transfer protocol) network protocol\u2019s handling of duplicate cookies in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (system crash) on another remote user querying the SCTP connection. (CVE-2013-2206)\n\nHannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option in the Linux kernel\u2019s IPv6 stack. A local user could exploit this flaw to cause a denial of service (system crash). (CVE-2013-4162)", "modified": "2013-09-06T00:00:00", "published": "2013-09-06T00:00:00", "id": "USN-1939-1", "href": "https://usn.ubuntu.com/1939-1/", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:08:50", "bulletinFamily": "unix", "description": "Vasily Kulikov discovered a flaw in the Linux Kernel\u2019s perf tool that allows for privilege escalation. A local user could exploit this flaw to run commands as root when using the perf tool. (CVE-2013-1060)\n\nMichael S. Tsirkin discovered a flaw in how the Linux kernel\u2019s KVM subsystem allocates memory slots for the guest\u2019s address space. A local user could exploit this flaw to gain system privileges or obtain sensitive information from kernel memory. (CVE-2013-1943)\n\nA flaw was discovered in the SCTP (stream control transfer protocol) network protocol\u2019s handling of duplicate cookies in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (system crash) on another remote user querying the SCTP connection. (CVE-2013-2206)\n\nHannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option in the Linux kernel\u2019s IPv6 stack. A local user could exploit this flaw to cause a denial of service (system crash). (CVE-2013-4162)", "modified": "2013-09-06T00:00:00", "published": "2013-09-06T00:00:00", "id": "USN-1940-1", "href": "https://usn.ubuntu.com/1940-1/", "title": "Linux kernel (EC2) vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}