F5 Networks BIG-IP : Linux kernel vulnerability (K17241)
2015-09-09T00:00:00
ID F5_BIGIP_SOL17241.NASL Type nessus Reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2021-01-02T00:00:00
Description
The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel
through 3.18.2 does not properly choose memory locations for the vDSO
area, which makes it easier for local users to bypass the ASLR
protection mechanism by guessing a location at the end of a PMD.
(CVE-2014-9585)
Impact
When exploited, a local authenticated user may be able to modify some
system files or information on an affected F5 system. However, the
local authenticated user cannot control which file or information can
be modified.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from F5 Networks BIG-IP Solution K17241.
#
# The text description of this plugin is (C) F5 Networks.
#
include("compat.inc");
if (description)
{
script_id(85856);
script_version("2.7");
script_cvs_date("Date: 2019/06/18 10:31:32");
script_cve_id("CVE-2014-9585");
script_bugtraq_id(71990);
script_name(english:"F5 Networks BIG-IP : Linux kernel vulnerability (K17241)");
script_summary(english:"Checks the BIG-IP version.");
script_set_attribute(
attribute:"synopsis",
value:"The remote device is missing a vendor-supplied security patch."
);
script_set_attribute(
attribute:"description",
value:
"The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel
through 3.18.2 does not properly choose memory locations for the vDSO
area, which makes it easier for local users to bypass the ASLR
protection mechanism by guessing a location at the end of a PMD.
(CVE-2014-9585)
Impact
When exploited, a local authenticated user may be able to modify some
system files or information on an affected F5 system. However, the
local authenticated user cannot control which file or information can
be modified."
);
script_set_attribute(
attribute:"see_also",
value:"https://support.f5.com/csp/article/K17241"
);
script_set_attribute(
attribute:"solution",
value:
"Upgrade to one of the non-vulnerable versions listed in the F5
Solution K17241."
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_acceleration_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_policy_enforcement_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_webaccelerator");
script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/01/09");
script_set_attribute(attribute:"patch_publication_date", value:"2015/09/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/09");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"F5 Networks Local Security Checks");
script_dependencies("f5_bigip_detect.nbin");
script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version", "Settings/ParanoidReport");
exit(0);
}
include("f5_func.inc");
if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
version = get_kb_item("Host/BIG-IP/version");
if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP");
if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix");
if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules");
sol = "K17241";
vmatrix = make_array();
if (report_paranoia < 2) audit(AUDIT_PARANOID);
# AFM
vmatrix["AFM"] = make_array();
vmatrix["AFM"]["affected" ] = make_list("11.6.0-11.6.1","11.0.0-11.5.4");
vmatrix["AFM"]["unaffected"] = make_list("11.6.2","11.5.5");
# AM
vmatrix["AM"] = make_array();
vmatrix["AM"]["affected" ] = make_list("11.6.0-11.6.1","11.0.0-11.5.4");
vmatrix["AM"]["unaffected"] = make_list("11.6.2","11.5.5");
# APM
vmatrix["APM"] = make_array();
vmatrix["APM"]["affected" ] = make_list("11.6.0-11.6.1","11.0.0-11.5.4");
vmatrix["APM"]["unaffected"] = make_list("11.6.2","11.5.5");
# ASM
vmatrix["ASM"] = make_array();
vmatrix["ASM"]["affected" ] = make_list("11.6.0-11.6.1","11.0.0-11.5.4");
vmatrix["ASM"]["unaffected"] = make_list("11.6.2","11.5.5");
# AVR
vmatrix["AVR"] = make_array();
vmatrix["AVR"]["affected" ] = make_list("11.6.0-11.6.1","11.0.0-11.5.4");
vmatrix["AVR"]["unaffected"] = make_list("11.6.2","11.5.5");
# GTM
vmatrix["GTM"] = make_array();
vmatrix["GTM"]["affected" ] = make_list("11.6.0-11.6.1","11.0.0-11.5.4");
vmatrix["GTM"]["unaffected"] = make_list("11.6.2","11.5.5");
# LC
vmatrix["LC"] = make_array();
vmatrix["LC"]["affected" ] = make_list("11.6.0-11.6.1","11.0.0-11.5.4");
vmatrix["LC"]["unaffected"] = make_list("11.6.2","11.5.5");
# LTM
vmatrix["LTM"] = make_array();
vmatrix["LTM"]["affected" ] = make_list("11.6.0-11.6.1","11.0.0-11.5.4");
vmatrix["LTM"]["unaffected"] = make_list("11.6.2","11.5.5");
# PEM
vmatrix["PEM"] = make_array();
vmatrix["PEM"]["affected" ] = make_list("11.6.0-11.6.1","11.0.0-11.5.4");
vmatrix["PEM"]["unaffected"] = make_list("11.6.2","11.5.5");
# WAM
vmatrix["WAM"] = make_array();
vmatrix["WAM"]["affected" ] = make_list("11.6.0-11.6.1","11.0.0-11.5.4");
vmatrix["WAM"]["unaffected"] = make_list("11.6.2","11.5.5");
if (bigip_is_affected(vmatrix:vmatrix, sol:sol))
{
if (report_verbosity > 0) security_note(port:0, extra:bigip_report_get());
else security_note(0);
exit(0);
}
else
{
tested = bigip_get_tested_modules();
audit_extra = "For BIG-IP module(s) " + tested + ",";
if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);
else audit(AUDIT_HOST_NOT, "running any of the affected modules");
}
{"id": "F5_BIGIP_SOL17241.NASL", "bulletinFamily": "scanner", "title": "F5 Networks BIG-IP : Linux kernel vulnerability (K17241)", "description": "The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel\nthrough 3.18.2 does not properly choose memory locations for the vDSO\narea, which makes it easier for local users to bypass the ASLR\nprotection mechanism by guessing a location at the end of a PMD.\n(CVE-2014-9585)\n\nImpact\n\nWhen exploited, a local authenticated user may be able to modify some\nsystem files or information on an affected F5 system. However, the\nlocal authenticated user cannot control which file or information can\nbe modified.", "published": "2015-09-09T00:00:00", "modified": "2021-01-02T00:00:00", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}, "href": "https://www.tenable.com/plugins/nessus/85856", "reporter": "This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://support.f5.com/csp/article/K17241"], "cvelist": ["CVE-2014-9585"], "type": "nessus", "lastseen": "2021-01-01T01:58:15", "edition": 25, "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-9585"]}, {"type": "f5", "idList": ["F5:K17241", "SOL17241"]}, {"type": "nessus", "idList": ["ORACLELINUX_ELSA-2015-3041.NASL", "ORACLELINUX_ELSA-2015-3042.NASL", "ORACLELINUX_ELSA-2015-1081.NASL", "FEDORA_2015-0937.NASL", "ORACLEVM_OVMSA-2015-0069.NASL", "CENTOS_RHSA-2015-1081.NASL", "ORACLELINUX_ELSA-2015-3043.NASL", "SUSE_SU-2015-0178-1.NASL", "SL_20150609_KERNEL_ON_SL6_X.NASL", "REDHAT-RHSA-2015-1081.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-1081", "ELSA-2015-3043", "ELSA-2015-3064", "ELSA-2015-3041", "ELSA-2015-1778", "ELSA-2015-3042"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310123103", "OPENVAS:1361412562310123101", "OPENVAS:1361412562310850992", "OPENVAS:1361412562310882195", "OPENVAS:1361412562310123102", "OPENVAS:1361412562310871372", "OPENVAS:1361412562310871452", "OPENVAS:1361412562310882285", "OPENVAS:1361412562310123106", "OPENVAS:1361412562310123005"]}, {"type": "suse", "idList": ["SUSE-SU-2015:0178-1", "OPENSUSE-SU-2015:0713-1", "OPENSUSE-SU-2015:0714-1", "SUSE-SU-2015:0652-1"]}, {"type": "redhat", "idList": ["RHSA-2015:1787", "RHSA-2015:1778", "RHSA-2015:1081", "RHSA-2015:1788"]}, {"type": "centos", "idList": ["CESA-2015:1778", "CESA-2015:1081"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14217", "SECURITYVULNS:DOC:31621", "SECURITYVULNS:VULN:14292", "SECURITYVULNS:DOC:31766"]}, {"type": "ubuntu", "idList": ["USN-2518-1", "USN-2515-2", "USN-2516-2", "USN-2517-1", "USN-2514-1", "USN-2516-3", "USN-2513-1", "USN-2515-1", "USN-2516-1"]}, {"type": "fedora", "idList": ["FEDORA:E1CE2605E17A", "FEDORA:92F5160877B4", "FEDORA:8EFBC604949F", "FEDORA:1661D600FD84", "FEDORA:4F15F6087C54"]}, {"type": "debian", "idList": ["DEBIAN:DLA-155-1:5E8B0", "DEBIAN:DSA-3170-1:F6570"]}], "modified": "2021-01-01T01:58:15", "rev": 2}, "score": {"value": 6.0, "vector": "NONE", "modified": "2021-01-01T01:58:15", "rev": 2}, "vulnersScore": 6.0}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K17241.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85856);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2019/06/18 10:31:32\");\n\n script_cve_id(\"CVE-2014-9585\");\n script_bugtraq_id(71990);\n\n script_name(english:\"F5 Networks BIG-IP : Linux kernel vulnerability (K17241)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel\nthrough 3.18.2 does not properly choose memory locations for the vDSO\narea, which makes it easier for local users to bypass the ASLR\nprotection mechanism by guessing a location at the end of a PMD.\n(CVE-2014-9585)\n\nImpact\n\nWhen exploited, a local authenticated user may be able to modify some\nsystem files or information on an affected F5 system. However, the\nlocal authenticated user cannot control which file or information can\nbe modified.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K17241\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K17241.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K17241\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"11.6.0-11.6.1\",\"11.0.0-11.5.4\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"11.6.2\",\"11.5.5\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"11.6.0-11.6.1\",\"11.0.0-11.5.4\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"11.6.2\",\"11.5.5\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"11.6.0-11.6.1\",\"11.0.0-11.5.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"11.6.2\",\"11.5.5\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"11.6.0-11.6.1\",\"11.0.0-11.5.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"11.6.2\",\"11.5.5\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.6.0-11.6.1\",\"11.0.0-11.5.4\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"11.6.2\",\"11.5.5\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.6.0-11.6.1\",\"11.0.0-11.5.4\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.6.2\",\"11.5.5\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"11.6.0-11.6.1\",\"11.0.0-11.5.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"11.6.2\",\"11.5.5\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"11.6.0-11.6.1\",\"11.0.0-11.5.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"11.6.2\",\"11.5.5\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"11.6.0-11.6.1\",\"11.0.0-11.5.4\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"11.6.2\",\"11.5.5\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"11.6.0-11.6.1\",\"11.0.0-11.5.4\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"11.6.2\",\"11.5.5\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_note(port:0, extra:bigip_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "naslFamily": "F5 Networks Local Security Checks", "pluginID": "85856", "cpe": ["cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/h:f5:big-ip", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/a:f5:big-ip_access_policy_manager"], "scheme": null}
{"cve": [{"lastseen": "2020-12-09T19:58:29", "description": "The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.", "edition": 6, "cvss3": {}, "published": "2015-01-09T21:59:00", "title": "CVE-2014-9585", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9585"], "modified": "2020-05-21T20:35:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server_tus:7.6", "cpe:/o:redhat:enterprise_linux_server_eus:7.4", "cpe:/o:redhat:enterprise_linux_server_aus:7.3", "cpe:/o:suse:linux_enterprise_desktop:12", "cpe:/o:linux:linux_kernel:3.18.2", "cpe:/o:opensuse:opensuse:13.1", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:fedoraproject:fedora:21", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:redhat:enterprise_linux_aus:6.6", "cpe:/o:redhat:enterprise_linux_server_eus:7.3", "cpe:/o:redhat:enterprise_linux_server_eus:7.7", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_eus:6.6", "cpe:/o:redhat:enterprise_linux_server_eus:7.5", "cpe:/o:suse:linux_enterprise_software_development_kit:12", "cpe:/o:redhat:enterprise_linux_server_aus:7.4", "cpe:/o:suse:linux_enterprise_workstation_extension:12", "cpe:/o:redhat:enterprise_linux_server_aus:7.6", "cpe:/o:redhat:enterprise_linux_server_tus:7.7", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_server_tus:7.3", "cpe:/o:suse:linux_enterprise_server:12", "cpe:/o:redhat:enterprise_linux_server_aus:7.7", "cpe:/o:suse:linux_enterprise_real_time_extension:11", "cpe:/o:opensuse:evergreen:11.4", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:suse:linux_enterprise_server:11", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.2", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.1", "cpe:/o:redhat:enterprise_linux_server_tus:6.6", "cpe:/o:redhat:enterprise_linux_server_eus:7.6", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2014-9585", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9585", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_aus:6.6:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:evergreen:11.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.18.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:*", "cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp3:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_eus:6.6:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*"]}], "f5": [{"lastseen": "2020-04-06T22:40:22", "bulletinFamily": "software", "cvelist": ["CVE-2014-9585"], "description": "\nF5 Product Development has assigned ID 527563, ID 505679 (BIG-IP), ID 525391 (BIG-IQ), ID 525392 (Enterprise Manager), and INSTALLER-1302 (Traffix) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv2 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 14.x | None | Not applicable | Low | [2.1](<https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=\\(AV:L/AC:L/Au:N/C:N/I:P/A:N\\)>) | Linux kernel \n13.x | None | Not applicable \n12.x | None | Not applicable \n11.x | 11.6.0 - 11.6.1 \n11.0.0 - 11.5.4 | 11.6.2 \n11.5.5 \nEnterprise Manager | 3.x | 3.0.0 - 3.1.1 | None | Low | [2.1](<https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=\\(AV:L/AC:L/Au:N/C:N/I:P/A:N\\)>) | Linux kernel \nBIG-IQ Centralized Management | 6.x | None | Not applicable | Low | [2.1](<https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=\\(AV:L/AC:L/Au:N/C:N/I:P/A:N\\)>) | Linux kernel \n5.x | 5.0.0 - 5.1.0 | 5.2.0 \nF5 iWorkflow | 2.x | None | Not applicable | Not vulnerable | None | None \nTraffix SDC | 5.x | None | Not applicable | Not vulnerable | None | None \n \n1The CVSSv2 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nTo mitigate this vulnerability, you should only permit management access to F5 products over a secure network and limit shell access to trusted users. For more information about securing access to BIG-IP and Enterprise Manager systems, refer to [K13309: Restricting access to the Configuration utility by source IP address (11.x)](<https://support.f5.com/csp/article/K13309>) and [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "edition": 1, "modified": "2019-06-17T19:22:00", "published": "2015-09-08T19:41:00", "id": "F5:K17241", "href": "https://support.f5.com/csp/article/K17241", "title": "Linux kernel vulnerability CVE-2014-9585", "type": "f5", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2016-09-26T17:22:54", "bulletinFamily": "software", "cvelist": ["CVE-2014-9585"], "edition": 1, "description": "**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nRecommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability, you should only permit management access to F5 products over a secure network and limit shell access to trusted users. For more information about securing access to BIG-IP and Enterprise Manager systems, refer to SOL13309: Restricting access to the Configuration utility by source IP address (11.x) and SOL13092: Overview of securing access to the BIG-IP system.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2015-09-08T00:00:00", "published": "2015-09-08T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/17000/200/sol17241.html", "id": "SOL17241", "title": "SOL17241 - Linux kernel vulnerability CVE-2014-9585", "type": "f5", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2021-01-12T10:13:11", "description": "The 3.18.3 update contains a number of important fixes across the\ntree. The 201 build should also fix most of the i915 issues seen in\ntesting on 3.18.2-200 The 3.18.2 kernel rebase contains several new\nfeatures as well as several fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 18, "published": "2015-01-26T00:00:00", "title": "Fedora 21 : kernel-3.18.3-201.fc21 (2015-0937)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9585"], "modified": "2015-01-26T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2015-0937.NASL", "href": "https://www.tenable.com/plugins/nessus/80976", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-0937.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80976);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-9585\");\n script_bugtraq_id(71990);\n script_xref(name:\"FEDORA\", value:\"2015-0937\");\n\n script_name(english:\"Fedora 21 : kernel-3.18.3-201.fc21 (2015-0937)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 3.18.3 update contains a number of important fixes across the\ntree. The 201 build should also fix most of the i915 issues seen in\ntesting on 3.18.2-200 The 3.18.2 kernel rebase contains several new\nfeatures as well as several fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1181054\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-January/148480.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cff980bd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"kernel-3.18.3-201.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T12:50:23", "description": "Description of changes:\n\nkernel-uek\n[3.8.13-68.3.2.el7uek]\n- x86_64, vdso: Fix the vdso address randomization algorithm (Andy \nLutomirski) [Orabug: 21226729] {CVE-2014-9585}\n- isofs: Fix infinite looping over CE entries (Jan Kara) [Orabug: \n21225975] {CVE-2014-9420}\n- x86_64, switch_to(): Load TLS descriptors before switching DS and ES \n(Andy Lutomirski) [Orabug: 21225937] {CVE-2014-9419}", "edition": 23, "published": "2015-06-11T00:00:00", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3041)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9420", "CVE-2014-9419", "CVE-2014-9585"], "modified": "2015-06-11T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-68.3.2.el6uek", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-68.3.2.el7uek"], "id": "ORACLELINUX_ELSA-2015-3041.NASL", "href": "https://www.tenable.com/plugins/nessus/84108", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2015-3041.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84108);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-9419\", \"CVE-2014-9420\", \"CVE-2014-9585\");\n script_bugtraq_id(71717, 71794, 71990);\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3041)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\nkernel-uek\n[3.8.13-68.3.2.el7uek]\n- x86_64, vdso: Fix the vdso address randomization algorithm (Andy \nLutomirski) [Orabug: 21226729] {CVE-2014-9585}\n- isofs: Fix infinite looping over CE entries (Jan Kara) [Orabug: \n21225975] {CVE-2014-9420}\n- x86_64, switch_to(): Load TLS descriptors before switching DS and ES \n(Andy Lutomirski) [Orabug: 21225937] {CVE-2014-9419}\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-June/005109.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-June/005110.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-68.3.2.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-68.3.2.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-9419\", \"CVE-2014-9420\", \"CVE-2014-9585\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2015-3041\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"3.8\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"dtrace-modules-3.8.13-68.3.2.el6uek-0.4.3-4.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-3.8.13-68.3.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-3.8.13-68.3.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-3.8.13-68.3.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-devel-3.8.13-68.3.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-doc-3.8.13-68.3.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-3.8.13-68.3.2.el6uek\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"dtrace-modules-3.8.13-68.3.2.el7uek-0.4.3-4.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-3.8.13-68.3.2.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-debug-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-debug-3.8.13-68.3.2.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-debug-devel-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-3.8.13-68.3.2.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-devel-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-devel-3.8.13-68.3.2.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-doc-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-doc-3.8.13-68.3.2.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-firmware-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-3.8.13-68.3.2.el7uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-17T12:50:23", "description": "Description of changes:\n\n[2.6.39-400.250.5.el6uek]\n- x86_64, vdso: Fix the vdso address randomization algorithm (Andy \nLutomirski) [Orabug: 21226730] {CVE-2014-9585}\n- isofs: Fix infinite looping over CE entries (Jan Kara) [Orabug: \n21225976] {CVE-2014-9420}\n- x86_64, switch_to(): Load TLS descriptors before switching DS and ES \n(Andy Lutomirski) [Orabug: 21225938] {CVE-2014-9419}\n\n[2.6.39-400.250.4.el6uek]\n- IB/ipoib: Disable TSO in connected mode (Yuval Shaia) [Orabug: 20637991]\n\n[2.6.39-400.250.3.el6uek]\n- af_unix: dont send SCM_CREDENTIALS by default (Eric Dumazet) [Orabug: \n20604916] - scm: Capture the full credentials of the scm sender (Tim \nChen) [Orabug: 20604916] - af_unix: limit recursion level (Eric \nDumazet) [Orabug: 20604916] - af_unix: Allow credentials to work across \nuser and pid namespaces. (Eric W. Biederman) [Orabug: 20604916] - scm: \nCapture the full credentials of the scm sender. (Eric W. Biederman) \n[Orabug: 20604916] - BUG_ON(lockres->l_level != DLM_LOCK_EX \n!checkpointed) tripped in ocfs2_ci_checkpointed (Tariq Saeed) [Orabug: \n20189959] - sched: Prevent divide by zero when cpu power calculation is \n0 (Todd Vierling) [Orabug: 17936435]", "edition": 23, "published": "2015-06-11T00:00:00", "title": "Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3042)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9420", "CVE-2014-9419", "CVE-2014-9585"], "modified": "2015-06-11T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-debug"], "id": "ORACLELINUX_ELSA-2015-3042.NASL", "href": "https://www.tenable.com/plugins/nessus/84109", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2015-3042.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84109);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-9419\", \"CVE-2014-9420\", \"CVE-2014-9585\");\n script_bugtraq_id(71717, 71794, 71990);\n\n script_name(english:\"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3042)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[2.6.39-400.250.5.el6uek]\n- x86_64, vdso: Fix the vdso address randomization algorithm (Andy \nLutomirski) [Orabug: 21226730] {CVE-2014-9585}\n- isofs: Fix infinite looping over CE entries (Jan Kara) [Orabug: \n21225976] {CVE-2014-9420}\n- x86_64, switch_to(): Load TLS descriptors before switching DS and ES \n(Andy Lutomirski) [Orabug: 21225938] {CVE-2014-9419}\n\n[2.6.39-400.250.4.el6uek]\n- IB/ipoib: Disable TSO in connected mode (Yuval Shaia) [Orabug: 20637991]\n\n[2.6.39-400.250.3.el6uek]\n- af_unix: dont send SCM_CREDENTIALS by default (Eric Dumazet) [Orabug: \n20604916] - scm: Capture the full credentials of the scm sender (Tim \nChen) [Orabug: 20604916] - af_unix: limit recursion level (Eric \nDumazet) [Orabug: 20604916] - af_unix: Allow credentials to work across \nuser and pid namespaces. (Eric W. Biederman) [Orabug: 20604916] - scm: \nCapture the full credentials of the scm sender. (Eric W. Biederman) \n[Orabug: 20604916] - BUG_ON(lockres->l_level != DLM_LOCK_EX \n!checkpointed) tripped in ocfs2_ci_checkpointed (Tariq Saeed) [Orabug: \n20189959] - sched: Prevent divide by zero when cpu power calculation is \n0 (Todd Vierling) [Orabug: 17936435]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-June/005113.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-June/005114.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-9419\", \"CVE-2014-9420\", \"CVE-2014-9585\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2015-3042\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-2.6.39-400.250.5.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-2.6.39-400.250.5.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-devel-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-devel-2.6.39-400.250.5.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-devel-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-devel-2.6.39-400.250.5.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-doc-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-doc-2.6.39-400.250.5.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-firmware-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-firmware-2.6.39-400.250.5.el5uek\")) flag++;\n\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-2.6.39-400.250.5.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-2.6.39-400.250.5.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-devel-2.6.39-400.250.5.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-devel-2.6.39-400.250.5.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-doc-2.6.39-400.250.5.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-firmware-2.6.39-400.250.5.el6uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-06T13:23:32", "description": "The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - x86_64, vdso: Fix the vdso address randomization\n algorithm (Andy Lutomirski) [Orabug: 21226729]\n (CVE-2014-9585)\n\n - isofs: Fix infinite looping over CE entries (Jan Kara)\n [Orabug: 21225975] (CVE-2014-9420)\n\n - x86_64, switch_to: Load TLS descriptors before switching\n DS and ES (Andy Lutomirski) [Orabug: 21225937]\n (CVE-2014-9419)\n\n - xen-netfront: use correct linear area after linearizing\n an skb (David Vrabel) [Orabug: 21209908] - sched:\n Prevent divide by zero when cpu power calculation is 0\n (Todd Vierling) [Orabug: 21123125]", "edition": 26, "published": "2015-06-12T00:00:00", "title": "OracleVM 3.3 : kernel-uek (OVMSA-2015-0069)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9420", "CVE-2014-9419", "CVE-2014-9585"], "modified": "2015-06-12T00:00:00", "cpe": ["cpe:/o:oracle:vm_server:3.3", "p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware"], "id": "ORACLEVM_OVMSA-2015-0069.NASL", "href": "https://www.tenable.com/plugins/nessus/84141", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2015-0069.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84141);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-9419\", \"CVE-2014-9420\", \"CVE-2014-9585\");\n script_bugtraq_id(71717, 71794, 71990);\n\n script_name(english:\"OracleVM 3.3 : kernel-uek (OVMSA-2015-0069)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - x86_64, vdso: Fix the vdso address randomization\n algorithm (Andy Lutomirski) [Orabug: 21226729]\n (CVE-2014-9585)\n\n - isofs: Fix infinite looping over CE entries (Jan Kara)\n [Orabug: 21225975] (CVE-2014-9420)\n\n - x86_64, switch_to: Load TLS descriptors before switching\n DS and ES (Andy Lutomirski) [Orabug: 21225937]\n (CVE-2014-9419)\n\n - xen-netfront: use correct linear area after linearizing\n an skb (David Vrabel) [Orabug: 21209908] - sched:\n Prevent divide by zero when cpu power calculation is 0\n (Todd Vierling) [Orabug: 21123125]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2015-June/000315.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"kernel-uek-3.8.13-68.3.2.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"kernel-uek-firmware-3.8.13-68.3.2.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-17T12:50:24", "description": "Description of changes:\n\nkernel-uek\n[2.6.32-400.37.5.el6uek]\n- x86_64, vdso: Fix the vdso address randomization algorithm (Andy \nLutomirski) [Orabug: 21226731] {CVE-2014-9585}\n- isofs: Fix infinite looping over CE entries (Jan Kara) [Orabug: \n21225977] {CVE-2014-9420}\n- x86_64, switch_to(): Load TLS descriptors before switching DS and ES \n(Andy Lutomirski) [Orabug: 21225939] {CVE-2014-9419}", "edition": 23, "published": "2015-06-11T00:00:00", "title": "Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3043)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9420", "CVE-2014-9419", "CVE-2014-9585"], "modified": "2015-06-11T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:ofa-2.6.32-400.37.5.el5uekdebug", "p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.37.5.el6uekdebug", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:ofa-2.6.32-400.37.5.el6uek", "p-cpe:/a:oracle:linux:kernel-uek", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:ofa-2.6.32-400.37.5.el6uekdebug", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.37.5.el5uekdebug", "p-cpe:/a:oracle:linux:ofa-2.6.32-400.37.5.el5uek", "p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.37.5.el5uek", "p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.37.5.el6uek", "p-cpe:/a:oracle:linux:kernel-uek-debug"], "id": "ORACLELINUX_ELSA-2015-3043.NASL", "href": "https://www.tenable.com/plugins/nessus/84110", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2015-3043.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84110);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-9419\", \"CVE-2014-9420\", \"CVE-2014-9585\");\n script_bugtraq_id(71717, 71794, 71990);\n\n script_name(english:\"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3043)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\nkernel-uek\n[2.6.32-400.37.5.el6uek]\n- x86_64, vdso: Fix the vdso address randomization algorithm (Andy \nLutomirski) [Orabug: 21226731] {CVE-2014-9585}\n- isofs: Fix infinite looping over CE entries (Jan Kara) [Orabug: \n21225977] {CVE-2014-9420}\n- x86_64, switch_to(): Load TLS descriptors before switching DS and ES \n(Andy Lutomirski) [Orabug: 21225939] {CVE-2014-9419}\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-June/005116.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-June/005117.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.37.5.el5uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.37.5.el5uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.37.5.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.37.5.el6uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-400.37.5.el5uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-400.37.5.el5uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-400.37.5.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-400.37.5.el6uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-9419\", \"CVE-2014-9420\", \"CVE-2014-9585\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2015-3043\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-2.6.32\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-2.6.32-400.37.5.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-2.6.32\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-2.6.32-400.37.5.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-devel-2.6.32\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-devel-2.6.32-400.37.5.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-devel-2.6.32\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-devel-2.6.32-400.37.5.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-doc-2.6.32\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-doc-2.6.32-400.37.5.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-firmware-2.6.32\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-firmware-2.6.32-400.37.5.el5uek\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"mlnx_en-2.6.32-400.37.5.el5uek-1.5.7-2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"mlnx_en-2.6.32-400.37.5.el5uekdebug-1.5.7-2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"ofa-2.6.32-400.37.5.el5uek-1.5.1-4.0.58\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"ofa-2.6.32-400.37.5.el5uekdebug-1.5.1-4.0.58\")) flag++;\n\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-2.6.32-400.37.5.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-2.6.32-400.37.5.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-devel-2.6.32-400.37.5.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-devel-2.6.32-400.37.5.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-doc-2.6.32-400.37.5.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-firmware-2.6.32-400.37.5.el6uek\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"mlnx_en-2.6.32-400.37.5.el6uek-1.5.7-0.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"mlnx_en-2.6.32-400.37.5.el6uekdebug-1.5.7-0.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"ofa-2.6.32-400.37.5.el6uek-1.5.1-4.0.58\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"ofa-2.6.32-400.37.5.el6uekdebug-1.5.1-4.0.58\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-01T05:05:31", "description": "Updated kernel packages that fix multiple security issues, several\nbugs, and add various enhancements are now available for Red Hat\nEnterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the Linux kernel's implementation of vectored pipe\nread and write functionality did not take into account the I/O vectors\nthat were already processed when retrying after a failed atomic access\noperation, potentially resulting in memory corruption due to an I/O\nvector array overrun. A local, unprivileged user could use this flaw\nto crash the system or, potentially, escalate their privileges on the\nsystem. (CVE-2015-1805, Important)\n\n* A buffer overflow flaw was found in the way the Linux kernel's Intel\nAES-NI instructions optimized version of the RFC4106 GCM mode\ndecryption functionality handled fragmented packets. A remote attacker\ncould use this flaw to crash, or potentially escalate their privileges\non, a system over a connection with an active AES-GCM mode IPSec\nsecurity association. (CVE-2015-3331, Important)\n\n* An information leak flaw was found in the way the Linux kernel\nchanged certain segment registers and thread-local storage (TLS)\nduring a context switch. A local, unprivileged user could use this\nflaw to leak the user space TLS base address of an arbitrary process.\n(CVE-2014-9419, Low)\n\n* It was found that the Linux kernel's ISO file system implementation\ndid not correctly limit the traversal of Rock Ridge extension\nContinuation Entries (CE). An attacker with physical access to the\nsystem could use this flaw to trigger an infinite loop in the kernel,\nresulting in a denial of service. (CVE-2014-9420, Low)\n\n* An information leak flaw was found in the way the Linux kernel's\nVirtual Dynamic Shared Object (vDSO) implementation performed address\nrandomization. A local, unprivileged user could use this flaw to leak\nkernel memory addresses to user-space. (CVE-2014-9585, Low)\n\nRed Hat would like to thank Carl Henrik Lunde for reporting\nCVE-2014-9420. The security impact of the CVE-2015-1805 issue was\ndiscovered by Red Hat.\n\nThis update also fixes several bugs and adds various enhancements.\nDocumentation for these changes is available from the Technical Notes\ndocument linked to in the References section.\n\nAll kernel users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements. The system must be rebooted for this update to take\neffect.", "edition": 29, "published": "2015-06-10T00:00:00", "title": "RHEL 6 : kernel (RHSA-2015:1081)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9420", "CVE-2015-3331", "CVE-2014-9419", "CVE-2014-9585", "CVE-2015-1805"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "cpe:/o:redhat:enterprise_linux:6.6", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:python-perf", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686"], "id": "REDHAT-RHSA-2015-1081.NASL", "href": "https://www.tenable.com/plugins/nessus/84075", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1081. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84075);\n script_version(\"2.16\");\n script_cvs_date(\"Date: 2019/10/24 15:35:39\");\n\n script_cve_id(\"CVE-2014-9419\", \"CVE-2014-9420\", \"CVE-2014-9585\", \"CVE-2015-1805\", \"CVE-2015-3331\");\n script_bugtraq_id(71717, 71794, 71990, 74235, 74951);\n script_xref(name:\"RHSA\", value:\"2015:1081\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2015:1081)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix multiple security issues, several\nbugs, and add various enhancements are now available for Red Hat\nEnterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the Linux kernel's implementation of vectored pipe\nread and write functionality did not take into account the I/O vectors\nthat were already processed when retrying after a failed atomic access\noperation, potentially resulting in memory corruption due to an I/O\nvector array overrun. A local, unprivileged user could use this flaw\nto crash the system or, potentially, escalate their privileges on the\nsystem. (CVE-2015-1805, Important)\n\n* A buffer overflow flaw was found in the way the Linux kernel's Intel\nAES-NI instructions optimized version of the RFC4106 GCM mode\ndecryption functionality handled fragmented packets. A remote attacker\ncould use this flaw to crash, or potentially escalate their privileges\non, a system over a connection with an active AES-GCM mode IPSec\nsecurity association. (CVE-2015-3331, Important)\n\n* An information leak flaw was found in the way the Linux kernel\nchanged certain segment registers and thread-local storage (TLS)\nduring a context switch. A local, unprivileged user could use this\nflaw to leak the user space TLS base address of an arbitrary process.\n(CVE-2014-9419, Low)\n\n* It was found that the Linux kernel's ISO file system implementation\ndid not correctly limit the traversal of Rock Ridge extension\nContinuation Entries (CE). An attacker with physical access to the\nsystem could use this flaw to trigger an infinite loop in the kernel,\nresulting in a denial of service. (CVE-2014-9420, Low)\n\n* An information leak flaw was found in the way the Linux kernel's\nVirtual Dynamic Shared Object (vDSO) implementation performed address\nrandomization. A local, unprivileged user could use this flaw to leak\nkernel memory addresses to user-space. (CVE-2014-9585, Low)\n\nRed Hat would like to thank Carl Henrik Lunde for reporting\nCVE-2014-9420. The security impact of the CVE-2015-1805 issue was\ndiscovered by Red Hat.\n\nThis update also fixes several bugs and adds various enhancements.\nDocumentation for these changes is available from the Technical Notes\ndocument linked to in the References section.\n\nAll kernel users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements. The system must be rebooted for this update to take\neffect.\"\n );\n # https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b5caa05f\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3331\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-9419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-9585\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-9420\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-9419\", \"CVE-2014-9420\", \"CVE-2014-9585\", \"CVE-2015-1805\", \"CVE-2015-3331\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2015:1081\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1081\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-2.6.32-504.23.4.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-2.6.32-504.23.4.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-2.6.32-504.23.4.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-abi-whitelists-2.6.32-504.23.4.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-2.6.32-504.23.4.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-2.6.32-504.23.4.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-504.23.4.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-2.6.32-504.23.4.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-2.6.32-504.23.4.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-504.23.4.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.32-504.23.4.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.32-504.23.4.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-504.23.4.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-2.6.32-504.23.4.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-2.6.32-504.23.4.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-504.23.4.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-2.6.32-504.23.4.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-2.6.32-504.23.4.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-504.23.4.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-devel-2.6.32-504.23.4.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-devel-2.6.32-504.23.4.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-504.23.4.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-doc-2.6.32-504.23.4.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-firmware-2.6.32-504.23.4.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-headers-2.6.32-504.23.4.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-headers-2.6.32-504.23.4.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-504.23.4.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.32-504.23.4.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-2.6.32-504.23.4.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.32-504.23.4.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-2.6.32-504.23.4.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-2.6.32-504.23.4.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-2.6.32-504.23.4.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-debuginfo-2.6.32-504.23.4.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-debuginfo-2.6.32-504.23.4.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-504.23.4.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-perf-2.6.32-504.23.4.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-perf-2.6.32-504.23.4.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-perf-2.6.32-504.23.4.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-perf-debuginfo-2.6.32-504.23.4.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-perf-debuginfo-2.6.32-504.23.4.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-2.6.32-504.23.4.el6\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T14:22:21", "description": "The SUSE Linux Enterprise 12 kernel was updated to 3.12.36 to receive\nvarious security and bugfixes.\n\nFollowing security bugs were fixed :\n\n - CVE-2014-8559: The d_walk function in fs/dcache.c in the\n Linux kernel through 3.17.2 did not properly maintain\n the semantics of rename_lock, which allowed local users\n to cause a denial of service (deadlock and system hang)\n via a crafted application (bnc#903640).\n\n - CVE-2014-9420: The rock_continue function in\n fs/isofs/rock.c in the Linux kernel through 3.18.1 did\n not restrict the number of Rock Ridge continuation\n entries, which allowed local users to cause a denial of\n service (infinite loop, and system crash or hang) via a\n crafted iso9660 image (bnc#906545 911325).\n\n - CVE-2014-3690: arch/x86/kvm/vmx.c in the KVM subsystem\n in the Linux kernel before 3.17.2 on Intel processors\n did not ensure that the value in the CR4 control\n register remained the same after a VM entry, which\n allowed host OS users to kill arbitrary processes or\n cause a denial of service (system disruption) by\n leveraging /dev/kvm access, as demonstrated by\n PR_SET_TSC prctl calls within a modified copy of QEMU\n (bnc#902232).\n\n - CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function\n in net/sctp/associola.c in the SCTP implementation in\n the Linux kernel through 3.17.2 allowed remote attackers\n to cause a denial of service (panic) via duplicate\n ASCONF chunks that triggered an incorrect uncork within\n the side-effect interpreter (bnc#902349).\n\n - CVE-2014-9585: The vdso_addr function in\n arch/x86/vdso/vma.c in the Linux kernel through 3.18.2\n did not properly choose memory locations for the vDSO\n area, which made it easier for local users to bypass the\n ASLR protection mechanism by guessing a location at the\n end of a PMD (bnc#912705).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 22, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-05-20T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2015:0178-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9420", "CVE-2014-8559", "CVE-2014-3690", "CVE-2014-9585", "CVE-2014-3687"], "modified": "2015-05-20T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debugsource", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-devel"], "id": "SUSE_SU-2015-0178-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83678", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:0178-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83678);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-3687\", \"CVE-2014-3690\", \"CVE-2014-8559\", \"CVE-2014-9420\", \"CVE-2014-9585\");\n script_bugtraq_id(70691, 70766, 70854, 71717, 71990);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2015:0178-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SUSE Linux Enterprise 12 kernel was updated to 3.12.36 to receive\nvarious security and bugfixes.\n\nFollowing security bugs were fixed :\n\n - CVE-2014-8559: The d_walk function in fs/dcache.c in the\n Linux kernel through 3.17.2 did not properly maintain\n the semantics of rename_lock, which allowed local users\n to cause a denial of service (deadlock and system hang)\n via a crafted application (bnc#903640).\n\n - CVE-2014-9420: The rock_continue function in\n fs/isofs/rock.c in the Linux kernel through 3.18.1 did\n not restrict the number of Rock Ridge continuation\n entries, which allowed local users to cause a denial of\n service (infinite loop, and system crash or hang) via a\n crafted iso9660 image (bnc#906545 911325).\n\n - CVE-2014-3690: arch/x86/kvm/vmx.c in the KVM subsystem\n in the Linux kernel before 3.17.2 on Intel processors\n did not ensure that the value in the CR4 control\n register remained the same after a VM entry, which\n allowed host OS users to kill arbitrary processes or\n cause a denial of service (system disruption) by\n leveraging /dev/kvm access, as demonstrated by\n PR_SET_TSC prctl calls within a modified copy of QEMU\n (bnc#902232).\n\n - CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function\n in net/sctp/associola.c in the SCTP implementation in\n the Linux kernel through 3.17.2 allowed remote attackers\n to cause a denial of service (panic) via duplicate\n ASCONF chunks that triggered an incorrect uncork within\n the side-effect interpreter (bnc#902349).\n\n - CVE-2014-9585: The vdso_addr function in\n arch/x86/vdso/vma.c in the Linux kernel through 3.18.2\n did not properly choose memory locations for the vDSO\n area, which made it easier for local users to bypass the\n ASLR protection mechanism by guessing a location at the\n end of a PMD (bnc#912705).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=800255\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=809493\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=829110\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=856659\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=862374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=873252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=875220\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=884407\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=887108\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=887597\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=889192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=891086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=891277\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=893428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=895387\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=895814\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=902232\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=902346\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=902349\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=903279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=903640\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=904053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=904177\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=904659\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=904969\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=905087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=905100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=906027\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=906140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=906545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=907069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=907325\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=907536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=907593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=907714\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=907818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=907969\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=907970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=907971\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=907973\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=908057\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=908163\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=908198\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=908803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=908825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=908904\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=909077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=909092\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=909095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=909829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=910249\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=910697\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=911181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=911325\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=912129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=912278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=912281\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=912290\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=912514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=912705\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=912946\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=913233\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=913387\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=913466\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-3687/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-3690/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-8559/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9420/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9585/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20150178-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3f92c399\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12 :\n\nzypper in -t patch SUSE-SLE-WE-12-2015-48\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2015-48\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2015-48\n\nSUSE Linux Enterprise Module for Public Cloud 12 :\n\nzypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-48\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-48\n\nSUSE Linux Enterprise Build System Kit 12 :\n\nzypper in -t patch SUSE-SLE-BSK-12-2015-48\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.36-38.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.12.36-38.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.12.36-38.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.36-38.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.36-38.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.36-38.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-man-3.12.36-38.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-3.12.36-38.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-base-3.12.36-38.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-base-debuginfo-3.12.36-38.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-debuginfo-3.12.36-38.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-debugsource-3.12.36-38.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-devel-3.12.36-38.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-syms-3.12.36-38.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-3.12.36-38.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-3.12.36-38.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-3.12.36-38.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-devel-3.12.36-38.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-extra-3.12.36-38.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-extra-debuginfo-3.12.36-38.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-syms-3.12.36-38.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.36-38.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.36-38.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.36-38.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.36-38.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-17T13:48:47", "description": "* It was found that the Linux kernel's implementation of vectored pipe\nread and write functionality did not take into account the I/O vectors\nthat were already processed when retrying after a failed atomic access\noperation, potentially resulting in memory corruption due to an I/O\nvector array overrun. A local, unprivileged user could use this flaw\nto crash the system or, potentially, escalate their privileges on the\nsystem. (CVE-2015-1805, Important)\n\n* A buffer overflow flaw was found in the way the Linux kernel's Intel\nAES-NI instructions optimized version of the RFC4106 GCM mode\ndecryption functionality handled fragmented packets. A remote attacker\ncould use this flaw to crash, or potentially escalate their privileges\non, a system over a connection with an active AES-GCM mode IPSec\nsecurity association. (CVE-2015-3331, Important)\n\n* An information leak flaw was found in the way the Linux kernel\nchanged certain segment registers and thread-local storage (TLS)\nduring a context switch. A local, unprivileged user could use this\nflaw to leak the user space TLS base address of an arbitrary process.\n(CVE-2014-9419, Low)\n\n* It was found that the Linux kernel's ISO file system implementation\ndid not correctly limit the traversal of Rock Ridge extension\nContinuation Entries (CE). An attacker with physical access to the\nsystem could use this flaw to trigger an infinite loop in the kernel,\nresulting in a denial of service. (CVE-2014-9420, Low)\n\n* An information leak flaw was found in the way the Linux kernel's\nVirtual Dynamic Shared Object (vDSO) implementation performed address\nrandomization. A local, unprivileged user could use this flaw to leak\nkernel memory addresses to user-space. (CVE-2014-9585, Low)\n\nThe system must be rebooted for this update to take effect.", "edition": 16, "published": "2015-06-10T00:00:00", "title": "Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20150609)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9420", "CVE-2015-3331", "CVE-2014-9419", "CVE-2014-9585", "CVE-2015-1805"], "modified": "2015-06-10T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists", "p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686", "p-cpe:/a:fermilab:scientific_linux:kernel-firmware", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:kernel-doc", "p-cpe:/a:fermilab:scientific_linux:perf"], "id": "SL_20150609_KERNEL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/84078", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84078);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-9419\", \"CVE-2014-9420\", \"CVE-2014-9585\", \"CVE-2015-1805\", \"CVE-2015-3331\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20150609)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"* It was found that the Linux kernel's implementation of vectored pipe\nread and write functionality did not take into account the I/O vectors\nthat were already processed when retrying after a failed atomic access\noperation, potentially resulting in memory corruption due to an I/O\nvector array overrun. A local, unprivileged user could use this flaw\nto crash the system or, potentially, escalate their privileges on the\nsystem. (CVE-2015-1805, Important)\n\n* A buffer overflow flaw was found in the way the Linux kernel's Intel\nAES-NI instructions optimized version of the RFC4106 GCM mode\ndecryption functionality handled fragmented packets. A remote attacker\ncould use this flaw to crash, or potentially escalate their privileges\non, a system over a connection with an active AES-GCM mode IPSec\nsecurity association. (CVE-2015-3331, Important)\n\n* An information leak flaw was found in the way the Linux kernel\nchanged certain segment registers and thread-local storage (TLS)\nduring a context switch. A local, unprivileged user could use this\nflaw to leak the user space TLS base address of an arbitrary process.\n(CVE-2014-9419, Low)\n\n* It was found that the Linux kernel's ISO file system implementation\ndid not correctly limit the traversal of Rock Ridge extension\nContinuation Entries (CE). An attacker with physical access to the\nsystem could use this flaw to trigger an infinite loop in the kernel,\nresulting in a denial of service. (CVE-2014-9420, Low)\n\n* An information leak flaw was found in the way the Linux kernel's\nVirtual Dynamic Shared Object (vDSO) implementation performed address\nrandomization. A local, unprivileged user could use this flaw to leak\nkernel memory addresses to user-space. (CVE-2014-9585, Low)\n\nThe system must be rebooted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1506&L=scientific-linux-errata&F=&S=&P=5447\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8604f960\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"kernel-2.6.32-504.23.4.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-abi-whitelists-2.6.32-504.23.4.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-2.6.32-504.23.4.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-debuginfo-2.6.32-504.23.4.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-devel-2.6.32-504.23.4.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debuginfo-2.6.32-504.23.4.el6\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"i386\", reference:\"kernel-debuginfo-common-i686-2.6.32-504.23.4.el6\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-504.23.4.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-devel-2.6.32-504.23.4.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-doc-2.6.32-504.23.4.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-firmware-2.6.32-504.23.4.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-headers-2.6.32-504.23.4.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-2.6.32-504.23.4.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-debuginfo-2.6.32-504.23.4.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-perf-2.6.32-504.23.4.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-perf-debuginfo-2.6.32-504.23.4.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:30:10", "description": "Updated kernel packages that fix multiple security issues, several\nbugs, and add various enhancements are now available for Red Hat\nEnterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the Linux kernel's implementation of vectored pipe\nread and write functionality did not take into account the I/O vectors\nthat were already processed when retrying after a failed atomic access\noperation, potentially resulting in memory corruption due to an I/O\nvector array overrun. A local, unprivileged user could use this flaw\nto crash the system or, potentially, escalate their privileges on the\nsystem. (CVE-2015-1805, Important)\n\n* A buffer overflow flaw was found in the way the Linux kernel's Intel\nAES-NI instructions optimized version of the RFC4106 GCM mode\ndecryption functionality handled fragmented packets. A remote attacker\ncould use this flaw to crash, or potentially escalate their privileges\non, a system over a connection with an active AES-GCM mode IPSec\nsecurity association. (CVE-2015-3331, Important)\n\n* An information leak flaw was found in the way the Linux kernel\nchanged certain segment registers and thread-local storage (TLS)\nduring a context switch. A local, unprivileged user could use this\nflaw to leak the user space TLS base address of an arbitrary process.\n(CVE-2014-9419, Low)\n\n* It was found that the Linux kernel's ISO file system implementation\ndid not correctly limit the traversal of Rock Ridge extension\nContinuation Entries (CE). An attacker with physical access to the\nsystem could use this flaw to trigger an infinite loop in the kernel,\nresulting in a denial of service. (CVE-2014-9420, Low)\n\n* An information leak flaw was found in the way the Linux kernel's\nVirtual Dynamic Shared Object (vDSO) implementation performed address\nrandomization. A local, unprivileged user could use this flaw to leak\nkernel memory addresses to user-space. (CVE-2014-9585, Low)\n\nRed Hat would like to thank Carl Henrik Lunde for reporting\nCVE-2014-9420. The security impact of the CVE-2015-1805 issue was\ndiscovered by Red Hat.\n\nThis update also fixes several bugs and adds various enhancements.\nDocumentation for these changes is available from the Technical Notes\ndocument linked to in the References section.\n\nAll kernel users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements. The system must be rebooted for this update to take\neffect.", "edition": 29, "published": "2015-06-11T00:00:00", "title": "CentOS 6 : kernel (CESA-2015:1081)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9420", "CVE-2015-3331", "CVE-2014-9419", "CVE-2014-9585", "CVE-2015-1805"], "modified": "2015-06-11T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-firmware", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug-devel"], "id": "CENTOS_RHSA-2015-1081.NASL", "href": "https://www.tenable.com/plugins/nessus/84091", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1081 and \n# CentOS Errata and Security Advisory 2015:1081 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84091);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-9419\", \"CVE-2014-9420\", \"CVE-2014-9585\", \"CVE-2015-1805\", \"CVE-2015-3331\");\n script_bugtraq_id(71717, 71794, 71990, 74235, 74951);\n script_xref(name:\"RHSA\", value:\"2015:1081\");\n\n script_name(english:\"CentOS 6 : kernel (CESA-2015:1081)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix multiple security issues, several\nbugs, and add various enhancements are now available for Red Hat\nEnterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the Linux kernel's implementation of vectored pipe\nread and write functionality did not take into account the I/O vectors\nthat were already processed when retrying after a failed atomic access\noperation, potentially resulting in memory corruption due to an I/O\nvector array overrun. A local, unprivileged user could use this flaw\nto crash the system or, potentially, escalate their privileges on the\nsystem. (CVE-2015-1805, Important)\n\n* A buffer overflow flaw was found in the way the Linux kernel's Intel\nAES-NI instructions optimized version of the RFC4106 GCM mode\ndecryption functionality handled fragmented packets. A remote attacker\ncould use this flaw to crash, or potentially escalate their privileges\non, a system over a connection with an active AES-GCM mode IPSec\nsecurity association. (CVE-2015-3331, Important)\n\n* An information leak flaw was found in the way the Linux kernel\nchanged certain segment registers and thread-local storage (TLS)\nduring a context switch. A local, unprivileged user could use this\nflaw to leak the user space TLS base address of an arbitrary process.\n(CVE-2014-9419, Low)\n\n* It was found that the Linux kernel's ISO file system implementation\ndid not correctly limit the traversal of Rock Ridge extension\nContinuation Entries (CE). An attacker with physical access to the\nsystem could use this flaw to trigger an infinite loop in the kernel,\nresulting in a denial of service. (CVE-2014-9420, Low)\n\n* An information leak flaw was found in the way the Linux kernel's\nVirtual Dynamic Shared Object (vDSO) implementation performed address\nrandomization. A local, unprivileged user could use this flaw to leak\nkernel memory addresses to user-space. (CVE-2014-9585, Low)\n\nRed Hat would like to thank Carl Henrik Lunde for reporting\nCVE-2014-9420. The security impact of the CVE-2015-1805 issue was\ndiscovered by Red Hat.\n\nThis update also fixes several bugs and adds various enhancements.\nDocumentation for these changes is available from the Technical Notes\ndocument linked to in the References section.\n\nAll kernel users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements. The system must be rebooted for this update to take\neffect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-June/021165.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1cf05d0f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-3331\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-2.6.32-504.23.4.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-abi-whitelists-2.6.32-504.23.4.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-debug-2.6.32-504.23.4.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-debug-devel-2.6.32-504.23.4.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-devel-2.6.32-504.23.4.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-doc-2.6.32-504.23.4.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-firmware-2.6.32-504.23.4.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-headers-2.6.32-504.23.4.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perf-2.6.32-504.23.4.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"python-perf-2.6.32-504.23.4.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:49:57", "description": "From Red Hat Security Advisory 2015:1081 :\n\nUpdated kernel packages that fix multiple security issues, several\nbugs, and add various enhancements are now available for Red Hat\nEnterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the Linux kernel's implementation of vectored pipe\nread and write functionality did not take into account the I/O vectors\nthat were already processed when retrying after a failed atomic access\noperation, potentially resulting in memory corruption due to an I/O\nvector array overrun. A local, unprivileged user could use this flaw\nto crash the system or, potentially, escalate their privileges on the\nsystem. (CVE-2015-1805, Important)\n\n* A buffer overflow flaw was found in the way the Linux kernel's Intel\nAES-NI instructions optimized version of the RFC4106 GCM mode\ndecryption functionality handled fragmented packets. A remote attacker\ncould use this flaw to crash, or potentially escalate their privileges\non, a system over a connection with an active AES-GCM mode IPSec\nsecurity association. (CVE-2015-3331, Important)\n\n* An information leak flaw was found in the way the Linux kernel\nchanged certain segment registers and thread-local storage (TLS)\nduring a context switch. A local, unprivileged user could use this\nflaw to leak the user space TLS base address of an arbitrary process.\n(CVE-2014-9419, Low)\n\n* It was found that the Linux kernel's ISO file system implementation\ndid not correctly limit the traversal of Rock Ridge extension\nContinuation Entries (CE). An attacker with physical access to the\nsystem could use this flaw to trigger an infinite loop in the kernel,\nresulting in a denial of service. (CVE-2014-9420, Low)\n\n* An information leak flaw was found in the way the Linux kernel's\nVirtual Dynamic Shared Object (vDSO) implementation performed address\nrandomization. A local, unprivileged user could use this flaw to leak\nkernel memory addresses to user-space. (CVE-2014-9585, Low)\n\nRed Hat would like to thank Carl Henrik Lunde for reporting\nCVE-2014-9420. The security impact of the CVE-2015-1805 issue was\ndiscovered by Red Hat.\n\nThis update also fixes several bugs and adds various enhancements.\nDocumentation for these changes is available from the Technical Notes\ndocument linked to in the References section.\n\nAll kernel users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements. The system must be rebooted for this update to take\neffect.", "edition": 26, "published": "2015-06-10T00:00:00", "title": "Oracle Linux 6 : kernel (ELSA-2015-1081)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9420", "CVE-2015-3331", "CVE-2014-9419", "CVE-2014-9585", "CVE-2015-1805"], "modified": "2015-06-10T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-doc", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-firmware", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2015-1081.NASL", "href": "https://www.tenable.com/plugins/nessus/84073", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:1081 and \n# Oracle Linux Security Advisory ELSA-2015-1081 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84073);\n script_version(\"2.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-9419\", \"CVE-2014-9420\", \"CVE-2014-9585\", \"CVE-2015-1805\", \"CVE-2015-3331\");\n script_bugtraq_id(71717, 71794, 71990, 73060, 74235, 74951);\n script_xref(name:\"RHSA\", value:\"2015:1081\");\n\n script_name(english:\"Oracle Linux 6 : kernel (ELSA-2015-1081)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:1081 :\n\nUpdated kernel packages that fix multiple security issues, several\nbugs, and add various enhancements are now available for Red Hat\nEnterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the Linux kernel's implementation of vectored pipe\nread and write functionality did not take into account the I/O vectors\nthat were already processed when retrying after a failed atomic access\noperation, potentially resulting in memory corruption due to an I/O\nvector array overrun. A local, unprivileged user could use this flaw\nto crash the system or, potentially, escalate their privileges on the\nsystem. (CVE-2015-1805, Important)\n\n* A buffer overflow flaw was found in the way the Linux kernel's Intel\nAES-NI instructions optimized version of the RFC4106 GCM mode\ndecryption functionality handled fragmented packets. A remote attacker\ncould use this flaw to crash, or potentially escalate their privileges\non, a system over a connection with an active AES-GCM mode IPSec\nsecurity association. (CVE-2015-3331, Important)\n\n* An information leak flaw was found in the way the Linux kernel\nchanged certain segment registers and thread-local storage (TLS)\nduring a context switch. A local, unprivileged user could use this\nflaw to leak the user space TLS base address of an arbitrary process.\n(CVE-2014-9419, Low)\n\n* It was found that the Linux kernel's ISO file system implementation\ndid not correctly limit the traversal of Rock Ridge extension\nContinuation Entries (CE). An attacker with physical access to the\nsystem could use this flaw to trigger an infinite loop in the kernel,\nresulting in a denial of service. (CVE-2014-9420, Low)\n\n* An information leak flaw was found in the way the Linux kernel's\nVirtual Dynamic Shared Object (vDSO) implementation performed address\nrandomization. A local, unprivileged user could use this flaw to leak\nkernel memory addresses to user-space. (CVE-2014-9585, Low)\n\nRed Hat would like to thank Carl Henrik Lunde for reporting\nCVE-2014-9420. The security impact of the CVE-2015-1805 issue was\ndiscovered by Red Hat.\n\nThis update also fixes several bugs and adds various enhancements.\nDocumentation for these changes is available from the Technical Notes\ndocument linked to in the References section.\n\nAll kernel users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements. The system must be rebooted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-June/005105.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-9419\", \"CVE-2014-9420\", \"CVE-2014-9585\", \"CVE-2015-1805\", \"CVE-2015-3331\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2015-1081\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-2.6.32-504.23.4.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-abi-whitelists-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-abi-whitelists-2.6.32-504.23.4.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-debug-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-debug-2.6.32-504.23.4.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-debug-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-debug-devel-2.6.32-504.23.4.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-devel-2.6.32-504.23.4.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-doc-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-doc-2.6.32-504.23.4.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-firmware-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-firmware-2.6.32-504.23.4.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-headers-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-headers-2.6.32-504.23.4.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perf-2.6.32-504.23.4.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"python-perf-2.6.32-504.23.4.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:25", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9420", "CVE-2014-9419", "CVE-2014-9585"], "description": "kernel-uek\n[2.6.32-400.37.5]\n- x86_64, vdso: Fix the vdso address randomization algorithm (Andy Lutomirski) [Orabug: 21226731] {CVE-2014-9585}\n- isofs: Fix infinite looping over CE entries (Jan Kara) [Orabug: 21225977] {CVE-2014-9420}\n- x86_64, switch_to(): Load TLS descriptors before switching DS and ES (Andy Lutomirski) [Orabug: 21225939] {CVE-2014-9419}", "edition": 4, "modified": "2015-06-10T00:00:00", "published": "2015-06-10T00:00:00", "id": "ELSA-2015-3043", "href": "http://linux.oracle.com/errata/ELSA-2015-3043.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:39", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9420", "CVE-2014-9419", "CVE-2014-9585"], "description": "[2.6.39-400.250.5]\n- x86_64, vdso: Fix the vdso address randomization algorithm (Andy Lutomirski) [Orabug: 21226730] {CVE-2014-9585}\n- isofs: Fix infinite looping over CE entries (Jan Kara) [Orabug: 21225976] {CVE-2014-9420}\n- x86_64, switch_to(): Load TLS descriptors before switching DS and ES (Andy Lutomirski) [Orabug: 21225938] {CVE-2014-9419}\n[2.6.39-400.250.4]\n- IB/ipoib: Disable TSO in connected mode (Yuval Shaia) [Orabug: 20637991]\n[2.6.39-400.250.3]\n- af_unix: dont send SCM_CREDENTIALS by default (Eric Dumazet) [Orabug: 20604916] \n- scm: Capture the full credentials of the scm sender (Tim Chen) [Orabug: 20604916] \n- af_unix: limit recursion level (Eric Dumazet) [Orabug: 20604916] \n- af_unix: Allow credentials to work across user and pid namespaces. (Eric W. Biederman) [Orabug: 20604916] \n- scm: Capture the full credentials of the scm sender. (Eric W. Biederman) [Orabug: 20604916] \n- BUG_ON(lockres->l_level != DLM_LOCK_EX && !checkpointed) tripped in ocfs2_ci_checkpointed (Tariq Saeed) [Orabug: 20189959] \n- sched: Prevent divide by zero when cpu power calculation is 0 (Todd Vierling) [Orabug: 17936435]", "edition": 4, "modified": "2015-06-10T00:00:00", "published": "2015-06-10T00:00:00", "id": "ELSA-2015-3042", "href": "http://linux.oracle.com/errata/ELSA-2015-3042.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:54", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9420", "CVE-2014-9419", "CVE-2014-9585"], "description": "kernel-uek\n[3.8.13-68.3.2]\n- x86_64, vdso: Fix the vdso address randomization algorithm (Andy Lutomirski) [Orabug: 21226729] {CVE-2014-9585}\n- isofs: Fix infinite looping over CE entries (Jan Kara) [Orabug: 21225975] {CVE-2014-9420}\n- x86_64, switch_to(): Load TLS descriptors before switching DS and ES (Andy Lutomirski) [Orabug: 21225937] {CVE-2014-9419}", "edition": 4, "modified": "2015-06-10T00:00:00", "published": "2015-06-10T00:00:00", "id": "ELSA-2015-3041", "href": "http://linux.oracle.com/errata/ELSA-2015-3041.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:38:13", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9420", "CVE-2015-3331", "CVE-2014-8159", "CVE-2014-9419", "CVE-2014-9585", "CVE-2015-1805"], "description": "[2.6.32-504.23.4]\n- [crypto] drbg: fix maximum value checks on 32 bit systems (Herbert Xu) [1225950 1219907]\n- [crypto] drbg: remove configuration of fixed values (Herbert Xu) [1225950 1219907]\n[2.6.32-504.23.3]\n- [netdrv] bonding: fix locking in enslave failure path (Nikolay Aleksandrov) [1222483 1221856]\n- [netdrv] bonding: primary_slave & curr_active_slave are not cleaned on enslave failure (Nikolay Aleksandrov) [1222483 1221856]\n- [netdrv] bonding: vlans don't get deleted on enslave failure (Nikolay Aleksandrov) [1222483 1221856]\n- [netdrv] bonding: mc addresses don't get deleted on enslave failure (Nikolay Aleksandrov) [1222483 1221856]\n- [netdrv] bonding: IFF_BONDING is not stripped on enslave failure (Nikolay Aleksandrov) [1222483 1221856]\n- [netdrv] bonding: fix error handling if slave is busy v2 (Nikolay Aleksandrov) [1222483 1221856]\n[2.6.32-504.23.2]\n- [fs] pipe: fix pipe corruption and iovec overrun on partial copy (Seth Jennings) [1202860 1185166] {CVE-2015-1805}\n[2.6.32-504.23.1]\n- [x86] crypto: sha256_ssse3 - fix stack corruption with SSSE3 and AVX implementations (Herbert Xu) [1218681 1201490]\n- [scsi] storvsc: ring buffer failures may result in I/O freeze (Vitaly Kuznetsov) [1215754 1171676]\n- [scsi] storvsc: get rid of overly verbose warning messages (Vitaly Kuznetsov) [1215753 1167967]\n- [scsi] storvsc: NULL pointer dereference fix (Vitaly Kuznetsov) [1215753 1167967]\n- [netdrv] ixgbe: fix detection of SFP+ capable interfaces (John Greene) [1213664 1150343]\n- [x86] crypto: aesni - fix memory usage in GCM decryption (Kurt Stutsman) [1213329 1213330] {CVE-2015-3331}\n[2.6.32-504.22.1]\n- [kernel] hrtimer: Prevent hrtimer_enqueue_reprogram race (Prarit Bhargava) [1211940 1136958]\n- [kernel] hrtimer: Preserve timer state in remove_hrtimer() (Prarit Bhargava) [1211940 1136958]\n- [crypto] testmgr: fix RNG return code enforcement (Herbert Xu) [1212695 1208804]\n- [net] netfilter: xtables: make use of caller family rather than target family (Florian Westphal) [1212057 1210697]\n- [net] dynticks: avoid flow_cache_flush() interrupting every core (Marcelo Leitner) [1210595 1191559]\n- [tools] perf: Fix race in build_id_cache__add_s() (Milos Vyletel) [1210593 1204102]\n- [infiniband] ipath+qib: fix dma settings (Doug Ledford) [1208621 1171803]\n- [fs] dcache: return -ESTALE not -EBUSY on distributed fs race (J. Bruce Fields) [1207815 1061994]\n- [net] neigh: Keep neighbour cache entries if number of them is small enough (Jiri Pirko) [1207352 1199856]\n- [x86] crypto: sha256_ssse3 - also test for BMI2 (Herbert Xu) [1204736 1201560]\n- [scsi] qla2xxx: fix race in handling rport deletion during recovery causes panic (Chad Dupuis) [1203544 1102902]\n- [redhat] configs: Enable SSSE3 acceleration by default (Herbert Xu) [1201668 1036216]\n- [crypto] sha512: Create module providing optimized SHA512 routines using SSSE3, AVX or AVX2 instructions (Herbert Xu) [1201668 1036216]\n- [crypto] sha512: Optimized SHA512 x86_64 assembly routine using AVX2 RORX instruction (Herbert Xu) [1201668 1036216]\n- [crypto] sha512: Optimized SHA512 x86_64 assembly routine using AVX instructions (Herbert Xu) [1201668 1036216]\n- [crypto] sha512: Optimized SHA512 x86_64 assembly routine using Supplemental SSE3 instructions (Herbert Xu) [1201668 1036216]\n- [crypto] sha512: Expose generic sha512 routine to be callable from other modules (Herbert Xu) [1201668 1036216]\n- [crypto] sha256: Create module providing optimized SHA256 routines using SSSE3, AVX or AVX2 instructions (Herbert Xu) [1201668 1036216]\n- [crypto] sha256: Optimized sha256 x86_64 routine using AVX2's RORX instructions (Herbert Xu) [1201668 1036216]\n- [crypto] sha256: Optimized sha256 x86_64 assembly routine with AVX instructions (Herbert Xu) [1201668 1036216]\n- [crypto] sha256: Optimized sha256 x86_64 assembly routine using Supplemental SSE3 instructions (Herbert Xu) [1201668 1036216]\n- [crypto] sha256: Expose SHA256 generic routine to be callable externally (Herbert Xu) [1201668 1036216]\n- [crypto] rng: RNGs must return 0 in success case (Herbert Xu) [1201669 1199230]\n- [fs] isofs: infinite loop in CE record entries (Jacob Tanenbaum) [1175243 1175245] {CVE-2014-9420}\n- [x86] vdso: ASLR bruteforce possible for vdso library (Jacob Tanenbaum) [1184896 1184897] {CVE-2014-9585}\n- [kernel] time: ntp: Correct TAI offset during leap second (Prarit Bhargava) [1201674 1199134]\n- [scsi] lpfc: correct device removal deadlock after link bounce (Rob Evers) [1211910 1194793]\n- [scsi] lpfc: Linux lpfc driver doesn't re-establish the link after a cable pull on LPe12002 (Rob Evers) [1211910 1194793]\n- [x86] switch_to(): Load TLS descriptors before switching DS and ES (Denys Vlasenko) [1177353 1177354] {CVE-2014-9419}\n- [net] vlan: Don't propagate flag changes on down interfaces (Jiri Pirko) [1173501 1135347]\n- [net] bridge: register vlan group for br ports (Jiri Pirko) [1173501 1135347]\n- [netdrv] tg3: Use new VLAN code (Jiri Pirko) [1173501 1135347]\n- [netdrv] be2net: move to new vlan model (Jiri Pirko) [1173501 1135347]\n- [net] vlan: mask vlan prio bits (Jiri Pirko) [1173501 1135347]\n- [net] vlan: don't deliver frames for unknown vlans to protocols (Jiri Pirko) [1173501 1135347]\n- [net] vlan: allow nested vlan_do_receive() (Jiri Pirko) [1173501 1135347]\n- [net] allow vlan traffic to be received under bond (Jiri Pirko) [1173501 1135347]\n- [net] vlan: goto another_round instead of calling __netif_receive_skb (Jiri Pirko) [1173501 1135347]\n- [net] bonding: fix bond_arp_rcv setting and arp validate desync state (Jiri Pirko) [1173501 1135347]\n- [net] bonding: remove packet cloning in recv_probe() (Jiri Pirko) [1173501 1135347]\n- [net] bonding: Fix LACPDU rx_dropped commit (Jiri Pirko) [1173501 1135347]\n- [net] bonding: don't increase rx_dropped after processing LACPDUs (Jiri Pirko) [1173501 1135347]\n- [net] bonding: use local function pointer of bond->recv_probe in bond_handle_frame (Jiri Pirko) [1173501 1135347]\n- [net] bonding: move processing of recv handlers into handle_frame() (Jiri Pirko) [1173501 1135347]\n- [netdrv] revert 'bonding: fix bond_arp_rcv setting and arp validate desync state' (Jiri Pirko) [1173501 1135347]\n- [netdrv] revert 'bonding: check for vlan device in bond_3ad_lacpdu_recv()' (Jiri Pirko) [1173501 1135347]\n- [net] vlan: Always untag vlan-tagged traffic on input (Jiri Pirko) [1173501 1135347]\n- [net] Make skb->skb_iif always track skb->dev (Jiri Pirko) [1173501 1135347]\n- [net] vlan: fix a potential memory leak (Jiri Pirko) [1173501 1135347]\n- [net] vlan: fix mac_len recomputation in vlan_untag() (Jiri Pirko) [1173501 1135347]\n- [net] vlan: reset headers on accel emulation path (Jiri Pirko) [1173501 1135347]\n- [net] vlan: Fix the ingress VLAN_FLAG_REORDER_HDR check (Jiri Pirko) [1173501 1135347]\n- [net] vlan: make non-hw-accel rx path similar to hw-accel (Jiri Pirko) [1173501 1135347]\n- [net] allow handlers to be processed for orig_dev (Jiri Pirko) [1173501 1135347]\n- [net] bonding: get netdev_rx_handler_unregister out of locks (Jiri Pirko) [1173501 1135347]\n- [net] bonding: fix rx_handler locking (Jiri Pirko) [1173501 1135347]\n- [net] introduce rx_handler results and logic around that (Jiri Pirko) [1173501 1135347]\n- [net] bonding: register slave pointer for rx_handler (Jiri Pirko) [1173501 1135347]\n- [net] bonding: COW before overwriting the destination MAC address (Jiri Pirko) [1173501 1135347]\n- [net] bonding: convert bonding to use rx_handler (Jiri Pirko) [1173501 1135347]\n- [net] openvswitch: use rx_handler_data pointer to store vport pointer (Jiri Pirko) [1173501 1135347]\n- [net] add a synchronize_net() in netdev_rx_handler_unregister() (Jiri Pirko) [1173501 1135347]\n- [net] add rx_handler data pointer (Jiri Pirko) [1173501 1135347]\n- [net] replace hooks in __netif_receive_skb (Jiri Pirko) [1173501 1135347]\n- [net] fix conflict between null_or_orig and null_or_bond (Jiri Pirko) [1173501 1135347]\n- [net] remove the unnecessary dance around skb_bond_should_drop (Jiri Pirko) [1173501 1135347]\n- [net] revert 'bonding: fix receiving of dups due vlan hwaccel' (Jiri Pirko) [1173501 1135347]\n- [net] uninline skb_bond_should_drop() (Jiri Pirko) [1173501 1135347]\n- [net] bridge: Set vlan_features to allow offloads on vlans (Jiri Pirko) [1173501 1135347]\n- [net] bridge: convert br_features_recompute() to ndo_fix_features (Jiri Pirko) [1173501 1135347]\n- [net] revert 'bridge: explictly tag vlan-accelerated frames destined to the host' (Jiri Pirko) [1173501 1135347]\n- [net] revert 'fix vlan gro path' (Jiri Pirko) [1173501 1135347]\n- [net] revert 'bridge: do not learn from exact matches' (Jiri Pirko) [1173501 1135347]\n- [net] revert 'bridge gets duplicate packets when using vlan over bonding' (Jiri Pirko) [1173501 1135347]\n- [net] llc: remove noisy WARN from llc_mac_hdr_init (Jiri Pirko) [1173501 1135347]\n- [net] bridge: stp: ensure mac header is set (Jiri Pirko) [1173501 1135347]\n- [net] vlan: remove reduntant check in ndo_fix_features callback (Jiri Pirko) [1173501 1135347]\n- [net] vlan: enable soft features regardless of underlying device (Jiri Pirko) [1173501 1135347]\n- [net] vlan: don't call ndo_vlan_rx_register on hardware that doesn't have vlan support (Jiri Pirko) [1173501 1135347]\n- [net] vlan: Fix vlan_features propagation (Jiri Pirko) [1173501 1135347]\n- [net] vlan: convert VLAN devices to use ndo_fix_features() (Jiri Pirko) [1173501 1135347]\n- [net] revert 'vlan: Avoid broken offload configuration when reorder_hdr is disabled' (Jiri Pirko) [1173501 1135347]\n- [net] vlan: vlan device is lockless do not transfer real_num_\n_queues (Jiri Pirko) [1173501 1135347]\n- [net] vlan: consolidate 8021q tagging (Jiri Pirko) [1173501 1135347]\n- [net] propagate NETIF_F_HIGHDMA to vlans (Jiri Pirko) [1173501 1135347]\n- [net] Fix a memmove bug in dev_gro_receive() (Jiri Pirko) [1173501 1135347]\n- [net] vlan: remove check for headroom in vlan_dev_create (Jiri Pirko) [1173501 1135347]\n- [net] vlan: set hard_header_len when VLAN offload features are toggled (Jiri Pirko) [1173501 1135347]\n- [net] vlan: Calling vlan_hwaccel_do_receive() is always valid (Jiri Pirko) [1173501 1135347]\n- [net] vlan: Centralize handling of hardware acceleration (Jiri Pirko) [1173501 1135347]\n- [net] vlan: finish removing vlan_find_dev from public header (Jiri Pirko) [1173501 1135347]\n- [net] vlan: make vlan_find_dev private (Jiri Pirko) [1173501 1135347]\n- [net] vlan: Avoid hash table lookup to find group (Jiri Pirko) [1173501 1135347]\n- [net] revert 'vlan: Add helper functions to manage vlans on bonds and slaves' (Jiri Pirko) [1173501 1135347]\n- [net] revert 'bonding: assign slaves their own vlan_groups' (Jiri Pirko) [1173501 1135347]\n- [net] revert 'bonding: fix regression on vlan module removal' (Jiri Pirko) [1173501 1135347]\n- [net] revert 'bonding: Always add vid to new slave group' (Jiri Pirko) [1173501 1135347]\n- [net] revert 'bonding: Fix up refcounting issues with bond/vlan config' (Jiri Pirko) [1173501 1135347]\n- [net] revert '8021q/vlan: filter device events on bonds' (Jiri Pirko) [1173501 1135347]\n- [net] vlan: Use vlan_dev_real_dev in vlan_hwaccel_do_receive (Jiri Pirko) [1173501 1135347]\n- [net] gro: __napi_gro_receive() optimizations (Jiri Pirko) [1173501 1135347]\n- [net] vlan: Rename VLAN_GROUP_ARRAY_LEN to VLAN_N_VID (Jiri Pirko) [1173501 1135347]\n- [net] vlan: make vlan_hwaccel_do_receive() return void (Jiri Pirko) [1173501 1135347]\n- [net] vlan: init_vlan should not copy slave or master flags (Jiri Pirko) [1173501 1135347]\n- [net] vlan: updates vlan real_num_tx_queues (Jiri Pirko) [1173501 1135347]\n- [net] vlan: adds vlan_dev_select_queue (Jiri Pirko) [1173501 1135347]\n- [net] llc: use dev_hard_header (Jiri Pirko) [1173501 1135347]\n- [net] vlan: support 'loose binding' to the underlying network device (Jiri Pirko) [1173501 1135347]\n- [net] revert 'net: don't set VLAN_TAG_PRESENT for VLAN 0 frames' (Jiri Pirko) [1173501 1135347]\n- [net] bridge: Add support for TX vlan offload (Jiri Pirko) [1173562 1146391]\n- [net] revert 'bridge: Set vlan_features to allow offloads on vlans' (Vlad Yasevich) [1144442 1121991]\n[2.6.32-504.21.1]\n- [netdrv] ixgbe: Fix memory leak in ixgbe_free_q_vector, missing rcu (John Greene) [1210901 1150343]\n- [netdrv] ixgbe: Fix tx_packets and tx_bytes stats not updating (John Greene) [1210901 1150343]\n- [netdrv] qlcnic: Fix update of ethtool stats (Chad Dupuis) [1210902 1148019]\n[2.6.32-504.20.1]\n- [fs] exec: do not abuse ->cred_guard_mutex in threadgroup_lock() (Petr Oros) [1208620 1169225]\n- [kernel] cgroup: always lock threadgroup during migration (Petr Oros) [1208620 1169225]\n- [kernel] threadgroup: extend threadgroup_lock() to cover exit and exec (Petr Oros) [1208620 1169225]\n- [kernel] threadgroup: rename signal->threadgroup_fork_lock to ->group_rwsem (Petr Oros) [1208620 1169225]\n[2.6.32-504.19.1]\n- [mm] memcg: fix crash in re-entrant cgroup_clear_css_refs() (Johannes Weiner) [1204626 1168185]\n[2.6.32-504.18.1]\n- [fs] cifs: Use key_invalidate instead of the rh_key_invalidate() (Sachin Prabhu) [1203366 885899]\n- [fs] KEYS: Add invalidation support (Sachin Prabhu) [1203366 885899]\n- [infiniband] core: Prevent integer overflow in ib_umem_get address arithmetic (Doug Ledford) [1181173 1179327] {CVE-2014-8159}\n[2.6.32-504.17.1]\n- [x86] fpu: shift clear_used_math() from save_i387_xstate() to handle_signal() (Oleg Nesterov) [1199900 1196262]\n- [x86] fpu: change save_i387_xstate() to rely on unlazy_fpu() (Oleg Nesterov) [1199900 1196262]", "edition": 72, "modified": "2015-06-09T00:00:00", "published": "2015-06-09T00:00:00", "id": "ELSA-2015-1081", "href": "http://linux.oracle.com/errata/ELSA-2015-1081.html", "title": "kernel security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:37", "bulletinFamily": "unix", "cvelist": ["CVE-2015-2830", "CVE-2015-2922", "CVE-2015-3339", "CVE-2014-8989", "CVE-2015-0239", "CVE-2015-3636", "CVE-2014-9585"], "description": "kernel-uek\r\n[3.8.13-98]\r\n- KVM: x86: SYSENTER emulation is broken (Nadav Amit) [Orabug: 21502729] {CVE-2015-0239} {CVE-2015-0239}\r\n- fs: take i_mutex during prepare_binprm for set[ug]id executables (Jann Horn) [Orabug: 21502159] {CVE-2015-3339}\r\n \n[3.8.13-97]\r\n- add ql2400, ql2500 firmware versions to prerequisites (Dan Duval) [Orabug: 21474929] \r\n- correct QLogic firmware dependencies in the spec file (Dan Duval) [Orabug: 21474929]\r\n \n[3.8.13-96]\r\n- xen-blkfront: don't add indirect page to list when !feature_persistent (Bob Liu) [Orabug: 21459266]\r\n \n[3.8.13-95]\r\n- add firmware dependencies to spec files (Dan Duval) [Orabug: 21417522]\r\n \n[3.8.13-94]\r\n- ipv6: Don't reduce hop limit for an interface (D.S. Ljungmark) [Orabug: 21444784] {CVE-2015-2922}\r\n- ipv4: Missing sk_nulls_node_init() in ping_unhash(). (David S. Miller) [Orabug: 21444685] {CVE-2015-3636}\r\n \n[3.8.13-93]\r\n- config: sync up config files to make build clean (Guangyu Sun) [Orabug: 21425838] \r\n- acpi: fix typo in drivers/acpi/osl.c (Guangyu Sun) [Orabug: 21418329]\r\n \n[3.8.13-92]\r\n- Revert 'i40e: Add support for getlink, setlink ndo ops' (Brian Maly) [Orabug: 21314906] \r\n- x86: Do not try to sync identity map for non-mapped pages (Dave Hansen) [Orabug: 21326516]\r\n \n[3.8.13-91]\r\n- rds: re-entry of rds_ib_xmit/rds_iw_xmit (Wengang Wang) [Orabug: 21324074] \r\n- drm/mgag200: Reject non-character-cell-aligned mode widths (Adam Jackson) [Orabug: 20868823] \r\n- drm/mgag200: fix typo causing bw limits to be ignored on some chips (Dave Airlie) [Orabug: 20868823] \r\n- drm/mgag200: remove unused driver_private access (David Herrmann) [Orabug: 20868823] \r\n- drm/mgag200: Invalidate page tables when pinning a BO (Egbert Eich) [Orabug: 20868823] \r\n- drm/mgag200: Fix LUT programming for 16bpp (Egbert Eich) [Orabug: 20868823] \r\n- drm/mgag200: Fix framebuffer pitch calculation (Takashi Iwai) [Orabug: 20868823] \r\n- drm/mgag200: Add sysfs support for connectors (Egbert Eich) [Orabug: 20868823] \r\n- drm/mgag200: Add an crtc_disable callback to the crtc helper funcs (Egbert Eich) [Orabug: 20868823] \r\n- drm/mgag200: Fix logic in mgag200_bo_pin() (v2) (Egbert Eich) [Orabug: 20868823] \r\n- drm/mgag200: inline reservations (Maarten Lankhorst) [Orabug: 20868823] \r\n- drm/mgag200: do not attempt to acquire a reservation while in an interrupt handler (Maarten Lankhorst) [Orabug: 20868823] \r\n- drm/mgag200: Added resolution and bandwidth limits for various G200e products. (Julia Lemire) [Orabug: 20868823] \r\n- drm/mgag200: Reject modes that are too big for VRAM (Christopher Harvey) [Orabug: 20868823] \r\n- drm/mgag200: Don't do full cleanup if mgag200_device_init fails (Christopher Harvey) [Orabug: 20868823] \r\n- drm/mgag200: Hardware cursor support (Christopher Harvey) [Orabug: 20868823] \r\n- drm/mgag200: Add missing write to index before accessing data register (Christopher Harvey) [Orabug: 20868823] \r\n- drm/mgag200: Fix framebuffer base address programming (Christopher Harvey) [Orabug: 20868823] \r\n- drm/mgag200: Convert counter delays to jiffies (Christopher Harvey) [Orabug: 20868823] \r\n- drm/mgag200: Fix writes into MGA1064_PIX_CLK_CTL register (Christopher Harvey) [Orabug: 20868823] \r\n- drm/mgag200: Don't change unrelated registers during modeset (Christopher Harvey) [Orabug: 20868823] \r\n- Revert 'lpfc: Fix for lun discovery issue with 8Gig adapter.' (Guru Anbalagane) [Orabug: 21304962]\r\n \n[3.8.13-90]\r\n- x86/asm/entry/64: Remove a bogus 'ret_from_fork' optimization (Andy Lutomirski) [Orabug: 21308309] {CVE-2015-2830}\r\n- Update patched for lpfc from 10.6.61.0 to 10.6.61.1 for UEK R3 U6 release. (Dick Kennedy) \r\n- lpfc: Change buffer pool empty message to miscellaneous category (Dick Kennedy) \r\n- lpfc: Fix incorrect log message reported for empty FCF record. (Dick Kennedy) \r\n- lpfc: Fix rport leak. (Dick Kennedy) \r\n- lpfc: Correct loss of RSCNs during array takeaway/giveback testing. (Dick Kennedy) \r\n- lpfc: Fix crash in vport_delete. (Dick Kennedy) \r\n- lpfc: Fix to remove IRQF_SHARED flag for MSI/MSI-X vectors. (Dick Kennedy) \r\n- lpfc: Fix discovery issue when changing from Pt2Pt to Fabric. (Dick Kennedy) \r\n- lpfc: Correct reporting of vport state on fdisc command failure. (Dick Kennedy) \r\n- lpfc: Add support for RDP ELS command. (Dick Kennedy) \r\n- lpfc: Fix ABORTs WQ selection in terminate_rport_io (Dick Kennedy) \r\n- lpfc: Correct reference counting of rport (Dick Kennedy) \r\n- lpfc: Add support for ELS LCB. (Dick Kennedy) \r\n- lpfc: Correct loss of target discovery after cable swap. (Dick Kennedy) \r\n- dtrace: sigaltstack is no longer a stub syscall (Kris Van Hees) [Orabug: 21304183] \r\n- hpsa: add in new offline mode (Don Brace) [Orabug: 21289871] \r\n- hpsa: add in new controllers (Don Brace) [Orabug: 21289871] \r\n- hpsa: hpsa decode sense data for io and tmf (Don Brace) [Orabug: 21289871] \r\n- hpsa: enable bus mastering during init (Don Brace) [Orabug: 21289871] \r\n- hpsa: enhance kdump (Don Brace) [Orabug: 21289871] \r\n- hpsa: enhance error checking. (Don Brace) [Orabug: 21289871] \r\n- hpsa: enhance driver output (Don Brace) [Orabug: 21289871] \r\n- hpsa: update pci device table (Don Brace) [Orabug: 21289871] \r\n- vmw_pvscsi: Fix pvscsi_abort() function. (Arvind Kumar) [Orabug: 21266080] \r\n- qla2xxx: Update driver version to 8.07.00.18.39.0-k. (Sawan Chandak) [Orabug: 21241070] \r\n- qla2xxx: Restore physical port WWPN only, when port down detected for FA-WWPN port. (Sawan Chandak) [Orabug: 21241070] \r\n- qla2xxx: Fix virtual port configuration, when switch port is disabled/enabled. (Sawan Chandak) [Orabug: 21241070] \r\n- qla2xxx: Prevent multiple firmware dump collection for ISP27XX. (Himanshu Madhani) [Orabug: 21241070] \r\n- qla2xxx: Disable Interrupt handshake for ISP27XX. (Himanshu Madhani) [Orabug: 21241070] \r\n- qla2xxx: Add debugging info for MBX timeout. (Himanshu Madhani) [Orabug: 21241070] \r\n- qla2xxx: Add serdes read/write support for ISP27XX (Andrew Vasquez) [Orabug: 21241070] \r\n- qla2xxx: Add udev notification to save fw dump for ISP27XX (Himanshu Madhani) [Orabug: 21241070] \r\n- qla2xxx: Add message for sucessful FW dump collected for ISP27XX. (Himanshu Madhani) [Orabug: 21241070] \r\n- qla2xxx: Add support to load firmware from file for ISP 26XX/27XX. (Sawan Chandak) [Orabug: 21241070] \r\n- qla2xxx: Fix beacon blink for ISP27XX. (Nigel Kirkland) [Orabug: 21241070] \r\n- qla2xxx: Increase the wait time for firmware to be ready for P3P. (Chad Dupuis) [Orabug: 21241070] \r\n- qla2xxx: Fix printks in ql_log message (Yannick Guerrini) [Orabug: 21241070] \r\n- qla2xxx: Fix printk in qla25xx_setup_mode (Yannick Guerrini) [Orabug: 21241070] \r\n- bnx2i: update to 2.11.2.0 (Vaughan Cao) [Orabug: 21241055] \r\n- bnx2fc: update to 2.9.3 (Vaughan Cao) [Orabug: 21241055] \r\n- bnx2x: update to 1.712.33 (Vaughan Cao) [Orabug: 21241055] \r\n- cnic: update to 2.5.20h (Vaughan Cao) [Orabug: 21241055] \r\n- bnx2: update to 2.2.5o (Vaughan Cao) [Orabug: 21241055] \r\n- md: use SRCU to improve performance (Mikulas Patocka) [Orabug: 18231164] \r\n- kvm: raise KVM_SOFT_MAX_VCPUS to support more vcpus (Dan Duval) [Orabug: 21144488] \r\n- vsock: Make transport the proto owner (Andy King) [Orabug: 21266075] \r\n- VSOCK: Move af_vsock.h and vsock_addr.h to include/net (Asias He) [Orabug: 21266075]\r\n \n[3.8.13-89]\r\n- drivers: xen-blkfront: only talk_to_blkback() when in XenbusStateInitialising (Bob Liu) \r\n- xen/block: add multi-page ring support (Bob Liu) \r\n- driver: xen-blkfront: move talk_to_blkback to a more suitable place (Bob Liu) \r\n- drivers: xen-blkback: delay pending_req allocation to connect_ring (Bob Liu) \r\n- xen/grant: introduce func gnttab_unmap_refs_sync() (Bob Liu) \r\n- xen/blkback: safely unmap purge persistent grants (Bob Liu) \r\n- xenbus_client: Extend interface to support multi-page ring (Wei Liu) \r\n- be2net: update the driver version to 10.6.0.2 (Sathya Perla) [Orabug: 21275400] \r\n- be2net: update copyright year to 2015 (Vasundhara Volam) [Orabug: 21275400] \r\n- be2net: use be_virtfn() instead of !be_physfn() (Kalesh AP) [Orabug: 21275400] \r\n- be2net: simplify UFI compatibility checking (Vasundhara Volam) [Orabug: 21275400] \r\n- be2net: post full RXQ on interface enable (Suresh Reddy) [Orabug: 21275400] \r\n- be2net: check for INSUFFICIENT_VLANS error (Kalesh AP) [Orabug: 21275400] \r\n- be2net: receive pkts with L3, L4 errors on VFs (Somnath Kotur) [Orabug: 21275400] \r\n- be2net: log link status (Ivan Vecera) [Orabug: 21275400] \r\n- be2net: Fix a bug in Rx buffer posting (Ajit Khaparde) [Orabug: 21275400] \r\n- be2net: bump up the driver version to 10.6.0.1 (Sathya Perla) [Orabug: 21275400] \r\n- be2net: use PCI MMIO read instead of config read for errors (Suresh Reddy) [Orabug: 21275400] \r\n- be2net: restrict MODIFY_EQ_DELAY cmd to a max of 8 EQs (Suresh Reddy) [Orabug: 21275400] \r\n- be2net: Prevent VFs from enabling VLAN promiscuous mode (Vasundhara Volam) [Orabug: 21275400] \r\n- ethernet: codespell comment spelling fixes (Joe Perches) [Orabug: 21275400] \r\n- be2net: avoid creating the non-RSS default RXQ if FW allows to (Vasundhara Volam) [Orabug: 21275400] \r\n- be2net: use a wrapper to schedule and cancel error detection task (Sathya Perla) [Orabug: 21275400] \r\n- be2net: shorten AMAP_GET/SET_BITS() macro calls (Sathya Perla) [Orabug: 21275400] \r\n- be2net: MODULE_DEVICE_TABLE: fix some callsites (Andrew Morton) [Orabug: 21275400] \r\n- be2net: avoid unncessary swapping of fields in eth_tx_wrb (Sathya Perla) [Orabug: 21275400] \r\n- be2net: process port misconfig async event (Vasundhara Volam) [Orabug: 21275400] \r\n- be2net: refactor be_set_rx_mode() and be_vid_config() for readability (Sathya Perla) [Orabug: 21275400] \r\n- be2net: remove duplicate code in be_cmd_rx_filter() (Sathya Perla) [Orabug: 21275400] \r\n- be2net: use offset based FW flashing for Skyhawk chip (Vasundhara Volam) [Orabug: 21275400] \r\n- be2net: avoid flashing SH-B0 UFI image on SH-P2 chip (Vasundhara Volam) [Orabug: 21275400] \r\n- be2net: refactor code that checks flash file compatibility (Vasundhara Volam) [Orabug: 21275400] \r\n- be2net: replace (1 << x) with BIT(x) (Vasundhara Volam) [Orabug: 21275400] \r\n- be2net: move un-exported routines from be.h to respective src files (Sathya Perla) [Orabug: 21275400] \r\n- bridge: add flags argument to ndo_bridge_setlink and ndo_bridge_dellink (Roopa Prabhu) [Orabug: 21275400] \r\n- be2net: move definitions related to FW cmdsfrom be_hw.h to be_cmds.h (Vasundhara Volam) [Orabug: 21275400] \r\n- be2net: issue function reset cmd in resume path (Kalesh AP) [Orabug: 21275400] \r\n- be2net: add a log message for POST timeout in Lancer (Kalesh AP) [Orabug: 21275400] \r\n- be2net: fix failure case in setting flow control (Kalesh AP) [Orabug: 21275400] \r\n- be2net: move interface create code to a separate routine (Kalesh AP) [Orabug: 21275400] \r\n- VMCI: Guard against overflow in queue pair allocation (Jorgen Hansen) [Orabug: 21266077] \r\n- VMCI: Check userland-provided datagram size (Andy King) [Orabug: 21266077] \r\n- VMCI: Fix two UVA mapping bugs (Jorgen Hansen) [Orabug: 21266077] \r\n- VMCI: integer overflow in vmci_datagram_dispatch() (Dan Carpenter) [Orabug: 21266077] \r\n- VMCI: fix error handling path when registering guest driver (Dmitry Torokhov) [Orabug: 21266077] \r\n- VMCI: Add support for virtual IOMMU (Andy King) [Orabug: 21266077] \r\n- VMCI: Remove non-blocking/pinned queuepair support (Andy King) [Orabug: 21266077]\r\n \n[3.8.13-88]\r\n- Oracle Linux Kernel Module Signing Key (Alexey Petrenko) [Orabug: 21249387] \r\n- extrakeys.pub is not needed for the build (Alexey Petrenko) [Orabug: 21249387] \r\n- Fix kabi break due to find_special_page was introduced (Bob Liu) [Orabug: 21250018] \r\n- xen/gntdev: provide find_special_page VMA operation (David Vrabel) [Orabug: 21250018] \r\n- xen/gntdev: mark userspace PTEs as special on x86 PV guests (David Vrabel) [Orabug: 21250018] \r\n- xen-blkback: safely unmap grants in case they are still in use (Jennifer Herbert) [Orabug: 21250018] \r\n- xen/gntdev: safely unmap grants in case they are still in use (Jennifer Herbert) [Orabug: 21250018] \r\n- xen/gntdev: convert priv->lock to a mutex (David Vrabel) [Orabug: 21250018] \r\n- xen/grant-table: add a mechanism to safely unmap pages that are in use (Jennifer Herbert) [Orabug: 21250018] \r\n- xen-netback: use foreign page information from the pages themselves (Jennifer Herbert) [Orabug: 21250018] \r\n- xen: mark grant mapped pages as foreign (Jennifer Herbert) [Orabug: 21250018] \r\n- xen/grant-table: add helpers for allocating pages (David Vrabel) [Orabug: 21250018] \r\n- x86/xen: require ballooned pages for grant maps (Jennifer Herbert) [Orabug: 21250018] \r\n- xen: remove scratch frames for ballooned pages and m2p override (David Vrabel) [Orabug: 21250018] \r\n- xen/grant-table: pre-populate kernel unmap ops for xen_gnttab_unmap_refs() (David Vrabel) [Orabug: 21250018] \r\n- mm: add 'foreign' alias for the 'pinned' page flag (Jennifer Herbert) [Orabug: 21250018] \r\n- mm: provide a find_special_page vma operation (David Vrabel) [Orabug: 21250018] \r\n- NFS hangs in __ocfs2_cluster_lock due to race with ocfs2_unblock_lock (Tariq Saeed) [Orabug: 20933419] \r\n- swiotlb: don't assume PA 0 is invalid (Jan Beulich) [Orabug: 21249144]\r\n \n[3.8.13-87]\r\n- qla4xxx: Update driver version to v5.04.00.07.06.02-uek3 (Nilesh Javali) [Orabug: 21241091] \r\n- qla4xxx: check the return value of dma_alloc_coherent() (Maurizio Lombardi) [Orabug: 21241091] \r\n- scsi: qla4xxx: ql4_mbx.c: Cleaning up missing null-terminate in conjunction with strncpy (Rickard Strandqvist) [Orabug: 21241091] \r\n- scsi: qla4xxx: ql4_os.c: Cleaning up missing null-terminate in conjunction with strncpy (Rickard Strandqvist) [Orabug: 21241091] \r\n- qla4xxx: fix get_host_stats error propagation (Mike Christie) [Orabug: 21241091] \r\n- scsi_ibft: Fix finding Broadcom specific ibft sign (Vikas Chaudhary) [Orabug: 21241091] \r\n- dtrace: convert from sdt_instr_t to asm_instr_t (Kris Van Hees) [Orabug: 21267945] \r\n- dtrace: percpu: move from __get_cpu_var() to this_cpu_ptr() (Kris Van Hees) [Orabug: 21265599] \r\n- dtrace: do not vmalloc/vfree from probe context (Kris Van Hees) [Orabug: 21267934] \r\n- dtrace: restructuring for multi-arch support (Kris Van Hees) [Orabug: 21267922] \r\n- kallsyms: fix /proc/kallmodsyms to not be misled by const variables (Nick Alcock) [Orabug: 21257170] \r\n- storvsc: force discovery of LUNs that may have been removed. (K. Y. Srinivasan) [Orabug: 20768211] \r\n- storvsc: in responce to a scan event, scan the host (K. Y. Srinivasan) [Orabug: 20768211] \r\n- builds: configs: Enable mgs driver for OL7 (Santosh Shilimkar) [Orabug: 20505584] \r\n- aacraid: driver version change (Mahesh Rajashekhara) [Orabug: 21208741] \r\n- aacraid: AIF raw device remove support (Mahesh Rajashekhara) [Orabug: 21208741] \r\n- aacraid: performance improvement changes (Mahesh Rajashekhara) [Orabug: 21208741] \r\n- aacraid: IOCTL fix (Mahesh Rajashekhara) [Orabug: 21208741] \r\n- aacraid: IOP RESET command handling changes (Mahesh Rajashekhara) [Orabug: 21208741] \r\n- aacraid: 240 simple volume support (Mahesh Rajashekhara) [Orabug: 21208741] \r\n- aacraid: vpd page code 0x83 support (Mahesh Rajashekhara) [Orabug: 21208741] \r\n- aacraid: MSI-x support (Mahesh Rajashekhara) [Orabug: 21208741] \r\n- aacraid: 4KB sector support (Mahesh Rajashekhara) [Orabug: 21208741] \r\n- aacraid: IOCTL pass-through command fix (Mahesh Rajashekhara) [Orabug: 21208741] \r\n- aacraid: AIF support for SES device add/remove (Mahesh Rajashekhara) [Orabug: 21208741] \r\n- scsi: use 64-bit LUNs (Hannes Reinecke) [Orabug: 21208741] \r\n- remove deprecated IRQF_DISABLED from SCSI (Michael Opdenacker) [Orabug: 21208741] \r\n- aacraid: kdump fix (Mahesh Rajashekhara) [Orabug: 21208741] \r\n- drivers: avoid parsing names as kthread_run() format strings (Kees Cook) [Orabug: 21208741] \r\n- aacraid: Fix for arrays are going offline in the system. System hangs (Mahesh Rajashekhara) [Orabug: 21208741] \r\n- aacraid: Dual firmware image support (Mahesh Rajashekhara) [Orabug: 21208741] \r\n- aacraid: suppress two GCC warnings (Paul Bolle) [Orabug: 21208741] \r\n- aacraid: 1024 max outstanding command support for Series 7 and above (Mahesh Rajashekhara) [Orabug: 21208741]\r\n \n[3.8.13-86]\r\n- kallsyms: fix /proc/kallmodsyms to not be misled by external symbols (Nick Alcock) [Orabug: 21245508] \r\n- wait: change waitfd() to use wait4(), not waitid(); reduce invasiveness (Nick Alcock) [Orabug: 21245391] \r\n- ixgbevf: upgrade to version 2.16.1 (Brian Maly) [Orabug: 21104474] \r\n- ipv6: don't call addrconf_dst_alloc again when enable lo (Gao feng) [Orabug: 21088702] \r\n- efi/xen: Pass missing argument to EFI runtime Xen hypercall (Daniel Kiper) [Orabug: 21247143]\r\n \n[3.8.13-85]\r\n- fanotify: fix notification of groups with inode & mount marks (Jan Kara) [Orabug: 21168905] \r\n- NVMe: Fix VPD B0 max sectors translation (Keith Busch) [Orabug: 21117187] \r\n- NVMe: Add translation for block limits (Keith Busch) [Orabug: 21117187] \r\n- nvme: Fix PRP list calculation for non-4k system page size (Murali Iyer) [Orabug: 21117187] \r\n- NVMe: Fix potential corruption on sync commands (Keith Busch) [Orabug: 21117187] \r\n- NVMe: Fix potential corruption during shutdown (Keith Busch) [Orabug: 21117187] \r\n- NVMe: Initialize device list head before starting (Keith Busch) [Orabug: 21117187] \r\n- NVMe: Asynchronous controller probe (Keith Busch) [Orabug: 21117187] \r\n- NVMe: Register management handle under nvme class (Keith Busch) [Orabug: 21117187] \r\n- NVMe: Update SCSI Inquiry VPD 83h translation (Keith Busch) [Orabug: 21117187] \r\n- NVMe: Update data structures for NVMe 1.2 (Matthew Wilcox) [Orabug: 21117187] \r\n- NVMe: Update namespace and controller identify structures to the 1.1a spec (Dimitri John Ledkov) [Orabug: 21117187] \r\n- NVMe: Update module version (Keith Busch) [Orabug: 21117187] \r\n- fnic: Override the limitation on number of scsi timeouts (Narsimhulu Musini) [Orabug: 21084835] \r\n- fnic: IOMMU Fault occurs when IO and abort IO is out of order (Anil Chintalapati (achintal)) [Orabug: 21084835] \r\n- Fnic: Fnic Driver crashed with NULL pointer reference (Hiral Shah) [Orabug: 21084835] \r\n- Fnic: For Standalone C series, 'sending VLAN request' message seen even if the link is down (Hiral Shah) [Orabug: 21084835] \r\n- Fnic: Improper resue of exchange Ids (Hiral Shah) [Orabug: 21084835] \r\n- Fnic: Memcopy only mimumum of data or trace buffer (Hiral Shah) [Orabug: 21084835] \r\n- Fnic: Not probing all the vNICS via fnic_probe on boot (Hiral Shah) [Orabug: 21084835] \r\n- fnic: assign FIP_ALL_FCF_MACS to fcoe_all_fcfs (Hiral Shah) [Orabug: 21084835] \r\n- uek-rpm: ol6: update build environment to 6.6 (Guangyu Sun)\r\n \n[3.8.13-84]\r\n- x86_64, vdso: Fix the vdso address randomization algorithm (Andy Lutomirski) [Orabug: 21226722] {CVE-2014-9585}\r\n \n[3.8.13-83]\r\n- snic: fix format string overflow (Brian Maly) [Orabug: 21091759] \r\n- scsi: add snic driver to makefile (Brian Maly) [Orabug: 21091759] \r\n- snic: enable snic in kernel configs (Brian Maly) [Orabug: 21091759] \r\n- snic: minor checkpatch fixes (Narsimhulu Musini) [Orabug: 21091759] \r\n- snic: Add Makefile, patch Kconfig, MAINTAINERS (Narsimhulu Musini) [Orabug: 21091759] \r\n- snic: Add event tracing to capture IO events. (Narsimhulu Musini) [Orabug: 21091759] \r\n- snic: Add sysfs entries to list stats and trace data (Narsimhulu Musini) [Orabug: 21091759] \r\n- snic: Add low level queuing interfaces (Narsimhulu Musini) [Orabug: 21091759] \r\n- snic: add SCSI handling, AEN, and fwreset handling (Narsimhulu Musini) [Orabug: 21091759] \r\n- snic: Add snic target discovery (Narsimhulu Musini) [Orabug: 21091759] \r\n- snic: Add meta request, handling of meta requests. (Narsimhulu Musini) [Orabug: 21091759] \r\n- snic: Add interrupt, resource firmware interfaces (Narsimhulu Musini) [Orabug: 21091759] \r\n- snic: snic module infrastructure (Narsimhulu Musini) [Orabug: 21091759] \r\n- xen/mmu: Move the setting of pvops.write_cr3 to later phase in bootup. (Konrad Rzeszutek Wilk) [Orabug: 21197204] \r\n- x86-64, xen, mmu: Provide an early version of write_cr3. (Konrad Rzeszutek Wilk) [Orabug: 21197204] \r\n- uek-rpm: build: Use SHA512 instead of SHA256 for module signing (Natalya Naumova) [Orabug: 20687425] \r\n- config: ol6: make CONFIG_SERIAL_8250_NR_UARTS 64 (Guangyu Sun) [Orabug: 21141039] \r\n- config: enable CONFIG_INTEL_TXT (Guangyu Sun) [Orabug: 21176777] \r\n- export host-only net/core and net/ipv4 parameters to a container as read-only (Thomas Tanaka) [Orabug: 21151210] \r\n- Revert 'i40e: Add FW check to disable DCB and wrap autoneg workaround with FW check' (Brian Maly) [Orabug: 21103806] \r\n- xen-netfront: print correct number of queues (David Vrabel) [Orabug: 21150627] \r\n- xen-netfront: release per-queue Tx and Rx resource when disconnecting (David Vrabel) [Orabug: 21150627] \r\n- xen-netfront: fix locking in connect error path (David Vrabel) [Orabug: 21150627] \r\n- xen-netfront: call netif_carrier_off() only once when disconnecting (David Vrabel) [Orabug: 21150627] \r\n- xen-netfront: don't nest queue locks in xennet_connect() (David Vrabel) [Orabug: 21150627] \r\n- xen-net{back, front}: Document multi-queue feature in netif.h (Andrew J. Bennieston) [Orabug: 21150627] \r\n- xen-netfront: recreate queues correctly when reconnecting (David Vrabel) [Orabug: 21150627] \r\n- xen-netfront: fix oops when disconnected from backend (David Vrabel) [Orabug: 21150627] \r\n- xen-netfront: initialise queue name in xennet_init_queue (Wei Liu) [Orabug: 21150627] \r\n- xen-netfront: Add support for multiple queues (Andrew J. Bennieston) [Orabug: 21150627] \r\n- xen-netfront: Factor queue-specific data into queue struct. (Andrew J. Bennieston) [Orabug: 21150627] \r\n- xen-netback: bookkeep number of active queues in our own module (Wei Liu) [Orabug: 21150627] \r\n- net: xen-netback: include linux/vmalloc.h again (Arnd Bergmann) [Orabug: 21150627] \r\n- xen-netback: Add support for multiple queues (Andrew J. Bennieston) [Orabug: 21150627] \r\n- xen-netback: Factor queue-specific data into queue struct (Wei Liu) [Orabug: 21150627] \r\n- xen-netback: Move grant_copy_op array back into struct xenvif. (Andrew J. Bennieston) [Orabug: 21150627] \r\n- ixgbe: Look up MAC address in Open Firmware or IDPROM (Martin K Petersen) [Orabug: 20983421] \r\n- ixgbe: update to ver 4.0.3 (Ethan Zhao) [Orabug: 20983421]\r\n \n[3.8.13-82]\r\n- config: enable some secure boot features for ol7 (Guangyu Sun) [Orabug: 18961720] \r\n- efi: Disable secure boot if shim is in insecure mode (Josh Boyer) [Orabug: 18961720] \r\n- hibernate: Disable in a signed modules environment (Josh Boyer) [Orabug: 18961720] \r\n- efi: Add EFI_SECURE_BOOT bit (Josh Boyer) [Orabug: 18961720] \r\n- Add option to automatically set securelevel when in Secure Boot mode (Matthew Garrett) [Orabug: 18961720] \r\n- asus-wmi: Restrict debugfs interface when securelevel is set (Matthew Garrett) [Orabug: 18961720] \r\n- x86: Restrict MSR access when securelevel is set (Matthew Garrett) [Orabug: 18961720] \r\n- uswsusp: Disable when securelevel is set (Matthew Garrett) [Orabug: 18961720] \r\n- kexec: Disable at runtime if securelevel has been set. (Matthew Garrett) [Orabug: 18961720] \r\n- acpi: Ignore acpi_rsdp kernel parameter when securelevel is set (Matthew Garrett) [Orabug: 18961720] \r\n- acpi: Limit access to custom_method if securelevel is set (Matthew Garrett) [Orabug: 18961720] \r\n- Restrict /dev/mem and /dev/kmem when securelevel is set. (Matthew Garrett) [Orabug: 18961720] \r\n- x86: Lock down IO port access when securelevel is enabled (Matthew Garrett) [Orabug: 18961720] \r\n- PCI: Lock down BAR access when securelevel is enabled (Matthew Garrett) [Orabug: 18961720] \r\n- Enforce module signatures when securelevel is greater than 0 (Matthew Garrett) [Orabug: 18961720] \r\n- Add BSD-style securelevel support (Matthew Garrett) [Orabug: 18961720] \r\n- MODSIGN: Support not importing certs from db (Josh Boyer) [Orabug: 18961720] \r\n- MODSIGN: Import certificates from UEFI Secure Boot (Josh Boyer) [Orabug: 18961720] \r\n- MODSIGN: Add module certificate blacklist keyring (Josh Boyer) [Orabug: 18961720] \r\n- Add an EFI signature blob parser and key loader. (Dave Howells) [Orabug: 18961720] \r\n- Add EFI signature data types (Dave Howells) [Orabug: 18961720] \r\n- efi: fix error handling in add_sysfs_runtime_map_entry() (Dan Carpenter) [Orabug: 18961720] \r\n- PEFILE: Relax the check on the length of the PKCS#7 cert (David Howells) [Orabug: 18961720] \r\n- kexec: purgatory: add clean-up for purgatory directory (Michael Welling) [Orabug: 18961720] \r\n- x86/purgatory: use approprate -m64/-32 build flag for arch/x86/purgatory (Vivek Goyal) [Orabug: 18961720] \r\n- kexec: remove CONFIG_KEXEC dependency on crypto (Vivek Goyal) [Orabug: 18961720] \r\n- kexec: create a new config option CONFIG_KEXEC_FILE for new syscall (Vivek Goyal) [Orabug: 18961720] \r\n- resource: fix the case of null pointer access (Vivek Goyal) [Orabug: 18961720] \r\n- kexec: verify the signature of signed PE bzImage (Vivek Goyal) [Orabug: 18961720] \r\n- kexec: support kexec/kdump on EFI systems (Vivek Goyal) [Orabug: 18961720] \r\n- kexec: support for kexec on panic using new system call (Vivek Goyal) [Orabug: 18961720] \r\n- kexec-bzImage64: support for loading bzImage using 64bit entry (Vivek Goyal) [Orabug: 18961720] \r\n- kexec: load and relocate purgatory at kernel load time (Vivek Goyal) [Orabug: 18961720] \r\n- purgatory: core purgatory functionality (Vivek Goyal) [Orabug: 18961720] \r\n- purgatory/sha256: provide implementation of sha256 in purgaotory context (Vivek Goyal) [Orabug: 18961720] \r\n- kexec: implementation of new syscall kexec_file_load (Vivek Goyal) [Orabug: 18961720] \r\n- kexec: new syscall kexec_file_load() declaration (Vivek Goyal) [Orabug: 18961720] \r\n- kexec: make kexec_segment user buffer pointer a union (Vivek Goyal) [Orabug: 18961720] \r\n- resource: provide new functions to walk through resources (Vivek Goyal) [Orabug: 18961720] \r\n- kexec: use common function for kimage_normal_alloc() and kimage_crash_alloc() (Vivek Goyal) [Orabug: 18961720] \r\n- kexec: move segment verification code in a separate function (Vivek Goyal) [Orabug: 18961720] \r\n- kexec: rename unusebale_pages to unusable_pages (Vivek Goyal) [Orabug: 18961720] \r\n- kernel: build bin2c based on config option CONFIG_BUILD_BIN2C (Vivek Goyal) [Orabug: 18961720] \r\n- bin2c: move bin2c in scripts/basic (Vivek Goyal) [Orabug: 18961720] \r\n- kexec: remove unnecessary return (Xishi Qiu) [Orabug: 18961720] \r\n- keys: remove duplicated loads of ksplice certificate (Guangyu Sun) [Orabug: 21034277] \r\n- X.509: Support parse long form of length octets in Authority Key Identifier (Chun-Yi Lee) [Orabug: 18961720] \r\n- KEYS: Pre-clear struct key on allocation (David Howells) [Orabug: 18961720] \r\n- KEYS: Fix searching of nested keyrings (David Howells) [Orabug: 18961720] \r\n- KEYS: Fix multiple key add into associative array (David Howells) [Orabug: 18961720] \r\n- KEYS: Fix the keyring hash function (David Howells) [Orabug: 18961720] \r\n- PKCS#7: Fix the parser cleanup to drain parsed out X.509 certs (David Howells) [Orabug: 18961720] \r\n- PKCS#7: Provide a single place to do signed info block freeing (David Howells) [Orabug: 18961720] \r\n- PKCS#7: Add a missing static (David Howells) [Orabug: 18961720] \r\n- X.509: Need to export x509_request_asymmetric_key() (David Howells) [Orabug: 18961720] \r\n- PKCS#7: X.509 certificate issuer and subject are mandatory fields in the ASN.1 (David Howells) [Orabug: 18961720] \r\n- PKCS#7: Use x509_request_asymmetric_key() (David Howells) [Orabug: 18961720] \r\n- X.509: x509_request_asymmetric_keys() doesn't need string length arguments (David Howells) [Orabug: 18961720] \r\n- PKCS#7: fix sparse non static symbol warning (Wei Yongjun) [Orabug: 18961720] \r\n- PKCS#7: Missing inclusion of linux/err.h (David Howells) [Orabug: 18961720] \r\n- ima: define '.ima' as a builtin 'trusted' keyring (Mimi Zohar) [Orabug: 18961720] \r\n- KEYS: validate certificate trust only with builtin keys (Dmitry Kasatkin) [Orabug: 18961720] \r\n- KEYS: validate certificate trust only with selected key (Dmitry Kasatkin) [Orabug: 18961720] \r\n- KEYS: verify a certificate is signed by a 'trusted' key (Mimi Zohar) [Orabug: 18961720] \r\n- KEYS: make partial key id matching as a dedicated function (Dmitry Kasatkin) [Orabug: 18961720] \r\n- KEYS: Reinstate EPERM for a key type name beginning with a '.' (David Howells) [Orabug: 18961720] \r\n- KEYS: special dot prefixed keyring name bug fix (Mimi Zohar) [Orabug: 18961720] \r\n- pefile: Validate PKCS#7 trust chain (David Howells) [Orabug: 18961720] \r\n- pefile: Digest the PE binary and compare to the PKCS#7 data (David Howells) [Orabug: 18961720] \r\n- pefile: Handle pesign using the wrong OID (Vivek Goyal) [Orabug: 18961720] \r\n- pefile: Parse the 'Microsoft individual code signing' data blob (David Howells) [Orabug: 18961720] \r\n- pefile: Parse the presumed PKCS#7 content of the certificate blob (David Howells) [Orabug: 18961720] \r\n- pefile: Strip the wrapper off of the cert data block (David Howells) [Orabug: 18961720] \r\n- pefile: Parse a PE binary to find a key and a signature contained therein (David Howells) [Orabug: 18961720] \r\n- Provide PE binary definitions (David Howells) [Orabug: 18961720] \r\n- KEYS: X.509: Fix a spelling mistake (David Howells) [Orabug: 18961720] \r\n- PKCS#7: Provide a key type for testing PKCS#7 (David Howells) [Orabug: 18961720] \r\n- PKCS#7: Find intersection between PKCS#7 message and known, trusted keys (David Howells) [Orabug: 18961720] \r\n- PKCS#7: Verify internal certificate chain (David Howells) [Orabug: 18961720] \r\n- PKCS#7: Find the right key in the PKCS#7 key list and verify the signature (David Howells) [Orabug: 18961720] \r\n- PKCS#7: Digest the data in a signed-data message (David Howells) [Orabug: 18961720] \r\n- PKCS#7: Implement a parser [RFC 2315] (David Howells) [Orabug: 18961720] \r\n- X.509: Export certificate parse and free functions (David Howells) [Orabug: 18961720] \r\n- X.509: Add bits needed for PKCS#7 (David Howells) [Orabug: 18961720] \r\n- x86/efi: Support initrd loaded above 4G (Yinghai Lu) [Orabug: 18961720] \r\n- x86, boot: Do not include boot.h in string.c (Vivek Goyal) [Orabug: 18961720] \r\n- x86, boot: Move memcmp() into string.h and string.c (Vivek Goyal) [Orabug: 18961720] \r\n- x86, boot: Create a separate string.h file to provide standard string functions (Vivek Goyal) [Orabug: 18961720] \r\n- kexec: add sysctl to disable kexec_load (Kees Cook) [Orabug: 18961720] \r\n- x86: Add xloadflags bit for EFI runtime support on kexec (Dave Young) [Orabug: 18961720] \r\n- x86/efi: Pass necessary EFI data for kexec via setup_data (Dave Young) [Orabug: 18961720] \r\n- efi: Export EFI runtime memory mapping to sysfs (Dave Young) [Orabug: 18961720] \r\n- efi: Export more EFI table variables to sysfs (Dave Young) [Orabug: 18961720] \r\n- x86/efi: Cleanup efi_enter_virtual_mode() function (Dave Young) [Orabug: 18961720] \r\n- x86/efi: Fix off-by-one bug in EFI Boot Services reservation (Dave Young) [Orabug: 18961720] \r\n- x86/efi: Add a wrapper function efi_map_region_fixed() (Dave Young) [Orabug: 18961720] \r\n- keys: change asymmetric keys to use common hash definitions (Dmitry Kasatkin) [Orabug: 18961720] \r\n- crypto: provide single place for hash algo information (Dmitry Kasatkin) [Orabug: 18961720] \r\n- KEYS: fix error return code in big_key_instantiate() (Wei Yongjun) [Orabug: 18961720] \r\n- KEYS: Fix keyring quota misaccounting on key replacement and unlink (David Howells) [Orabug: 18961720] \r\n- KEYS: Fix a race between negating a key and reading the error set (David Howells) [Orabug: 18961720] \r\n- KEYS: Make BIG_KEYS boolean (Josh Boyer) [Orabug: 18961720] \r\n- X.509: remove possible code fragility: enumeration values not handled (Antonio Alecrim Jr) [Orabug: 18961720] \r\n- X.509: add module description and license (Konstantin Khlebnikov) [Orabug: 18961720] \r\n- MPILIB: add module description and license (Konstantin Khlebnikov) [Orabug: 18961720] \r", "edition": 72, "modified": "2015-07-30T00:00:00", "published": "2015-07-30T00:00:00", "id": "ELSA-2015-3064", "href": "http://linux.oracle.com/errata/ELSA-2015-3064.html", "title": "Unbreakable Enterprise kernel security , bug fix and enhancement update", "type": "oraclelinux", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:01", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5364", "CVE-2015-5366", "CVE-2015-3212", "CVE-2015-1333", "CVE-2015-0275", "CVE-2014-9585", "CVE-2015-4700"], "description": "[3.10.0-229.14.1.OL7]\n- Oracle Linux certificates (Alexey Petrenko)\n[3.10.0-229.14.1]\n- [s390] zcrypt: Fixed reset and interrupt handling of AP queues (Hendrik Brueckner) [1248381 1238230]\n[3.10.0-229.13.1]\n- [dma] ioat: fix tasklet tear down (Herton R. Krzesinski) [1251523 1210093]\n- [drm] radeon: Fix VGA switcheroo problem related to hotplug (missing hunk) (Rob Clark) [1207879 1223472]\n- [security] keys: Ensure we free the assoc array edit if edit is valid (David Howells) [1246039 1244171] {CVE-2015-1333}\n- [net] tcp: properly handle stretch acks in slow start (Florian Westphal) [1243903 1151756]\n- [net] tcp: fix no cwnd growth after timeout (Florian Westphal) [1243903 1151756]\n- [net] tcp: increase throughput when reordering is high (Florian Westphal) [1243903 1151756]\n- [of] Fix sysfs_dirent cache integrity issue (Gustavo Duarte) [1249120 1225539]\n- [tty] vt: don't set font mappings on vc not supporting this (Jarod Wilson) [1248384 1213538]\n- [scsi] fix regression in scsi_send_eh_cmnd() (Ewan Milne) [1243412 1167454]\n- [net] udp: fix behavior of wrong checksums (Denys Vlasenko) [1240760 1240761] {CVE-2015-5364 CVE-2015-5366}\n- [fs] Convert MessageID in smb2_hdr to LE (Sachin Prabhu) [1238693 1161441]\n- [x86] bpf_jit: fix compilation of large bpf programs (Denys Vlasenko) [1236938 1236939] {CVE-2015-4700}\n- [net] sctp: fix ASCONF list handling (Marcelo Leitner) [1227960 1206474] {CVE-2015-3212}\n- [fs] ext4: allocate entire range in zero range (Lukas Czerner) [1193909 1187071] {CVE-2015-0275}\n- [x86] ASLR bruteforce possible for vdso library (Jacob Tanenbaum) [1184898 1184899] {CVE-2014-9585}\n[3.10.0-229.12.1]\n- [ethernet] ixgbe: remove CIAA/D register reads from bad VF check (John Greene) [1245597 1205903]\n- [kernel] sched: Avoid throttle_cfs_rq() racing with period_timer stopping (Rik van Riel) [1241078 1236413]", "edition": 4, "modified": "2015-09-15T00:00:00", "published": "2015-09-15T00:00:00", "id": "ELSA-2015-1778", "href": "http://linux.oracle.com/errata/ELSA-2015-1778.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:36:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9420", "CVE-2014-9419", "CVE-2014-9585"], "description": "Oracle Linux Local Security Checks ELSA-2015-3041", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123101", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123101", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-3041", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-3041.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123101\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 09:47:54 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-3041\");\n script_tag(name:\"insight\", value:\"ELSA-2015-3041 - Unbreakable Enterprise kernel security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-3041\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-3041.html\");\n script_cve_id(\"CVE-2014-9419\", \"CVE-2014-9420\", \"CVE-2014-9585\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"dtrace-modules\", rpm:\"dtrace-modules~3.8.13~68.3.2.el7uek~0.4.3~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~3.8.13~68.3.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~3.8.13~68.3.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~3.8.13~68.3.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~3.8.13~68.3.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~3.8.13~68.3.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~3.8.13~68.3.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"dtrace-modules\", rpm:\"dtrace-modules~3.8.13~68.3.2.el6uek~0.4.3~4.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~3.8.13~68.3.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~3.8.13~68.3.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~3.8.13~68.3.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~3.8.13~68.3.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~3.8.13~68.3.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~3.8.13~68.3.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9420", "CVE-2014-9419", "CVE-2014-9585"], "description": "Oracle Linux Local Security Checks ELSA-2015-3043", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123102", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123102", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-3043", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-3043.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123102\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 09:47:55 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-3043\");\n script_tag(name:\"insight\", value:\"ELSA-2015-3043 - Unbreakable Enterprise kernel security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-3043\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-3043.html\");\n script_cve_id(\"CVE-2014-9419\", \"CVE-2014-9420\", \"CVE-2014-9585\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.32~400.37.5.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.32~400.37.5.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.32~400.37.5.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.32~400.37.5.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.32~400.37.5.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.32~400.37.5.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mlnx_en\", rpm:\"mlnx_en~2.6.32~400.37.5.el5uek~1.5.7~2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mlnx_en\", rpm:\"mlnx_en~2.6.32~400.37.5.el5uekdebug~1.5.7~2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~400.37.5.el5uek~1.5.1~4.0.58\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~400.37.5.el5uekdebug~1.5.1~4.0.58\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.32~400.37.5.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.32~400.37.5.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.32~400.37.5.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.32~400.37.5.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.32~400.37.5.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.32~400.37.5.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mlnx_en\", rpm:\"mlnx_en~2.6.32~400.37.5.el6uek~1.5.7~0.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mlnx_en\", rpm:\"mlnx_en~2.6.32~400.37.5.el6uekdebug~1.5.7~0.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~400.37.5.el6uek~1.5.1~4.0.58\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~400.37.5.el6uekdebug~1.5.1~4.0.58\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9420", "CVE-2014-9419", "CVE-2014-9585"], "description": "Oracle Linux Local Security Checks ELSA-2015-3042", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123103", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123103", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-3042", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-3042.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123103\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 09:47:56 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-3042\");\n script_tag(name:\"insight\", value:\"ELSA-2015-3042 - Unbreakable Enterprise kernel security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-3042\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-3042.html\");\n script_cve_id(\"CVE-2014-9419\", \"CVE-2014-9420\", \"CVE-2014-9585\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.39~400.250.5.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.39~400.250.5.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.39~400.250.5.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.39~400.250.5.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.39~400.250.5.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.39~400.250.5.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.39~400.250.5.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.39~400.250.5.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.39~400.250.5.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.39~400.250.5.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.39~400.250.5.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.39~400.250.5.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9420", "CVE-2015-3331", "CVE-2014-9419", "CVE-2014-9585", "CVE-2015-1805"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2015-06-10T00:00:00", "id": "OPENVAS:1361412562310871372", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871372", "type": "openvas", "title": "RedHat Update for kernel RHSA-2015:1081-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2015:1081-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871372\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-10 06:34:27 +0200 (Wed, 10 Jun 2015)\");\n script_cve_id(\"CVE-2014-9419\", \"CVE-2014-9420\", \"CVE-2014-9585\", \"CVE-2015-1805\",\n \"CVE-2015-3331\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for kernel RHSA-2015:1081-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n * It was found that the Linux kernel's implementation of vectored pipe read\nand write functionality did not take into account the I/O vectors that were\nalready processed when retrying after a failed atomic access operation,\npotentially resulting in memory corruption due to an I/O vector array\noverrun. A local, unprivileged user could use this flaw to crash the system\nor, potentially, escalate their privileges on the system. (CVE-2015-1805,\nImportant)\n\n * A buffer overflow flaw was found in the way the Linux kernel's Intel\nAES-NI instructions optimized version of the RFC4106 GCM mode decryption\nfunctionality handled fragmented packets. A remote attacker could use this\nflaw to crash, or potentially escalate their privileges on, a system over a\nconnection with an active AES-GCM mode IPSec security association.\n(CVE-2015-3331, Important)\n\n * An information leak flaw was found in the way the Linux kernel changed\ncertain segment registers and thread-local storage (TLS) during a context\nswitch. A local, unprivileged user could use this flaw to leak the user\nspace TLS base address of an arbitrary process. (CVE-2014-9419, Low)\n\n * It was found that the Linux kernel's ISO file system implementation did\nnot correctly limit the traversal of Rock Ridge extension Continuation\nEntries (CE). An attacker with physical access to the system could use this\nflaw to trigger an infinite loop in the kernel, resulting in a denial of\nservice. (CVE-2014-9420, Low)\n\n * An information leak flaw was found in the way the Linux kernel's Virtual\nDynamic Shared Object (vDSO) implementation performed address\nrandomization. A local, unprivileged user could use this flaw to leak\nkernel memory addresses to user-space. (CVE-2014-9585, Low)\n\nRed Hat would like to thank Carl Henrik Lunde for reporting\nCVE-2014-9420. The security impact of the CVE-2015-1805 issue was\ndiscovered by Red Hat.\n\nThis update also fixes several bugs and adds various enhancements.\nDocumentation for these changes is available from the Technical Notes\ndocument linked to in the References section.\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements. The system must be rebooted for this update to take effect.\");\n script_tag(name:\"affected\", value:\"kernel on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:1081-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-June/msg00009.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~504.23.4.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~504.23.4.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.32~504.23.4.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~504.23.4.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.32~504.23.4.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-i686\", rpm:\"kernel-debuginfo-common-i686~2.6.32~504.23.4.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~504.23.4.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~504.23.4.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~504.23.4.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~2.6.32~504.23.4.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf-debuginfo\", rpm:\"python-perf-debuginfo~2.6.32~504.23.4.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~2.6.32~504.23.4.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~504.23.4.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~504.23.4.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~2.6.32~504.23.4.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:37:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9420", "CVE-2014-8559", "CVE-2014-3690", "CVE-2014-9585", "CVE-2014-3687"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2015-10-16T00:00:00", "id": "OPENVAS:1361412562310850992", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850992", "type": "openvas", "title": "SUSE: Security Advisory for kernel (SUSE-SU-2015:0178-1)", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850992\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 16:17:11 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2014-3687\", \"CVE-2014-3690\", \"CVE-2014-8559\", \"CVE-2014-9420\", \"CVE-2014-9585\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for kernel (SUSE-SU-2015:0178-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The SUSE Linux Enterprise 12 kernel was updated to 3.12.36 to receive\n various security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2014-8559: The d_walk function in fs/dcache.c in the Linux kernel\n through 3.17.2 did not properly maintain the semantics of rename_lock,\n which allowed local users to cause a denial of service (deadlock and\n system hang) via a crafted application (bnc#903640).\n\n - CVE-2014-9420: The rock_continue function in fs/isofs/rock.c in the\n Linux kernel through 3.18.1 did not restrict the number of Rock Ridge\n continuation entries, which allowed local users to cause a denial of\n service (infinite loop, and system crash or hang) via a crafted iso9660\n image (bnc#906545 911325).\n\n - CVE-2014-3690: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux\n kernel before 3.17.2 on Intel processors did not ensure that the value\n in the CR4 control register remained the same after a VM entry, which\n allowed host OS users to kill arbitrary processes or cause a denial of\n service (system disruption) by leveraging /dev/kvm access, as\n demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU\n (bnc#902232).\n\n - CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in\n net/sctp/associola.c in the SCTP implementation in the Linux kernel\n through 3.17.2 allowed remote attackers to cause a denial of service\n (panic) via duplicate ASCONF chunks that triggered an incorrect uncork\n within the side-effect interpreter (bnc#902349).\n\n - CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the\n Linux kernel through 3.18.2 did not properly choose memory locations for\n the vDSO area, which made it easier for local users to bypass the ASLR\n protection mechanism by guessing a location at the end of a PMD\n (bnc#912705).\n\n The following non-security bugs were fixed:\n\n - ACPI idle: permit sparse C-state sub-state numbers (bnc#907969).\n\n - ALSA: hda - verify pin:converter connection on unsol event for HSW and\n VLV.\n\n - ALSA: hda - verify pin:cvt connection on preparing a stream for Intel\n HDMI codec.\n\n - ALSA: hda/hdmi - apply Valleyview fix-ups to Cherryview display codec.\n\n - ALSA: hda_intel: Add Device IDs for Intel Sunrise Point PCH.\n\n - ALSA: hda_intel: Add DeviceIDs for Sunrise Point-LP.\n\n - Btrfs: Disable\n patches.suse/Btrfs-fix-abnormal-long-waiting-in-fsync.patch (bnc#910697)\n because it needs to be revisited due partial msync behavior.\n\n - Btrfs: Fix misuse of chunk mutex (bnc#912514).\n\n - Btrfs: always clear a block group node when removing it from the tree\n (bnc#912514).\n ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"kernel on SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Desktop 12\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2015:0178-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(SLED12\\.0SP0|SLES12\\.0SP0)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLED12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~3.12.36~38.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~3.12.36~38.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~3.12.36~38.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~3.12.36~38.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-extra\", rpm:\"kernel-default-extra~3.12.36~38.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-extra-debuginfo\", rpm:\"kernel-default-extra-debuginfo~3.12.36~38.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~3.12.36~38.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~3.12.36~38.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~3.12.36~38.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~3.12.36~38.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~3.12.36~38.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.12.36~38.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~3.12.36~38.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~3.12.36~38.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"SLES12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~3.12.36~38.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~3.12.36~38.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~3.12.36~38.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~3.12.36~38.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~3.12.36~38.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~3.12.36~38.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~3.12.36~38.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~3.12.36~38.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~3.12.36~38.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base-debuginfo\", rpm:\"kernel-xen-base-debuginfo~3.12.36~38.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~3.12.36~38.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~3.12.36~38.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~3.12.36~38.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.12.36~38.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~3.12.36~38.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~3.12.36~38.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-man\", rpm:\"kernel-default-man~3.12.36~38.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9420", "CVE-2015-3331", "CVE-2014-9419", "CVE-2014-9585", "CVE-2015-1805"], "description": "Check the version of kernel", "modified": "2019-03-08T00:00:00", "published": "2015-06-11T00:00:00", "id": "OPENVAS:1361412562310882195", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882195", "type": "openvas", "title": "CentOS Update for kernel CESA-2015:1081 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2015:1081 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882195\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-11 06:29:55 +0200 (Thu, 11 Jun 2015)\");\n script_cve_id(\"CVE-2014-9419\", \"CVE-2014-9420\", \"CVE-2014-9585\", \"CVE-2015-1805\", \"CVE-2015-3331\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for kernel CESA-2015:1081 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of kernel\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n * It was found that the Linux kernel's implementation of vectored pipe read\nand write functionality did not take into account the I/O vectors that were\nalready processed when retrying after a failed atomic access operation,\npotentially resulting in memory corruption due to an I/O vector array\noverrun. A local, unprivileged user could use this flaw to crash the system\nor, potentially, escalate their privileges on the system. (CVE-2015-1805,\nImportant)\n\n * A buffer overflow flaw was found in the way the Linux kernel's Intel\nAES-NI instructions optimized version of the RFC4106 GCM mode decryption\nfunctionality handled fragmented packets. A remote attacker could use this\nflaw to crash, or potentially escalate their privileges on, a system over a\nconnection with an active AES-GCM mode IPSec security association.\n(CVE-2015-3331, Important)\n\n * An information leak flaw was found in the way the Linux kernel changed\ncertain segment registers and thread-local storage (TLS) during a context\nswitch. A local, unprivileged user could use this flaw to leak the user\nspace TLS base address of an arbitrary process. (CVE-2014-9419, Low)\n\n * It was found that the Linux kernel's ISO file system implementation did\nnot correctly limit the traversal of Rock Ridge extension Continuation\nEntries (CE). An attacker with physical access to the system could use this\nflaw to trigger an infinite loop in the kernel, resulting in a denial of\nservice. (CVE-2014-9420, Low)\n\n * An information leak flaw was found in the way the Linux kernel's Virtual\nDynamic Shared Object (vDSO) implementation performed address\nrandomization. A local, unprivileged user could use this flaw to leak\nkernel memory addresses to user-space. (CVE-2014-9585, Low)\n\nRed Hat would like to thank Carl Henrik Lunde for reporting\nCVE-2014-9420. The security impact of the CVE-2015-1805 issue was\ndiscovered by Red Hat.\n\nThis update also fixes several bugs and adds various enhancements.\nDocumentation for these changes is available from the Technical Notes\ndocument linked to in the References section.\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements. The system must be rebooted for this update to take effect.\");\n script_tag(name:\"affected\", value:\"kernel on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:1081\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-June/021165.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~504.23.4.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~2.6.32~504.23.4.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~504.23.4.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~504.23.4.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~504.23.4.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~504.23.4.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~504.23.4.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~504.23.4.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~504.23.4.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~2.6.32~504.23.4.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9420", "CVE-2015-3331", "CVE-2014-8159", "CVE-2014-9419", "CVE-2014-9585", "CVE-2015-1805"], "description": "Oracle Linux Local Security Checks ELSA-2015-1081", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123106", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123106", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-1081", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-1081.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123106\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 13:59:26 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-1081\");\n script_tag(name:\"insight\", value:\"ELSA-2015-1081 - kernel security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-1081\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-1081.html\");\n script_cve_id(\"CVE-2014-8159\", \"CVE-2015-3331\", \"CVE-2015-1805\", \"CVE-2014-9419\", \"CVE-2014-9420\", \"CVE-2014-9585\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~504.23.4.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~2.6.32~504.23.4.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~504.23.4.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~504.23.4.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~504.23.4.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~504.23.4.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~504.23.4.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~504.23.4.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~504.23.4.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~2.6.32~504.23.4.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5364", "CVE-2015-5366", "CVE-2015-3212", "CVE-2015-1333", "CVE-2015-0275", "CVE-2014-9585", "CVE-2015-4700"], "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2015-09-16T00:00:00", "id": "OPENVAS:1361412562310871452", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871452", "type": "openvas", "title": "RedHat Update for kernel RHSA-2015:1778-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2015:1778-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871452\");\n script_version(\"$Revision: 12380 $\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:03:48 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-09-16 07:42:01 +0200 (Wed, 16 Sep 2015)\");\n script_cve_id(\"CVE-2014-9585\", \"CVE-2015-0275\", \"CVE-2015-1333\", \"CVE-2015-3212\", \"CVE-2015-4700\", \"CVE-2015-5364\", \"CVE-2015-5366\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for kernel RHSA-2015:1778-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n * A flaw was found in the kernel's implementation of the Berkeley Packet\nFilter (BPF). A local attacker could craft BPF code to crash the system by\ncreating a situation in which the JIT compiler would fail to correctly\noptimize the JIT image on the last pass. This would lead to the CPU\nexecuting instructions that were not part of the JIT code. (CVE-2015-4700,\nImportant)\n\n * Two flaws were found in the way the Linux kernel's networking\nimplementation handled UDP packets with incorrect checksum values. A remote\nattacker could potentially use these flaws to trigger an infinite loop in\nthe kernel, resulting in a denial of service on the system, or cause a\ndenial of service in applications using the edge triggered epoll\nfunctionality. (CVE-2015-5364, CVE-2015-5366, Important)\n\n * A flaw was found in the way the Linux kernel's ext4 file system handled\nthe 'page size block size' condition when the fallocate zero range\nfunctionality was used. A local attacker could use this flaw to crash the\nsystem. (CVE-2015-0275, Moderate)\n\n * It was found that the Linux kernel's keyring implementation would leak\nmemory when adding a key to a keyring via the add_key() function. A local\nattacker could use this flaw to exhaust all available memory on the system.\n(CVE-2015-1333, Moderate)\n\n * A race condition flaw was found in the way the Linux kernel's SCTP\nimplementation handled Address Configuration lists when performing Address\nConfiguration Change (ASCONF). A local attacker could use this flaw to\ncrash the system via a race condition triggered by setting certain ASCONF\noptions on a socket. (CVE-2015-3212, Moderate)\n\n * An information leak flaw was found in the way the Linux kernel's Virtual\nDynamic Shared Object (vDSO) implementation performed address\nrandomization. A local, unprivileged user could use this flaw to leak\nkernel memory addresses to user-space. (CVE-2014-9585, Low)\n\nRed Hat would like to thank Daniel Borkmann for reporting CVE-2015-4700,\nand Canonical for reporting the CVE-2015-1333 issue. The CVE-2015-0275\nissue was discovered by Xiong Zhou of Red Hat, and the CVE-2015-3212 issue\nwas discovered by Ji Jianwen of Red Hat Engineering.\n\nThis update also fixes several bugs. Refer to the linked Knowledgebase\narticle for further information.\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\");\n script_tag(name:\"affected\", value:\"kernel on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:1778-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-September/msg00023.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n script_xref(name:\"URL\", value:\"https://access.redhat.com/articles/1614563\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~229.14.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~229.14.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~229.14.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~229.14.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~3.10.0~229.14.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~229.14.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~229.14.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~229.14.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~229.14.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~229.14.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~229.14.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-debuginfo\", rpm:\"kernel-tools-debuginfo~3.10.0~229.14.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~229.14.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~229.14.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~3.10.0~229.14.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf-debuginfo\", rpm:\"python-perf-debuginfo~3.10.0~229.14.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5364", "CVE-2015-5366", "CVE-2015-3212", "CVE-2015-1333", "CVE-2015-0275", "CVE-2014-9585", "CVE-2015-4700"], "description": "Oracle Linux Local Security Checks ELSA-2015-1778", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123005", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123005", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-1778", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-1778.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123005\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 09:46:33 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-1778\");\n script_tag(name:\"insight\", value:\"ELSA-2015-1778 - kernel security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-1778\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-1778.html\");\n script_cve_id(\"CVE-2014-9585\", \"CVE-2015-5364\", \"CVE-2015-5366\", \"CVE-2015-0275\", \"CVE-2015-1333\", \"CVE-2015-3212\", \"CVE-2015-4700\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~229.14.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~229.14.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~229.14.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~229.14.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~229.14.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~229.14.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~229.14.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~229.14.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~229.14.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~229.14.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~229.14.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~229.14.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5364", "CVE-2015-5366", "CVE-2015-3212", "CVE-2015-1333", "CVE-2015-0275", "CVE-2014-9585", "CVE-2015-4700"], "description": "Check the version of kernel", "modified": "2019-03-11T00:00:00", "published": "2015-09-17T00:00:00", "id": "OPENVAS:1361412562310882285", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882285", "type": "openvas", "title": "CentOS Update for kernel CESA-2015:1778 centos7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2015:1778 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882285\");\n script_version(\"$Revision: 14095 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-11 14:54:56 +0100 (Mon, 11 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-09-17 06:18:00 +0200 (Thu, 17 Sep 2015)\");\n script_cve_id(\"CVE-2014-9585\", \"CVE-2015-0275\", \"CVE-2015-1333\", \"CVE-2015-3212\", \"CVE-2015-4700\", \"CVE-2015-5364\", \"CVE-2015-5366\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for kernel CESA-2015:1778 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of kernel\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n * A flaw was found in the kernel's implementation of the Berkeley Packet\nFilter (BPF). A local attacker could craft BPF code to crash the system by\ncreating a situation in which the JIT compiler would fail to correctly\noptimize the JIT image on the last pass. This would lead to the CPU\nexecuting instructions that were not part of the JIT code. (CVE-2015-4700,\nImportant)\n\n * Two flaws were found in the way the Linux kernel's networking\nimplementation handled UDP packets with incorrect checksum values. A remote\nattacker could potentially use these flaws to trigger an infinite loop in\nthe kernel, resulting in a denial of service on the system, or cause a\ndenial of service in applications using the edge triggered epoll\nfunctionality. (CVE-2015-5364, CVE-2015-5366, Important)\n\n * A flaw was found in the way the Linux kernel's ext4 file system handled\nthe 'page size block size' condition when the fallocate zero range\nfunctionality was used. A local attacker could use this flaw to crash the\nsystem. (CVE-2015-0275, Moderate)\n\n * It was found that the Linux kernel's keyring implementation would leak\nmemory when adding a key to a keyring via the add_key() function. A local\nattacker could use this flaw to exhaust all available memory on the system.\n(CVE-2015-1333, Moderate)\n\n * A race condition flaw was found in the way the Linux kernel's SCTP\nimplementation handled Address Configuration lists when performing Address\nConfiguration Change (ASCONF). A local attacker could use this flaw to\ncrash the system via a race condition triggered by setting certain ASCONF\noptions on a socket. (CVE-2015-3212, Moderate)\n\n * An information leak flaw was found in the way the Linux kernel's Virtual\nDynamic Shared Object (vDSO) implementation performed address\nrandomization. A local, unprivileged user could use this flaw to leak\nkernel memory addresses to user-space. (CVE-2014-9585, Low)\n\nRed Hat would like to thank Daniel Borkmann for reporting CVE-2015-4700,\nand Canonical for reporting the CVE-2015-1333 issue. The CVE-2015-0275\nissue was discovered by Xiong Zhou of Red Hat, and the CVE-2015-3212 issue\nwas discovered by Ji Jianwen of Red Hat Engineering.\n\nThis update also fixes several bugs. Refer to the linked Knowledgebase\narticle for further information.\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\");\n script_tag(name:\"affected\", value:\"kernel on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:1778\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-September/021395.html\");\n script_xref(name:\"URL\", value:\"https://access.redhat.com/articles/1614563\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~229.14.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~229.14.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~229.14.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~229.14.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~229.14.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~229.14.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~229.14.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~229.14.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~229.14.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~229.14.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~229.14.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~229.14.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:21:38", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9420", "CVE-2014-8559", "CVE-2014-3690", "CVE-2014-9585", "CVE-2014-3687"], "description": "The SUSE Linux Enterprise 12 kernel was updated to 3.12.36 to receive\n various security and bugfixes.\n\n Following security bugs were fixed:\n - CVE-2014-8559: The d_walk function in fs/dcache.c in the Linux kernel\n through 3.17.2 did not properly maintain the semantics of rename_lock,\n which allowed local users to cause a denial of service (deadlock and\n system hang) via a crafted application (bnc#903640).\n - CVE-2014-9420: The rock_continue function in fs/isofs/rock.c in the\n Linux kernel through 3.18.1 did not restrict the number of Rock Ridge\n continuation entries, which allowed local users to cause a denial of\n service (infinite loop, and system crash or hang) via a crafted iso9660\n image (bnc#906545 911325).\n - CVE-2014-3690: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux\n kernel before 3.17.2 on Intel processors did not ensure that the value\n in the CR4 control register remained the same after a VM entry, which\n allowed host OS users to kill arbitrary processes or cause a denial of\n service (system disruption) by leveraging /dev/kvm access, as\n demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU\n (bnc#902232).\n - CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in\n net/sctp/associola.c in the SCTP implementation in the Linux kernel\n through 3.17.2 allowed remote attackers to cause a denial of service\n (panic) via duplicate ASCONF chunks that triggered an incorrect uncork\n within the side-effect interpreter (bnc#902349).\n - CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the\n Linux kernel through 3.18.2 did not properly choose memory locations for\n the vDSO area, which made it easier for local users to bypass the ASLR\n protection mechanism by guessing a location at the end of a PMD\n (bnc#912705).\n\n The following non-security bugs were fixed:\n - ACPI idle: permit sparse C-state sub-state numbers (bnc#907969).\n - ALSA: hda - verify pin:converter connection on unsol event for HSW and\n VLV.\n - ALSA: hda - verify pin:cvt connection on preparing a stream for Intel\n HDMI codec.\n - ALSA: hda/hdmi - apply Valleyview fix-ups to Cherryview display codec.\n - ALSA: hda_intel: Add Device IDs for Intel Sunrise Point PCH.\n - ALSA: hda_intel: Add DeviceIDs for Sunrise Point-LP.\n - Btrfs: Disable\n patches.suse/Btrfs-fix-abnormal-long-waiting-in-fsync.patch (bnc#910697)\n because it needs to be revisited due partial msync behavior.\n - Btrfs: Fix misuse of chunk mutex (bnc#912514).\n - Btrfs: always clear a block group node when removing it from the tree\n (bnc#912514).\n - Btrfs: collect only the necessary ordered extents on ranged fsync\n (bnc#912946).\n - Btrfs: do not access non-existent key when csum tree is empty.\n - Btrfs: do not delay inode ref updates during log replay.\n - Btrfs: do not ignore log btree writeback errors (bnc#912946).\n - Btrfs: ensure btrfs_prev_leaf does not miss 1 item.\n - Btrfs: ensure deletion from pinned_chunks list is protected (bnc#908198).\n - Btrfs: ensure ordered extent errors are not missed on fsync (bnc#912946).\n - Btrfs: fix abnormal long waiting in fsync (VM/FS Micro-optimisations).\n - Btrfs: fix abnormal long waiting in fsync (bnc#912946).\n - Btrfs: fix crash caused by block group removal (bnc#912514).\n - Btrfs: fix freeing used extent after removing empty block group\n (bnc#912514).\n - Btrfs: fix freeing used extents after removing empty block group\n (bnc#912514).\n - Btrfs: fix fs corruption on transaction abort if device supports discard\n (bnc#908198).\n - Btrfs: fix fs mapping extent map leak (bnc#908198).\n - Btrfs: fix invalid block group rbtree access after bg is removed\n (bnc#912514).\n - Btrfs: fix memory leak after block remove + trimming (bnc#908198).\n - Btrfs: fix race between fs trimming and block group remove/allocation\n (bnc#908198).\n - Btrfs: fix race between writing free space cache and trimming\n (bnc#908198).\n - Btrfs: fix transaction leak during fsync call.\n - Btrfs: fix unprotected deletion from pending_chunks list (bnc#908198).\n - Btrfs: fix unprotected system chunk array insertion (bnc#912514).\n - Btrfs: free ulist in qgroup_shared_accounting() error path.\n - Btrfs: ioctl, do not re-lock extent range when not necessary.\n - Btrfs: make btrfs_abort_transaction consider existence of new block\n groups (bnc#908198).\n - Btrfs: make sure logged extents complete in the current transaction V3\n (bnc#912946).\n - Btrfs: make sure we wait on logged extents when fsycning two subvols\n (bnc#912946).\n - Btrfs: make xattr replace operations atomic (bnc#913466).\n - Btrfs: remove empty block groups automatically (bnc#912514).\n - Btrfs: remove unused wait queue in struct extent_buffer.\n - Btrfs: replace EINVAL with ERANGE for resize when ULLONG_MAX.\n - Btrfs: use helpers for last_trans_log_full_commit instead of opencode\n (bnc#912946).\n - Drivers: hv: kvp,vss: Fast propagation of userspace communication\n failure.\n - Drivers: hv: util: Properly pack the data for file copy functionality.\n - Drivers: hv: util: make struct hv_do_fcopy match Hyper-V host messages.\n - Drivers: hv: vmbus: Fix a race condition when unregistering a device.\n - Drivers: hv: vss: Introduce timeout for communication with userspace.\n - Fixed warning on DP unplugging driver in intel_dp.c (bnc#907536).\n - Fixed warning on suspend in intel_display.c (bnc#907593).\n - KEYS: Fix stale key registration at error path (bnc#908163).\n - PCI/MSI: Add pci_enable_msi_range() and pci_enable_msix_range()\n (bug#912281).\n - PCI/MSI: Add pci_enable_msi_range() and pci_enable_msix_range()\n (bug#912281).\n - Refresh patches.xen/xen3-patch-3.9 (bsc#909829).\n - Remove filesize checks for sync I/O journal commit (bnc#800255).\n - SELinux: fix selinuxfs policy file on big endian systems (bsc#913233).\n - Tools: hv: vssdaemon: ignore the EBUSY on multiple freezing the same\n partition.\n - Tools: hv: vssdaemon: report freeze errors.\n - Tools: hv: vssdaemon: skip all filesystems mounted readonly.\n - Update Xen patches to 3.12.35.\n - Update s390x kabi files again (bnc#903279, LTC#118177)\n - benet: Use pci_enable_msix_range() instead of pci_enable_msix()\n (bug#912281).\n - bfa: check for terminated commands (bnc#906027).\n - cpuidle / menu: Return (-1) if there are no suitable states (cpuidle\n performance).\n - cpuidle / menu: move repeated correction factor check to init (cpuidle\n performance).\n - cpuidle: Do not substract exit latency from assumed sleep length\n (cpuidle performance).\n - cpuidle: Ensure menu coefficients stay within domain (cpuidle\n performance).\n - cpuidle: Move perf multiplier calculation out of the selection loop\n (cpuidle performance).\n - cpuidle: Use actual state latency in menu governor (cpuidle performance).\n - cpuidle: menu governor - remove unused macro STDDEV_THRESH (cpuidle\n performance).\n - cpuidle: menu: Call nr_iowait_cpu less times (cpuidle performance).\n - cpuidle: menu: Lookup CPU runqueues less (cpuidle performance).\n - cpuidle: menu: Use ktime_to_us instead of reinventing the wheel (cpuidle\n performance).\n - cpuidle: menu: Use shifts when calculating averages where possible\n (cpuidle performance).\n - cpuidle: rename expected_us to next_timer_us in menu governor (cpuidle\n performance).\n - crypto: aesni - Add support for 192 & 256 bit keys to AESNI RFC4106\n (bsc#913387).\n - crypto: kernel oops at insmod of the z90crypt device driver (bnc#908057,\n LTC#119591).\n - cxgb4: Add the MC1 registers to read in the interrupt handler\n (bsc#912290).\n - cxgb4: Allow T4/T5 firmware sizes up to 1MB (bsc#912290).\n - cxgb4: Fix FW flash logic using ethtool (bsc#912290).\n - cxgb4: Fix T5 adapter accessing T4 adapter registers (bsc#912290).\n - cxgb4: Fix for handling 1Gb/s SFP+ Transceiver Modules (bsc#912290).\n - cxgb4: Fix race condition in cleanup (bsc#912290).\n - cxgb4: Free completed tx skbs promptly (bsc#912290).\n - cxgb4: Not need to hold the adap_rcu_lock lock when read adap_rcu_list\n (bsc#912290).\n - cxgb4: Use FW interface to get BAR0 value (bsc#912290).\n - drm/i915: Do a dummy DPCD read before the actual read (bnc#907714).\n - drm: add MIPI DSI encoder and connector types (bnc#907971).\n - ext4: cache extent hole in extent status tree for ext4_da_map_blocks()\n (bnc#893428).\n - ext4: change LRU to round-robin in extent status tree shrinker\n (bnc#893428).\n - ext4: cleanup flag definitions for extent status tree (bnc#893428).\n - ext4: fix block reservation for bigalloc filesystems (bnc#893428).\n - ext4: improve extents status tree trace point (bnc#893428).\n - ext4: introduce aging to extent status tree (bnc#893428).\n - ext4: limit number of scanned extents in status tree shrinker\n (bnc#893428).\n - ext4: move handling of list of shrinkable inodes into extent status code\n (bnc#893428).\n - ext4: track extent status tree shrinker delay statictics (bnc#893428).\n - fix kABI after "x86: use custom dma_get_required_mask()".\n - fsnotify: next_i is freed during fsnotify_unmount_inodes (bnc#908904).\n - hv: hv_balloon: avoid memory leak on alloc_error of 2MB memory block.\n - hyperv: Add processing of MTU reduced by the host.\n - hyperv: Fix some variable name typos in send-buffer init/revoke.\n - hyperv: Fix the total_data_buflen in send path.\n - intel_idle: Add CPU model 54 (Atom N2000 series) (bnc#907969).\n - intel_idle: allow sparse sub-state numbering, for Bay Trail (bnc#907969).\n - intel_idle: support Bay Trail (bnc#907969).\n - intel_pstate: Add setting voltage value for baytrail P states\n (bnc#907973).\n - intel_pstate: Add support for Baytrail turbo P states (bnc#907973).\n - intel_pstate: Fix BYT frequency reporting (bnc#907973).\n - intel_pstate: Fix setting VID (bnc#907973).\n - intel_pstate: Set turbo VID for BayTrail (bnc#907973).\n - intel_pstate: Use LFM bus ratio as min ratio/P state (bnc#907973).\n - iommu/vt-d: Fix an off-by-one bug in __domain_mapping() (bsc#908825).\n - ipc/sem.c: change memory barrier in sem_lock() to smp_rmb() (IPC\n scalability).\n - isofs: Fix unchecked printing of ER records.\n - kABI: fix for move of d_rcu (bnc#903640 CVE-2014-8559).\n - kABI: protect ipv6.h include in drivers/net.\n - kABI: protect rmap include in mm/truncate.c.\n - kABI: protect struct iwl_trans.\n - kABI: protect struct pci_dev.\n - kABI: protect struct user_namespace.\n - kABI: protect user_namespace.h include in kernel/groups.c.\n - kABI: reintroduce generic_write_sync.\n - kABI: uninline of_property_count_string* functions. Omitted ppc64le kabi\n fix for 3.12.33.\n - kernel: kprobes instruction corruption (bnc#908057, LTC#119330).\n - kernel: reduce function tracer overhead (bnc#903279, LTC#118177).\n - kgr: allow to search various types of struct kgr_patch_fun.\n - kgr: be consistent when applying patches on loaded modules.\n - kgr: fix replace_all.\n - kgr: fix typo in error message.\n - kgr: fix unwinder and user addresses (bnc#908803).\n - kgr: handle IRQ context using global variable.\n - kgr: mark even more kthreads (bnc#905087 bnc#906140).\n - kgr: prevent recursive loops of stubs in ftrace.\n - kgr: set revert slow state for all reverted symbols when loading patched\n module.\n - kgr: unregister only the used ftrace ops when removing a patched module.\n - kprobes: introduce weak arch_check_ftrace_location() helper function\n (bnc#903279, LTC#118177).\n - kvm: Do not expose MONITOR cpuid as available (bnc#887597)\n - lpfc: Fix race on command completion (bnc#906027).\n - macvlan: allow setting LRO independently of lower device (bnc#829110\n bnc#891277 bnc#904053).\n - mm, cma: drain single zone pcplists (VM Performance, bnc#904177).\n - mm, compaction: always update cached scanner positions (VM Performance,\n bnc#904177).\n - mm, compaction: defer each zone individually instead of preferred zone\n (VM Performance, bnc#904177).\n - mm, compaction: defer only on COMPACT_COMPLETE (VM Performance,\n bnc#904177).\n - mm, compaction: do not count compact_stall if all zones skipped\n compaction (VM Performance, bnc#904177).\n - mm, compaction: do not recheck suitable_migration_target under lock (VM\n Performance, bnc#904177).\n - mm, compaction: khugepaged should not give up due to need_resched() (VM\n Performance, bnc#904177).\n - mm, compaction: more focused lru and pcplists draining (VM Performance,\n bnc#904177).\n - mm, compaction: move pageblock checks up from\n isolate_migratepages_range() (VM Performance, bnc#904177).\n - mm, compaction: pass classzone_idx and alloc_flags to watermark checking\n (VM Performance, bnc#904177).\n - mm, compaction: pass gfp mask to compact_control (VM Cleanup,\n bnc#904177).\n - mm, compaction: periodically drop lock and restore IRQs in scanners (VM\n Performance, bnc#904177).\n - mm, compaction: prevent infinite loop in compact_zone (VM Functionality,\n bnc#904177).\n - mm, compaction: reduce zone checking frequency in the migration scanner\n (VM Performance, bnc#904177).\n - mm, compaction: remember position within pageblock in free pages scanner\n (VM Performance, bnc#904177).\n - mm, compaction: simplify deferred compaction (VM Performance,\n bnc#904177).\n - mm, compaction: skip buddy pages by their order in the migrate scanner\n (VM Performance, bnc#904177).\n - mm, compaction: skip rechecks when lock was already held (VM\n Performance, bnc#904177).\n - mm, memory_hotplug/failure: drain single zone pcplists (VM Performance,\n bnc#904177).\n - mm, page_isolation: drain single zone pcplists (VM Performance,\n bnc#904177).\n - mm, thp: avoid excessive compaction latency during fault (VM\n Performance, bnc#904177).\n - mm, thp: restructure thp avoidance of light synchronous migration (VM\n Performance, bnc#904177).\n - mm/compaction.c: avoid premature range skip in\n isolate_migratepages_range (VM Functionality, bnc#904177).\n - mm/compaction: skip the range until proper target pageblock is met (VM\n Performance, bnc#904177).\n - mm/vmscan.c: use DIV_ROUND_UP for calculation of zones balance_gap and\n correct comments (VM Cleanup, bnc#904177).\n - mm/vmscan: do not check compaction_ready on promoted zones (VM Cleanup,\n bnc#904177).\n - mm/vmscan: restore sc->gfp_mask after promoting it to __GFP_HIGHMEM (VM\n Cleanup, bnc#904177).\n - mm: Disable patches.suse/msync-fix-incorrect-fstart-calculation.patch\n (bnc#910697) because it needs to be revisited due partial msync behavior.\n - mm: Disabled\n patches.suse/mm-msync.c-sync-only-the-requested-range-in-msync.patch\n (bnc#910697) because it needs to be revisited due partial msync behavior.\n - mm: improve documentation of page_order (VM Cleanup, bnc#904177).\n - mm: introduce single zone pcplists drain (VM Performance, bnc#904177).\n - mm: memcontrol: remove hierarchy restrictions for swappiness and\n oom_control (VM Cleanup, bnc#904177).\n - mm: page_alloc: determine migratetype only once (VM Performance,\n bnc#904177).\n - mm: rename allocflags_to_migratetype for clarity (VM Cleanup,\n bnc#904177).\n - mm: unmapped page migration avoid unmap+remap overhead (MM performance).\n - mm: vmscan: clean up struct scan_control (VM Cleanup, bnc#904177).\n - mm: vmscan: move call to shrink_slab() to shrink_zones() (VM Cleanup,\n bnc#904177).\n - mm: vmscan: move swappiness out of scan_control (VM Cleanup, bnc#904177).\n - mm: vmscan: remove all_unreclaimable() (VM Cleanup, bnc#904177).\n - mm: vmscan: remove remains of kswapd-managed zone->all_unreclaimable (VM\n Cleanup, bnc#904177).\n - mm: vmscan: remove shrink_control arg from do_try_to_free_pages() (VM\n Cleanup, bnc#904177).\n - mm: vmscan: rework compaction-ready signaling in direct reclaim (VM\n Cleanup, bnc#904177).\n - msync: fix incorrect fstart calculation (VM/FS Micro-optimisations).\n - net, sunrpc: suppress allocation warning in rpc_malloc() (bnc#904659).\n - net: Find the nesting level of a given device by type (bnc#829110\n bnc#891277 bnc#904053).\n - net: Hyper-V: Deletion of an unnecessary check before the function call\n "vfree".\n - net: generic dev_disable_lro() stacked device handling (bnc#829110\n bnc#891277 bnc#904053).\n - nvme: Add missing hunk from backport (bnc#873252).\n - parport: parport_pc, do not remove parent devices early (bnc#856659).\n - patches.suse/supported-flag: fix mis-reported supported status\n (bnc#809493).\n - patches.xen/xen-privcmd-hcall-preemption: Fix EFLAGS.IF check.\n - powerpc/fadump: Fix endianess issues in firmware assisted dump handling\n (bsc#889192).\n - powerpc/pseries/hvcserver: Fix endian issue in hvcs_get_partner_info\n (bsc#912129).\n - powerpc/pseries: Make CPU hotplug path endian safe (bsc#907069).\n - powerpc: fix dlpar memory\n - pseries: Fix endian issues in cpu hot-removal (bsc#907069).\n - pseries: Fix endian issues in onlining cpu threads (bsc#907069).\n - rpm/constraints.in: Require 10GB disk space on POWER A debuginfo build\n currently requires about 8.5 GB on POWER. Also, require at least 8 CPUs,\n so that builds do not get accidentally scheduled on slow machines.\n - rpm/gitlog-fixups: Fix invalid address in two commits\n - s390/ftrace,kprobes: allow to patch first instruction (bnc#903279,\n LTC#118177).\n - s390/ftrace: add HAVE_DYNAMIC_FTRACE_WITH_REGS support (bnc#903279,\n LTC#118177).\n - s390/ftrace: add code replacement sanity checks (bnc#903279, LTC#118177).\n - s390/ftrace: enforce DYNAMIC_FTRACE if FUNCTION_TRACER is selected\n (bnc#903279, LTC#118177).\n - s390/ftrace: optimize function graph caller code (bnc#903279,\n LTC#118177).\n - s390/ftrace: optimize mcount code (bnc#903279, LTC#118177).\n - s390/ftrace: remove 31 bit ftrace support (bnc#903279, LTC#118177).\n - s390/ftrace: remove check of obsolete variable function_trace_stop\n (bnc#903279, LTC#118177).\n - s390/ftrace: revert mcount_adjust change (bnc#903279, LTC#118177).\n - s390/ftrace: simplify enabling/disabling of ftrace_graph_caller\n (bnc#903279, LTC#118177).\n - s390: pass march flag to assembly files as well (bnc#903279, LTC#118177).\n - sched/fair: cleanup: Remove useless assignment in select_task_rq_fair()\n (cpuidle performance).\n - scripts/tags.sh: Do not specify kind-spec for emacs ctags/etags.\n - scripts/tags.sh: fix DEFINE_HASHTABLE in emacs case.\n - scripts/tags.sh: include compat_sys_* symbols in the generated tags.\n - scsi: call device handler for failed TUR command (bnc#895814).\n - series.conf: remove orphan bnc comments\n - storvsc: ring buffer failures may result in I/O freeze.\n - supported.conf: mark tcm_qla2xxx as supported Has not been ported from\n SLES11 SP3 automatically.\n - tags.sh: Fixup regex definition for etags.\n - tcm_loop: Wrong I_T nexus association (bnc#907325).\n - tools: hv: ignore ENOBUFS and ENOMEM in the KVP daemon.\n - tools: hv: introduce -n/--no-daemon option.\n - udf: Check component length before reading it.\n - udf: Check path length when reading symlink.\n - udf: Verify i_size when loading inode.\n - udf: Verify symlink size before loading it.\n - vmscan: memcg: always use swappiness of the reclaimed memcg (VM Cleanup,\n bnc#904177).\n - x86, cpu: Detect more TLB configuration (TLB Performance).\n - x86-64/MCE: flip CPU and bank numbers in log message.\n - x86/UV: Fix conditional in gru_exit() (bsc#909095).\n - x86/early quirk: use gen6 stolen detection for VLV (bnc#907970).\n - x86/efi: Do not export efi runtime map in case old map (bsc#904969).\n - x86/mm: Add tracepoints for TLB flushes (TLB Performance).\n - x86/mm: Rip out complicated, out-of-date, buggy TLB flushing (TLB\n Performance).\n - x86/uv: Update the UV3 TLB shootdown logic (bsc#909092).\n - x86: UV BAU: Avoid NULL pointer reference in ptc_seq_show (bsc#911181).\n - x86: UV BAU: Increase maximum CPUs per socket/hub (bsc#911181).\n - x86: fix step size adjustment during initial memory mapping (bsc#910249).\n - x86: use custom dma_get_required_mask().\n - x86: use optimized ioresource lookup in ioremap function (Boot time\n optimisations (bnc#895387)).\n\n", "edition": 1, "modified": "2015-01-30T11:04:56", "published": "2015-01-30T11:04:56", "id": "SUSE-SU-2015:0178-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html", "title": "Security update for the Linux Kernel (important)", "type": "suse", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:23:18", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9529", "CVE-2014-7822", "CVE-2014-8134", "CVE-2014-9420", "CVE-2015-1593", "CVE-2014-8160", "CVE-2014-8173", "CVE-2014-8559", "CVE-2014-9584", "CVE-2014-9419", "CVE-2014-9585"], "description": "The Linux kernel was updated to fix various bugs and security issues.\n\n Following security issues were fixed:\n - CVE-2014-8173: A NULL pointer dereference flaw was found in the way the\n Linux kernels madvise MADV_WILLNEED functionality handled page table\n locking. A local, unprivileged user could have used this flaw to crash\n the system.\n\n - CVE-2015-1593: A integer overflow reduced the effectiveness of the stack\n randomization on 64-bit systems.\n\n - CVE-2014-7822: A flaw was found in the way the Linux kernels splice()\n system call validated its parameters. On certain file systems, a local,\n unprivileged user could have used this flaw to write past the maximum\n file size, and thus crash the system.\n\n - CVE-2014-9419: The __switch_to function in arch/x86/kernel/process_64.c\n in the Linux kernel did not ensure that Thread Local Storage (TLS)\n descriptors are loaded before proceeding with other steps, which made it\n easier for local users to bypass the ASLR protection mechanism via a\n crafted application that reads a TLS base address.\n\n - CVE-2014-8134: The paravirt_ops_setup function in arch/x86/kernel/kvm.c\n in the Linux kernel used an improper paravirt_enabled setting for KVM\n guest kernels, which made it easier for guest OS users to bypass the\n ASLR protection mechanism via a crafted application that reads a 16-bit\n value.\n\n - CVE-2014-8160: net/netfilter/nf_conntrack_proto_generic.c in the Linux\n kernel generated incorrect conntrack entries during handling of certain\n iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols,\n which allowed remote attackers to bypass intended access restrictions\n via packets with disallowed port numbers.\n\n - CVE-2014-9529: Race condition in the key_gc_unused_keys function in\n security/keys/gc.c in the Linux kernel allowed local users to cause a\n denial of service (memory corruption or panic) or possibly have\n unspecified other impact via keyctl commands that trigger access to a\n key structure member during garbage collection of a key.\n\n - CVE-2014-8559: The d_walk function in fs/dcache.c in the Linux kernel\n through did not properly maintain the semantics of rename_lock, which\n allowed local users to cause a denial of service (deadlock and system\n hang) via a crafted application.\n\n - CVE-2014-9420: The rock_continue function in fs/isofs/rock.c in the\n Linux kernel did not restrict the number of Rock Ridge continuation\n entries, which allowed local users to cause a denial of service\n (infinite loop, and system crash or hang) via a crafted iso9660 image.\n\n - CVE-2014-9584: The parse_rock_ridge_inode_internal function in\n fs/isofs/rock.c in the Linux kernel did not validate a length value in\n the Extensions Reference (ER) System Use Field, which allowed local\n users to obtain sensitive information from kernel memory via a crafted\n iso9660 image.\n\n - CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the\n Linux kernel did not properly choose memory locations for the vDSO area,\n which made it easier for local users to bypass the ASLR protection\n mechanism by guessing a location at the end of a PMD.\n\n Following bugs were fixed:\n - HID: usbhid: enable always-poll quirk for Elan Touchscreen 0103\n (bnc#920901).\n - HID: usbhid: enable always-poll quirk for Elan Touchscreen 016f\n (bnc#920901).\n - HID: usbhid: enable always-poll quirk for Elan Touchscreen 009b\n (bnc#920901).\n - HID: usbhid: add another mouse that needs QUIRK_ALWAYS_POLL (bnc#920901).\n - HID: usbhid: fix PIXART optical mouse (bnc#920901).\n - HID: usbhid: enable always-poll quirk for Elan Touchscreen (bnc#920901).\n - HID: usbhid: add always-poll quirk (bnc#920901).\n\n - storvsc: ring buffer failures may result in I/O freeze (bnc#914175).\n\n - mm, vmscan: prevent kswapd livelock due to pfmemalloc-throttled process\n being killed (VM Functionality bnc#910150).\n\n - Input: evdev - fix EVIOCG{type} ioctl (bnc#904899).\n\n - mnt: Implicitly add MNT_NODEV on remount when it was implicitly added by\n mount (bsc#907988).\n\n - DocBook: Do not exceed argument list limit.\n - DocBook: Make mandocs parallel-safe.\n\n - mm: free compound page with correct order (bnc#913695).\n\n - udf: Check component length before reading it.\n - udf: Check path length when reading symlink.\n - udf: Verify symlink size before loading it.\n - udf: Verify i_size when loading inode.\n\n - xfs: remote attribute overwrite causes transaction overrun.\n\n", "edition": 1, "modified": "2015-04-13T14:17:21", "published": "2015-04-13T14:17:21", "id": "OPENSUSE-SU-2015:0714-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html", "type": "suse", "title": "Security update for the Linux Kernel (important)", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:23:18", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9529", "CVE-2014-8134", "CVE-2014-9420", "CVE-2015-1593", "CVE-2014-8160", "CVE-2015-1421", "CVE-2014-8559", "CVE-2015-0777", "CVE-2014-9584", "CVE-2015-2150", "CVE-2014-9428", "CVE-2014-9419", "CVE-2014-9585"], "description": "The Linux kernel was updated to fix bugs and security issues:\n\n Following security issues were fixed:\n - CVE-2015-1421: Use-after-free vulnerability in the sctp_assoc_update\n function in net/sctp/associola.c in the Linux kernel allowed remote\n attackers to cause a denial of service (slab corruption and panic) or\n possibly have unspecified other impact by triggering an INIT collision\n that leads to improper handling of shared-key data.\n\n - CVE-2015-2150: XSA-120: Guests were permitted to modify all bits of the\n PCI command register of passed through cards, which could lead to Host\n system crashes.\n\n - CVE-2015-0777: The XEN usb backend could leak information to the guest\n system due to copying uninitialized memory.\n\n - CVE-2015-1593: A integer overflow reduced the effectiveness of the stack\n randomization on 64-bit systems.\n\n - CVE-2014-9419: The __switch_to function in arch/x86/kernel/process_64.c\n in the Linux kernel did not ensure that Thread Local Storage (TLS)\n descriptors are loaded before proceeding with other steps, which made it\n easier for local users to bypass the ASLR protection mechanism via a\n crafted application that reads a TLS base address.\n\n - CVE-2014-9428: The batadv_frag_merge_packets function in\n net/batman-adv/fragmentation.c in the B.A.T.M.A.N. implementation in the\n Linux kernel used an incorrect length field during a calculation of an\n amount of memory, which allowed remote attackers to cause a denial of\n service (mesh-node system crash) via fragmented packets.\n\n - CVE-2014-8160: net/netfilter/nf_conntrack_proto_generic.c in the Linux\n kernel generated incorrect conntrack entries during handling of certain\n iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols,\n which allowed remote attackers to bypass intended access restrictions\n via packets with disallowed port numbers.\n\n - CVE-2014-9529: Race condition in the key_gc_unused_keys function in\n security/keys/gc.c in the Linux kernel allowed local users to cause a\n denial of service (memory corruption or panic) or possibly have\n unspecified other impact via keyctl commands that trigger access to a\n key structure member during garbage collection of a key.\n\n - CVE-2014-9420: The rock_continue function in fs/isofs/rock.c in the\n Linux kernel did not restrict the number of Rock Ridge continuation\n entries, which allowed local users to cause a denial of service\n (infinite loop, and system crash or hang) via a crafted iso9660 image.\n\n - CVE-2014-9584: The parse_rock_ridge_inode_internal function in\n fs/isofs/rock.c in the Linux kernel did not validate a length value in\n the Extensions Reference (ER) System Use Field, which allowed local\n users to obtain sensitive information from kernel memory via a crafted\n iso9660 image.\n\n - CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the\n Linux kernel did not properly choose memory locations for the vDSO area,\n which made it easier for local users to bypass the ASLR protection\n mechanism by guessing a location at the end of a PMD.\n\n - CVE-2014-8559: The d_walk function in fs/dcache.c in the Linux kernel\n through did not properly maintain the semantics of rename_lock, which\n allowed local users to cause a denial of service (deadlock and system\n hang) via a crafted application.\n\n - CVE-2014-8134: The paravirt_ops_setup function in arch/x86/kernel/kvm.c\n in the Linux kernel used an improper paravirt_enabled setting for KVM\n guest kernels, which made it easier for guest OS users to bypass the\n ASLR protection mechanism via a crafted application that reads a 16-bit\n value.\n\n Following bugs were fixed:\n - powerpc/pci: Fix IO space breakage after of_pci_range_to_resource()\n change (bnc#922542).\n\n - cifs: fix use-after-free bug in find_writable_file (bnc#909477).\n\n - usb: Do not allow usb_alloc_streams on unconfigured devices (bsc#920581).\n\n - fuse: honour max_read and max_write in direct_io mode (bnc#918954).\n\n - switch iov_iter_get_pages() to passing maximal number of pages\n (bnc#918954).\n\n - bcache: fix a livelock in btree lock v2 (bnc#910440) (bnc#910440).\n Updated because another version went upstream\n\n - drm/i915: Initialise userptr mmu_notifier serial to 1 (bnc#918970).\n\n - NFS: Don't try to reclaim delegation open state if recovery failed\n (boo#909634).\n - NFSv4: Ensure that we call FREE_STATEID when NFSv4.x stateids are\n revoked (boo#909634).\n - NFSv4: Fix races between nfs_remove_bad_delegation() and delegation\n return (boo#909634).\n - NFSv4: Ensure that we remove NFSv4.0 delegations when state has expired\n (boo#909634).\n - Fixing lease renewal (boo#909634).\n\n - bcache: Fix a bug when detaching (bsc#908582).\n\n - fix a leak in bch_cached_dev_run() (bnc#910440).\n - bcache: unregister reboot notifier when bcache fails to register a block\n device (bnc#910440).\n - bcache: fix a livelock in btree lock (bnc#910440).\n - bcache: [BUG] clear BCACHE_DEV_UNLINK_DONE flag when attaching a backing\n device (bnc#910440).\n - bcache: Add a cond_resched() call to gc (bnc#910440).\n\n - storvsc: ring buffer failures may result in I/O freeze (bnc#914175).\n\n - ALSA: seq-dummy: remove deadlock-causing events on close (boo#916608).\n - ALSA: pcm: Zero-clear reserved fields of PCM status ioctl in compat mode\n (boo#916608).\n - ALSA: bebob: Uninitialized id returned by saffirepro_both_clk_src_get\n (boo#916608).\n - ALSA: hda - Fix built-in mic on Compaq Presario CQ60 (bnc#920604).\n - ALSA: hda - Fix regression of HD-audio controller fallback modes\n (bsc#921313).\n\n - [media] sound: Update au0828 quirks table (boo#916608).\n - [media] sound: simplify au0828 quirk table (boo#916608).\n\n - ALSA: usb-audio: Add mic volume fix quirk for Logitech Webcam C210\n (boo#916608).\n - ALSA: usb-audio: extend KEF X300A FU 10 tweak to Arcam rPAC (boo#916608).\n - ALSA: usb-audio: Add ctrl message delay quirk for Marantz/Denon devices\n (boo#916608).\n - ALSA: usb-audio: Fix memory leak in FTU quirk (boo#916608).\n - ALSA: usb-audio: Fix device_del() sysfs warnings at disconnect\n (boo#916608).\n\n - ALSA: hda - Add new GPU codec ID 0x10de0072 to snd-hda (boo#916608).\n - ALSA: hda - Fix wrong gpio_dir & gpio_mask hint setups for IDT/STAC\n codecs (boo#916608).\n - ALSA: hda/realtek - New codec support for ALC298 (boo#916608).\n - ALSA: hda/realtek - New codec support for ALC256 (boo#916608).\n - ALSA: hda/realtek - Add new Dell desktop for ALC3234 headset mode\n (boo#916608).\n - ALSA: hda - Add EAPD fixup for ASUS Z99He laptop (boo#916608).\n - ALSA: hda - Fix built-in mic at resume on Lenovo Ideapad S210\n (boo#916608).\n - ALSA: hda/realtek - Add headset Mic support for new Dell machine\n (boo#916608).\n - ALSA: hda_intel: Add DeviceIDs for Sunrise Point-LP (boo#916608).\n - ALSA: hda_intel: Add Device IDs for Intel Sunrise Point PCH (boo#916608).\n - ALSA: hda - add codec ID for Braswell display audio codec (boo#916608).\n - ALSA: hda - add PCI IDs for Intel Braswell (boo#916608).\n - ALSA: hda - Add dock support for Thinkpad T440 (17aa:2212) (boo#916608).\n\n - ALSA: hda - Set up GPIO for Toshiba Satellite S50D (bnc#915858).\n\n - rpm/kernel-binary.spec.in: Fix build if there is no *.crt file\n\n - mm, vmscan: prevent kswapd livelock due to pfmemalloc-throttled process\n being killed (VM Functionality bnc#910150).\n\n - Input: evdev - fix EVIOCG{type} ioctl (bnc#904899).\n\n - mnt: Implicitly add MNT_NODEV on remount when it was implicitly added by\n mount (bsc#907988).\n\n - Btrfs: fix scrub race leading to use-after-free (bnc#915456).\n - Btrfs: fix setup_leaf_for_split() to avoid leaf corruption (bnc#915454).\n - Btrfs: fix fsync log replay for inodes with a mix of regular refs and\n extrefs (bnc#915425).\n - Btrfs: fix fsync when extend references are added to an inode\n (bnc#915425).\n - Btrfs: fix directory inconsistency after fsync log replay (bnc#915425).\n - Btrfs: make xattr replace operations atomic (bnc#913466).\n - Btrfs: fix directory recovery from fsync log (bnc#895797).\n\n - bcache: add mutex lock for bch_is_open (bnc#908612).\n - bcache: Correct printing of btree_gc_max_duration_ms (bnc#908610).\n - bcache: fix crash with incomplete cache set (bnc#908608).\n - bcache: fix memory corruption in init error path (bnc#908606).\n - bcache: Fix more early shutdown bugs (bnc#908605).\n - bcache: fix use-after-free in btree_gc_coalesce() (bnc#908604).\n - bcache: Fix an infinite loop in journal replay (bnc#908603).\n - bcache: fix typo in bch_bkey_equal_header (bnc#908598).\n - bcache: Make sure to pass GFP_WAIT to mempool_alloc() (bnc#908596).\n - bcache: fix crash on shutdown in passthrough mode (bnc#908594).\n - bcache: fix lockdep warnings on shutdown (bnc#908593).\n - bcache allocator: send discards with correct size (bnc#908592).\n - bcache: Fix to remove the rcu_sched stalls (bnc#908589).\n - bcache: Fix a journal replay bug (bnc#908588).\n\n - Update x86_64 config files: CONFIG_SENSORS_NCT6683=m The nct6683 driver\n is already enabled on i386 and history suggests that it not being\n enabled on x86_64 is by mistake.\n\n - rpm/kernel-binary.spec.in: Own the modules directory in the devel\n package (bnc#910322)\n\n - Revert "iwlwifi: mvm: treat EAPOLs like mgmt frames wrt rate"\n (bnc#900811).\n\n - mm: free compound page with correct order (bnc#913695).\n\n - drm/i915: More cautious with pch fifo underruns (boo#907039).\n\n - Refresh patches.arch/arm64-0039-generic-pci.patch (fix PCI bridge\n support)\n\n - x86/microcode/intel: Fish out the stashed microcode for the BSP\n (bsc#903589).\n - x86, microcode: Reload microcode on resume (bsc#903589).\n - x86, microcode: Don't initialize microcode code on paravirt (bsc#903589).\n - x86, microcode, intel: Drop unused parameter (bsc#903589).\n - x86, microcode, AMD: Do not use smp_processor_id() in preemtible context\n (bsc#903589).\n - x86, microcode: Update BSPs microcode on resume (bsc#903589).\n - x86, microcode, AMD: Fix ucode patch stashing on 32-bit (bsc#903589).\n - x86, microcode: Fix accessing dis_ucode_ldr on 32-bit (bsc#903589).\n - x86, microcode, AMD: Fix early ucode loading on 32-bit (bsc#903589).\n\n - Bluetooth: Add support for Broadcom BCM20702A0 variants firmware\n download (bnc#911311).\n\n - drm/radeon: fix sad_count check for dce3 (bnc#911356).\n\n - drm/i915: Don't call intel_prepare_page_flip() multiple times\n on gen2-4 (bnc#911835).\n\n - udf: Check component length before reading it.\n - udf: Check path length when reading symlink.\n - udf: Verify symlink size before loading it.\n - udf: Verify i_size when loading inode.\n\n - arm64: Enable DRM\n\n - arm64: Enable generic PHB driver (bnc#912061).\n\n - ACPI / video: Add some Samsung models to disable_native_backlight list\n (boo#905681).\n\n - asus-nb-wmi: Add another wapf=4 quirk (boo#911438).\n - asus-nb-wmi: Add wapf4 quirk for the X550VB (boo#911438).\n - asus-nb-wmi: Add wapf4 quirk for the U32U (boo#911438).\n - asus-nb-wmi: Add wapf4 quirk for the X550CC (boo#911438).\n - asus-nb-wmi: Constify asus_quirks DMI table (boo#911438).\n - asus-nb-wmi: Add wapf4 quirk for the X550CL (boo#911438).\n - asus-nb-wmi.c: Rename x401u quirk to wapf4 (boo#911438).\n - asus-nb-wmi: Add ASUSTeK COMPUTER INC. X200CA (boo#911438).\n - WAPF 4 for ASUSTeK COMPUTER INC. X75VBP WLAN ON (boo#911438).\n\n - Input: synaptics - gate forcepad support by DMI check (bnc#911578).\n\n - ext4: introduce aging to extent status tree (bnc#893428).\n - ext4: cleanup flag definitions for extent status tree (bnc#893428).\n - ext4: limit number of scanned extents in status tree shrinker\n (bnc#893428).\n - ext4: move handling of list of shrinkable inodes into extent status code\n (bnc#893428).\n - ext4: change LRU to round-robin in extent status tree shrinker\n (bnc#893428).\n - ext4: cache extent hole in extent status tree for ext4_da_map_blocks()\n (bnc#893428).\n - ext4: fix block reservation for bigalloc filesystems (bnc#893428).\n - ext4: track extent status tree shrinker delay statictics (bnc#893428).\n - ext4: improve extents status tree trace point (bnc#893428).\n\n - rpm/kernel-binary.spec.in: Provide name-version-release for kgraft\n packages (bnc#901925)\n\n - rpm/kernel-binary.spec.in: Fix including the secure boot cert in\n /etc/uefi/certs\n\n - doc/README.SUSE: update Solid Driver team contacts\n\n - rpm/kernel-binary.spec.in: Do not sign firmware files (bnc#867199)\n\n - Port module signing changes from SLE11-SP3 (fate#314508)\n\n - doc/README.PATCH-POLICY.SUSE: add patch policy / best practices document\n after installation.\n\n", "edition": 1, "modified": "2015-04-13T14:04:48", "published": "2015-04-13T14:04:48", "id": "OPENSUSE-SU-2015:0713-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00008.html", "title": "Security update for Linux Kernel (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:57:20", "bulletinFamily": "unix", "cvelist": ["CVE-2010-5313", "CVE-2014-9420", "CVE-2014-3673", "CVE-2014-3688", "CVE-2014-8160", "CVE-2014-7841", "CVE-2014-8709", "CVE-2014-3185", "CVE-2014-9584", "CVE-2013-7263", "CVE-2014-0181", "CVE-2012-6657", "CVE-2014-7842", "CVE-2014-9585", "CVE-2013-4299", "CVE-2014-3184", "CVE-2014-3687"], "edition": 1, "description": "The SUSE Linux Enterprise 11 Service Pack 1 LTSS kernel was updated to fix\n security issues on kernels on the x86_64 architecture.\n\n The following security bugs have been fixed:\n\n * CVE-2013-4299: Interpretation conflict in\n drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6\n allowed remote authenticated users to obtain sensitive information\n or modify data via a crafted mapping to a snapshot block device\n (bnc#846404).\n * CVE-2014-8160: SCTP firewalling failed until the SCTP module was\n loaded (bnc#913059).\n * CVE-2014-9584: The parse_rock_ridge_inode_internal function in\n fs/isofs/rock.c in the Linux kernel before 3.18.2 did not validate a\n length value in the Extensions Reference (ER) System Use Field,\n which allowed local users to obtain sensitive information from\n kernel memory via a crafted iso9660 image (bnc#912654).\n * CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the\n Linux kernel through 3.18.2 did not properly choose memory locations\n for the vDSO area, which made it easier for local users to bypass\n the ASLR protection mechanism by guessing a location at the end of a\n PMD (bnc#912705).\n * CVE-2014-9420: The rock_continue function in fs/isofs/rock.c in the\n Linux kernel through 3.18.1 did not restrict the number of Rock\n Ridge continuation entries, which allowed local users to cause a\n denial of service (infinite loop, and system crash or hang) via a\n crafted iso9660 image (bnc#911325).\n * CVE-2014-0181: The Netlink implementation in the Linux kernel\n through 3.14.1 did not provide a mechanism for authorizing socket\n operations based on the opener of a socket, which allowed local\n users to bypass intended access restrictions and modify network\n configurations by using a Netlink socket for the (1) stdout or (2)\n stderr of a setuid program (bnc#875051).\n * CVE-2010-5313: Race condition in arch/x86/kvm/x86.c in the Linux\n kernel before 2.6.38 allowed L2 guest OS users to cause a denial of\n service (L1 guest OS crash) via a crafted instruction that triggers\n an L2 emulation failure report, a similar issue to CVE-2014-7842\n (bnc#907822).\n * CVE-2014-7842: Race condition in arch/x86/kvm/x86.c in the Linux\n kernel before 3.17.4 allowed guest OS users to cause a denial of\n service (guest OS crash) via a crafted application that performs an\n MMIO transaction or a PIO transaction to trigger a guest userspace\n emulation error report, a similar issue to CVE-2010-5313\n (bnc#905312).\n * CVE-2014-3688: The SCTP implementation in the Linux kernel before\n 3.17.4 allowed remote attackers to cause a denial of service (memory\n consumption) by triggering a large number of chunks in an\n associations output queue, as demonstrated by ASCONF probes, related\n to net/sctp/inqueue.c and net/sctp/sm_statefuns.c (bnc#902351).\n * CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in\n net/sctp/associola.c in the SCTP implementation in the Linux kernel\n through 3.17.2 allowed remote attackers to cause a denial of service\n (panic) via duplicate ASCONF chunks that trigger an incorrect uncork\n within the side-effect interpreter (bnc#902349).\n * CVE-2014-3673: The SCTP implementation in the Linux kernel through\n 3.17.2 allowed remote attackers to cause a denial of service (system\n crash) via a malformed ASCONF chunk, related to\n net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (bnc#902346).\n * CVE-2014-7841: The sctp_process_param function in\n net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux\n kernel before 3.17.4, when ASCONF is used, allowed remote attackers\n to cause a denial of service (NULL pointer dereference and system\n crash) via a malformed INIT chunk (bnc#905100).\n * CVE-2014-8709: The ieee80211_fragment function in net/mac80211/tx.c\n in the Linux kernel before 3.13.5 did not properly maintain a\n certain tail pointer, which allowed remote attackers to obtain\n sensitive cleartext information by reading packets (bnc#904700).\n * CVE-2013-7263: The Linux kernel before 3.12.4 updated certain length\n values before ensuring that associated data structures have been\n initialized, which allowed local users to obtain sensitive\n information from kernel stack memory via a (1) recvfrom, (2)\n recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c,\n net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c\n (bnc#857643).\n * CVE-2012-6657: The sock_setsockopt function in net/core/sock.c in\n the Linux kernel before 3.5.7 did not ensure that a keepalive action\n is associated with a stream socket, which allowed local users to\n cause a denial of service (system crash) by leveraging the ability\n to create a raw socket (bnc#896779).\n * CVE-2014-3185: Multiple buffer overflows in the\n command_port_read_callback function in\n drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in\n the Linux kernel before 3.16.2 allowed physically proximate\n attackers to execute arbitrary code or cause a denial of service\n (memory corruption and system crash) via a crafted device that\n provides a large amount of (1) EHCI or (2) XHCI data associated with\n a bulk response (bnc#896391).\n * CVE-2014-3184: The report_fixup functions in the HID subsystem in\n the Linux kernel before 3.16.2 might allow physically proximate\n attackers to cause a denial of service (out-of-bounds write) via a\n crafted device that provides a small report descriptor, related to\n (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3)\n drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5)\n drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c\n (bnc#896390).\n\n The following non-security bugs have been fixed:\n\n * KVM: SVM: Make Use of the generic guest-mode functions (bnc#907822).\n * KVM: inject #UD if instruction emulation fails and exit to userspace\n (bnc#907822).\n * block: Fix bogus partition statistics reports (bnc#885077\n bnc#891211).\n * block: skip request queue cleanup if no elevator is assigned\n (bnc#899338).\n * isofs: Fix unchecked printing of ER records.\n * Re-enable nested-spinlocks-backport patch for xen (bnc#908870).\n * time, ntp: Do not update time_state in middle of leap second\n (bnc#912916).\n * timekeeping: Avoid possible deadlock from clock_was_set_delayed\n (bnc#771619, bnc#915335).\n * udf: Check component length before reading it.\n * udf: Check path length when reading symlink.\n * udf: Verify i_size when loading inode.\n * udf: Verify symlink size before loading it.\n * vt: prevent race between modifying and reading unicode map\n (bnc#915826).\n * writeback: Do not sync data dirtied after sync start (bnc#833820).\n * xfs: Avoid blocking on inode flush in background inode reclaim\n (bnc#892235).\n\n Security Issues:\n\n * CVE-2010-5313\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5313\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5313</a>>\n * CVE-2012-6657\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6657\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6657</a>>\n * CVE-2013-4299\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4299\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4299</a>>\n * CVE-2013-7263\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263</a>>\n * CVE-2014-0181\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0181\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0181</a>>\n * CVE-2014-3184\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3184\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3184</a>>\n * CVE-2014-3185\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3185\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3185</a>>\n * CVE-2014-3673\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673</a>>\n * CVE-2014-3687\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3687\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3687</a>>\n * CVE-2014-3688\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3688\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3688</a>>\n * CVE-2014-7841\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7841\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7841</a>>\n * CVE-2014-7842\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7842\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7842</a>>\n * CVE-2014-8160\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8160\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8160</a>>\n * CVE-2014-8709\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8709\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8709</a>>\n * CVE-2014-9420\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9420\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9420</a>>\n * CVE-2014-9584\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9584\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9584</a>>\n * CVE-2014-9585\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9585\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9585</a>>\n", "modified": "2015-04-02T02:06:32", "published": "2015-04-02T02:06:32", "id": "SUSE-SU-2015:0652-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html", "type": "suse", "title": "Security update for Linux kernel (important)", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "centos": [{"lastseen": "2019-12-20T18:26:39", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9420", "CVE-2015-3331", "CVE-2014-9419", "CVE-2014-9585", "CVE-2015-1805"], "description": "**CentOS Errata and Security Advisory** CESA-2015:1081\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the Linux kernel's implementation of vectored pipe read\nand write functionality did not take into account the I/O vectors that were\nalready processed when retrying after a failed atomic access operation,\npotentially resulting in memory corruption due to an I/O vector array\noverrun. A local, unprivileged user could use this flaw to crash the system\nor, potentially, escalate their privileges on the system. (CVE-2015-1805,\nImportant)\n\n* A buffer overflow flaw was found in the way the Linux kernel's Intel\nAES-NI instructions optimized version of the RFC4106 GCM mode decryption\nfunctionality handled fragmented packets. A remote attacker could use this\nflaw to crash, or potentially escalate their privileges on, a system over a\nconnection with an active AES-GCM mode IPSec security association.\n(CVE-2015-3331, Important)\n\n* An information leak flaw was found in the way the Linux kernel changed\ncertain segment registers and thread-local storage (TLS) during a context\nswitch. A local, unprivileged user could use this flaw to leak the user\nspace TLS base address of an arbitrary process. (CVE-2014-9419, Low)\n\n* It was found that the Linux kernel's ISO file system implementation did\nnot correctly limit the traversal of Rock Ridge extension Continuation\nEntries (CE). An attacker with physical access to the system could use this\nflaw to trigger an infinite loop in the kernel, resulting in a denial of\nservice. (CVE-2014-9420, Low)\n\n* An information leak flaw was found in the way the Linux kernel's Virtual\nDynamic Shared Object (vDSO) implementation performed address\nrandomization. A local, unprivileged user could use this flaw to leak\nkernel memory addresses to user-space. (CVE-2014-9585, Low)\n\nRed Hat would like to thank Carl Henrik Lunde for reporting \nCVE-2014-9420. The security impact of the CVE-2015-1805 issue was \ndiscovered by Red Hat.\n\nThis update also fixes several bugs and adds various enhancements.\nDocumentation for these changes is available from the Technical Notes\ndocument linked to in the References section.\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements. The system must be rebooted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-June/033203.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-firmware\nkernel-headers\nperf\npython-perf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1081.html", "edition": 3, "modified": "2015-06-10T09:06:44", "published": "2015-06-10T09:06:44", "href": "http://lists.centos.org/pipermail/centos-announce/2015-June/033203.html", "id": "CESA-2015:1081", "title": "kernel, perf, python security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:25:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5364", "CVE-2015-5366", "CVE-2015-3212", "CVE-2015-1333", "CVE-2015-0275", "CVE-2014-9585", "CVE-2015-4700"], "description": "**CentOS Errata and Security Advisory** CESA-2015:1778\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the kernel's implementation of the Berkeley Packet\nFilter (BPF). A local attacker could craft BPF code to crash the system by\ncreating a situation in which the JIT compiler would fail to correctly\noptimize the JIT image on the last pass. This would lead to the CPU\nexecuting instructions that were not part of the JIT code. (CVE-2015-4700,\nImportant)\n\n* Two flaws were found in the way the Linux kernel's networking\nimplementation handled UDP packets with incorrect checksum values. A remote\nattacker could potentially use these flaws to trigger an infinite loop in\nthe kernel, resulting in a denial of service on the system, or cause a\ndenial of service in applications using the edge triggered epoll\nfunctionality. (CVE-2015-5364, CVE-2015-5366, Important)\n\n* A flaw was found in the way the Linux kernel's ext4 file system handled\nthe \"page size > block size\" condition when the fallocate zero range\nfunctionality was used. A local attacker could use this flaw to crash the\nsystem. (CVE-2015-0275, Moderate)\n\n* It was found that the Linux kernel's keyring implementation would leak\nmemory when adding a key to a keyring via the add_key() function. A local\nattacker could use this flaw to exhaust all available memory on the system.\n(CVE-2015-1333, Moderate)\n\n* A race condition flaw was found in the way the Linux kernel's SCTP\nimplementation handled Address Configuration lists when performing Address\nConfiguration Change (ASCONF). A local attacker could use this flaw to\ncrash the system via a race condition triggered by setting certain ASCONF\noptions on a socket. (CVE-2015-3212, Moderate)\n\n* An information leak flaw was found in the way the Linux kernel's Virtual\nDynamic Shared Object (vDSO) implementation performed address\nrandomization. A local, unprivileged user could use this flaw to leak\nkernel memory addresses to user-space. (CVE-2014-9585, Low)\n\nRed Hat would like to thank Daniel Borkmann for reporting CVE-2015-4700,\nand Canonical for reporting the CVE-2015-1333 issue. The CVE-2015-0275\nissue was discovered by Xiong Zhou of Red Hat, and the CVE-2015-3212 issue\nwas discovered by Ji Jianwen of Red Hat Engineering.\n\nThis update also fixes several bugs. Refer to the following Knowledgebase\narticle for further information:\n\nhttps://access.redhat.com/articles/1614563\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-September/033433.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-tools\nkernel-tools-libs\nkernel-tools-libs-devel\nperf\npython-perf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1778.html", "edition": 3, "modified": "2015-09-16T12:54:26", "published": "2015-09-16T12:54:26", "href": "http://lists.centos.org/pipermail/centos-announce/2015-September/033433.html", "id": "CESA-2015:1778", "title": "kernel, perf, python security update", "type": "centos", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:44:40", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9419", "CVE-2014-9420", "CVE-2014-9585", "CVE-2015-1805", "CVE-2015-3331"], "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the Linux kernel's implementation of vectored pipe read\nand write functionality did not take into account the I/O vectors that were\nalready processed when retrying after a failed atomic access operation,\npotentially resulting in memory corruption due to an I/O vector array\noverrun. A local, unprivileged user could use this flaw to crash the system\nor, potentially, escalate their privileges on the system. (CVE-2015-1805,\nImportant)\n\n* A buffer overflow flaw was found in the way the Linux kernel's Intel\nAES-NI instructions optimized version of the RFC4106 GCM mode decryption\nfunctionality handled fragmented packets. A remote attacker could use this\nflaw to crash, or potentially escalate their privileges on, a system over a\nconnection with an active AES-GCM mode IPSec security association.\n(CVE-2015-3331, Important)\n\n* An information leak flaw was found in the way the Linux kernel changed\ncertain segment registers and thread-local storage (TLS) during a context\nswitch. A local, unprivileged user could use this flaw to leak the user\nspace TLS base address of an arbitrary process. (CVE-2014-9419, Low)\n\n* It was found that the Linux kernel's ISO file system implementation did\nnot correctly limit the traversal of Rock Ridge extension Continuation\nEntries (CE). An attacker with physical access to the system could use this\nflaw to trigger an infinite loop in the kernel, resulting in a denial of\nservice. (CVE-2014-9420, Low)\n\n* An information leak flaw was found in the way the Linux kernel's Virtual\nDynamic Shared Object (vDSO) implementation performed address\nrandomization. A local, unprivileged user could use this flaw to leak\nkernel memory addresses to user-space. (CVE-2014-9585, Low)\n\nRed Hat would like to thank Carl Henrik Lunde for reporting \nCVE-2014-9420. The security impact of the CVE-2015-1805 issue was \ndiscovered by Red Hat.\n\nThis update also fixes several bugs and adds various enhancements.\nDocumentation for these changes is available from the Technical Notes\ndocument linked to in the References section.\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements. The system must be rebooted for this update to take effect.\n", "modified": "2018-06-06T20:24:06", "published": "2015-06-09T04:00:00", "id": "RHSA-2015:1081", "href": "https://access.redhat.com/errata/RHSA-2015:1081", "type": "redhat", "title": "(RHSA-2015:1081) Important: kernel security, bug fix, and enhancement update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:24", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9585", "CVE-2015-0275", "CVE-2015-1333", "CVE-2015-3212", "CVE-2015-5364", "CVE-2015-5366"], "description": "The kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* Two flaws were found in the way the Linux kernel's networking\nimplementation handled UDP packets with incorrect checksum values. A remote\nattacker could potentially use these flaws to trigger an infinite loop in\nthe kernel, resulting in a denial of service on the system, or cause a\ndenial of service in applications using the edge triggered epoll\nfunctionality. (CVE-2015-5364, CVE-2015-5366, Important)\n\n* A flaw was found in the way the Linux kernel's ext4 file system handled\nthe \"page size > block size\" condition when the fallocate zero range\nfunctionality was used. A local attacker could use this flaw to crash the\nsystem. (CVE-2015-0275, Moderate)\n\n* It was found that the Linux kernel's keyring implementation would leak\nmemory when adding a key to a keyring via the add_key() function. A local\nattacker could use this flaw to exhaust all available memory on the system.\n(CVE-2015-1333, Moderate)\n\n* A race condition flaw was found in the way the Linux kernel's SCTP\nimplementation handled Address Configuration lists when performing Address\nConfiguration Change (ASCONF). A local attacker could use this flaw to\ncrash the system via a race condition triggered by setting certain ASCONF\noptions on a socket. (CVE-2015-3212, Moderate)\n\n* An information leak flaw was found in the way the Linux kernel's Virtual\nDynamic Shared Object (vDSO) implementation performed address\nrandomization. A local, unprivileged user could use this flaw to leak\nkernel memory addresses to user-space. (CVE-2014-9585, Low)\n\nRed Hat would like to thank Canonical for reporting the CVE-2015-1333\nissue. The CVE-2015-0275 issue was discovered by Xiong Zhou of Red Hat, and\nthe CVE-2015-3212 issue was discovered by Ji Jianwen of Red Hat\nEngineering.\n\nThis update provides a build of the kernel-rt package for Red Hat\nEnterprise MRG 2.5 that is layered on Red Hat Enterprise Linux 6, and fixes\nthe following issues:\n\n* Fix regression in scsi_send_eh_cmnd()\n\n* boot hangs at \"Console: switching to colour dummy device 80x25\"\n\n* Update tcp stack to 3.17 kernel\n\n* ksoftirqd high CPU usage due to stray tasklet from ioatdma driver\n\n(BZ#1245345)\n\nThis update also fixes the following bugs:\n\n* The configuration option CONFIG_RTC_HCTOSYS was disabled on the realtime\nkernel causing the RTC clock to be adjusted with the UTC time even if the\nsystem is configured to set the RTC to the local time. By enabling the\nCONFIG_RTC_HCTOSYS configuration option, when the system is configured to\nuse local time, RTC will correctly update with the local time and not try\nto use another timezone. (BZ#1248047)\n\n* In the realtime kernel, if a rt_mutex was taken while in interrupt\ncontext the normal priority inheritance protocol would falsely identify a\ndeadlock and trigger a kernel crash. The patch that added the rt_mutex in\nthis interrupt context was reverted. (BZ#1250649)\n\nAll kernel-rt users are advised to upgrade to these updated packages, which\ncorrect these issues and add these enhancements. The system must be\nrebooted for this update to take effect.\n", "modified": "2018-06-07T08:58:23", "published": "2015-09-15T04:00:00", "id": "RHSA-2015:1787", "href": "https://access.redhat.com/errata/RHSA-2015:1787", "type": "redhat", "title": "(RHSA-2015:1787) Important: kernel-rt security, bug fix, and enhancement update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:46:08", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9585", "CVE-2015-0275", "CVE-2015-1333", "CVE-2015-3212", "CVE-2015-4700", "CVE-2015-5364", "CVE-2015-5366"], "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the kernel's implementation of the Berkeley Packet\nFilter (BPF). A local attacker could craft BPF code to crash the system by\ncreating a situation in which the JIT compiler would fail to correctly\noptimize the JIT image on the last pass. This would lead to the CPU\nexecuting instructions that were not part of the JIT code. (CVE-2015-4700,\nImportant)\n\n* Two flaws were found in the way the Linux kernel's networking\nimplementation handled UDP packets with incorrect checksum values. A remote\nattacker could potentially use these flaws to trigger an infinite loop in\nthe kernel, resulting in a denial of service on the system, or cause a\ndenial of service in applications using the edge triggered epoll\nfunctionality. (CVE-2015-5364, CVE-2015-5366, Important)\n\n* A flaw was found in the way the Linux kernel's ext4 file system handled\nthe \"page size > block size\" condition when the fallocate zero range\nfunctionality was used. A local attacker could use this flaw to crash the\nsystem. (CVE-2015-0275, Moderate)\n\n* It was found that the Linux kernel's keyring implementation would leak\nmemory when adding a key to a keyring via the add_key() function. A local\nattacker could use this flaw to exhaust all available memory on the system.\n(CVE-2015-1333, Moderate)\n\n* A race condition flaw was found in the way the Linux kernel's SCTP\nimplementation handled Address Configuration lists when performing Address\nConfiguration Change (ASCONF). A local attacker could use this flaw to\ncrash the system via a race condition triggered by setting certain ASCONF\noptions on a socket. (CVE-2015-3212, Moderate)\n\n* An information leak flaw was found in the way the Linux kernel's Virtual\nDynamic Shared Object (vDSO) implementation performed address\nrandomization. A local, unprivileged user could use this flaw to leak\nkernel memory addresses to user-space. (CVE-2014-9585, Low)\n\nRed Hat would like to thank Daniel Borkmann for reporting CVE-2015-4700,\nand Canonical for reporting the CVE-2015-1333 issue. The CVE-2015-0275\nissue was discovered by Xiong Zhou of Red Hat, and the CVE-2015-3212 issue\nwas discovered by Ji Jianwen of Red Hat Engineering.\n\nThis update also fixes several bugs. Refer to the following Knowledgebase\narticle for further information:\n\nhttps://access.redhat.com/articles/1614563\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n", "modified": "2018-04-12T03:33:11", "published": "2015-09-15T04:00:00", "id": "RHSA-2015:1778", "href": "https://access.redhat.com/errata/RHSA-2015:1778", "type": "redhat", "title": "(RHSA-2015:1778) Important: kernel security and bug fix update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:45:11", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9585", "CVE-2015-0275", "CVE-2015-1333", "CVE-2015-3212", "CVE-2015-4700", "CVE-2015-5364", "CVE-2015-5366"], "description": "The kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the kernel's implementation of the Berkeley Packet\nFilter (BPF). A local attacker could craft BPF code to crash the system by\ncreating a situation in which the JIT compiler would fail to correctly\noptimize the JIT image on the last pass. This would lead to the CPU\nexecuting instructions that were not part of the JIT code. (CVE-2015-4700,\nImportant)\n\n* Two flaws were found in the way the Linux kernel's networking\nimplementation handled UDP packets with incorrect checksum values. A remote\nattacker could potentially use these flaws to trigger an infinite loop in\nthe kernel, resulting in a denial of service on the system, or cause a\ndenial of service in applications using the edge triggered epoll\nfunctionality. (CVE-2015-5364, CVE-2015-5366, Important)\n\n* A flaw was found in the way the Linux kernel's ext4 file system handled\nthe \"page size > block size\" condition when the fallocate zero range\nfunctionality was used. A local attacker could use this flaw to crash the\nsystem. (CVE-2015-0275, Moderate)\n\n* It was found that the Linux kernel's keyring implementation would leak\nmemory when adding a key to a keyring via the add_key() function. A local\nattacker could use this flaw to exhaust all available memory on the system.\n(CVE-2015-1333, Moderate)\n\n* A race condition flaw was found in the way the Linux kernel's SCTP\nimplementation handled Address Configuration lists when performing Address\nConfiguration Change (ASCONF). A local attacker could use this flaw to\ncrash the system via a race condition triggered by setting certain ASCONF\noptions on a socket. (CVE-2015-3212, Moderate)\n\n* An information leak flaw was found in the way the Linux kernel's Virtual\nDynamic Shared Object (vDSO) implementation performed address\nrandomization. A local, unprivileged user could use this flaw to leak\nkernel memory addresses to user-space. (CVE-2014-9585, Low)\n\nRed Hat would like to thank Daniel Borkmann for reporting CVE-2015-4700,\nand Canonical for reporting the CVE-2015-1333 issue. The CVE-2015-0275\nissue was discovered by Xiong Zhou of Red Hat, and the CVE-2015-3212 issue\nwas discovered by Ji Jianwen of Red Hat Engineering.\n\nThe kernel-rt packages have been upgraded to version 3.10.0-229.13.1, which\nprovides a number of bug fixes and enhancements over the previous version,\nincluding:\n\n* Fix regression in scsi_send_eh_cmnd()\n\n* boot hangs at \"Console: switching to colour dummy device 80x25\"\n\n* Update tcp stack to 3.17 kernel\n\n* Missing some code from patch \"(...) Fix VGA switcheroo problem related to\nhotplug\"\n\n* ksoftirqd high CPU usage due to stray tasklet from ioatdma driver\n\n* During Live Partition Mobility (LPM) testing, RHEL 7.1 LPARs will crash\nin kmem_cache_alloc\n\n(BZ#1253809)\n\nThis update also fixes the following bug:\n\n* The hwlat_detector.ko module samples the clock and records any intervals\nbetween reads that exceed a specified threshold. However, the module\npreviously tracked the maximum interval seen for the \"inner\" interval but\ndid not record when the \"outer\" interval was greater. A patch has been\napplied to fix this bug, and hwlat_detector.ko now correctly records if the\nouter interval is the maximal interval encountered during the run.\n(BZ#1252365)\n\nAll kernel-rt users are advised to upgrade to these updated packages, which\ncorrect these issues and add these enhancements. The system must be\nrebooted for this update to take effect.", "modified": "2018-03-19T16:29:52", "published": "2015-08-12T16:47:33", "id": "RHSA-2015:1788", "href": "https://access.redhat.com/errata/RHSA-2015:1788", "type": "redhat", "title": "(RHSA-2015:1788) Important: kernel-rt security, bug fix, and enhancement update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:41:35", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9644", "CVE-2014-9529", "CVE-2014-8160", "CVE-2015-0239", "CVE-2013-7421", "CVE-2014-9584", "CVE-2014-9585", "CVE-2014-7970"], "description": "A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of \nthe SYSTENTER instruction when the guest OS does not initialize the \nSYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of \nservice of the guest OS (crash) or potentially gain privileges on the guest \nOS. (CVE-2015-0239)\n\nA flaw was discovered in the automatic loading of modules in the crypto \nsubsystem of the Linux kernel. A local user could exploit this flaw to load \ninstalled kernel modules, increasing the attack surface and potentially \nusing this to gain administrative privileges. (CVE-2013-7421)\n\nAndy Lutomirski discovered a flaw in how the Linux kernel handles \npivot_root when used with a chroot directory. A local user could exploit \nthis flaw to cause a denial of service (mount-tree loop). (CVE-2014-7970)\n\nA restriction bypass was discovered in iptables when conntrack rules are \nspecified and the conntrack protocol handler module is not loaded into the \nLinux kernel. This flaw can cause the firewall rules on the system to be \nbypassed when conntrack rules are used. (CVE-2014-8160)\n\nA race condition was discovered in the Linux kernel's key ring. A local \nuser could cause a denial of service (memory corruption or panic) or \npossibly have unspecified impact via the keyctl commands. (CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when parsing \nrock ridge ER records. A local user could exploit this flaw to obtain \nsensitive information from kernel memory via a crafted iso9660 image. \n(CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR) of \nthe Virtual Dynamically linked Shared Objects (vDSO) location. This flaw \nmakes it easier for a local user to bypass the ASLR protection mechanism. \n(CVE-2014-9585)\n\nA flaw was discovered in the crypto subsystem when screening module names \nfor automatic module loading if the name contained a valid crypto module \nname, eg. vfat(aes). A local user could exploit this flaw to load installed \nkernel modules, increasing the attack surface and potentially using this to \ngain administrative privileges. (CVE-2014-9644)", "edition": 6, "modified": "2015-02-26T00:00:00", "published": "2015-02-26T00:00:00", "id": "USN-2514-1", "href": "https://ubuntu.com/security/notices/USN-2514-1", "title": "Linux kernel (OMAP4) vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:35:49", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9644", "CVE-2014-9529", "CVE-2014-8160", "CVE-2015-0239", "CVE-2013-7421", "CVE-2014-9584", "CVE-2014-9585", "CVE-2014-7970"], "description": "A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of \nthe SYSTENTER instruction when the guest OS does not initialize the \nSYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of \nservice of the guest OS (crash) or potentially gain privileges on the guest \nOS. (CVE-2015-0239)\n\nA flaw was discovered in the automatic loading of modules in the crypto \nsubsystem of the Linux kernel. A local user could exploit this flaw to load \ninstalled kernel modules, increasing the attack surface and potentially \nusing this to gain administrative privileges. (CVE-2013-7421)\n\nAndy Lutomirski discovered a flaw in how the Linux kernel handles \npivot_root when used with a chroot directory. A local user could exploit \nthis flaw to cause a denial of service (mount-tree loop). (CVE-2014-7970)\n\nA restriction bypass was discovered in iptables when conntrack rules are \nspecified and the conntrack protocol handler module is not loaded into the \nLinux kernel. This flaw can cause the firewall rules on the system to be \nbypassed when conntrack rules are used. (CVE-2014-8160)\n\nA race condition was discovered in the Linux kernel's key ring. A local \nuser could cause a denial of service (memory corruption or panic) or \npossibly have unspecified impact via the keyctl commands. (CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when parsing \nrock ridge ER records. A local user could exploit this flaw to obtain \nsensitive information from kernel memory via a crafted iso9660 image. \n(CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR) of \nthe Virtual Dynamically linked Shared Objects (vDSO) location. This flaw \nmakes it easier for a local user to bypass the ASLR protection mechanism. \n(CVE-2014-9585)\n\nA flaw was discovered in the crypto subsystem when screening module names \nfor automatic module loading if the name contained a valid crypto module \nname, eg. vfat(aes). A local user could exploit this flaw to load installed \nkernel modules, increasing the attack surface and potentially using this to \ngain administrative privileges. (CVE-2014-9644)", "edition": 6, "modified": "2015-02-26T00:00:00", "published": "2015-02-26T00:00:00", "id": "USN-2513-1", "href": "https://ubuntu.com/security/notices/USN-2513-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:43:32", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9529", "CVE-2014-9420", "CVE-2014-8160", "CVE-2014-8989", "CVE-2014-8559", "CVE-2015-0239", "CVE-2014-9584", "CVE-2014-9683", "CVE-2014-9428", "CVE-2014-8133", "CVE-2014-9419", "CVE-2014-9585"], "description": "A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of \nthe SYSTENTER instruction when the guest OS does not initialize the \nSYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of \nservice of the guest OS (crash) or potentially gain privileges on the guest \nOS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's Thread \nLocal Storage (TLS) implementation allowing users to bypass the espfix to \nobtain information that could be used to bypass the Address Space Layout \nRandomization (ASLR) protection mechanism. A local user could exploit this \nflaw to obtain potentially sensitive information from kernel memory. \n(CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules are \nspecified and the conntrack protocol handler module is not loaded into the \nLinux kernel. This flaw can cause the firewall rules on the system to be \nbypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local user \ncould exploit this flaw to cause a denial of service (deadlock and system \nhang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are handled in \ncertain namespace scenarios. A local user could exploit this flaw to bypass \nfile permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by the \ntask switching function in the Linux kernel for x86_64 based machines. A \nlocal user could exploit this flaw to bypass the Address Space Layout \nRadomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the Linux \nkernel's ISO 9660 CDROM file system. A local user could exploit this flaw \nto cause a denial of service (system crash or hang). (CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N. Advanced \nMeshing Protocol in the Linux kernel. A remote attacker could exploit this \nflaw to cause a denial of service (mesh-node system crash) via fragmented \npackets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A local \nuser could cause a denial of service (memory corruption or panic) or \npossibly have unspecified impact via the keyctl commands. (CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when parsing \nrock ridge ER records. A local user could exploit this flaw to obtain \nsensitive information from kernel memory via a crafted iso9660 image. \n(CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR) of \nthe Virtual Dynamically linked Shared Objects (vDSO) location. This flaw \nmakes it easier for a local user to bypass the ASLR protection mechanism. \n(CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted file \nname decoding. A local unprivileged user could exploit this flaw to cause a \ndenial of service (system crash) or potentially gain administrative \nprivileges. (CVE-2014-9683)", "edition": 5, "modified": "2015-02-26T00:00:00", "published": "2015-02-26T00:00:00", "id": "USN-2515-1", "href": "https://ubuntu.com/security/notices/USN-2515-1", "title": "Linux kernel (Trusty HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-07-02T11:44:25", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9529", "CVE-2014-9420", "CVE-2014-8160", "CVE-2014-8989", "CVE-2014-8559", "CVE-2015-0239", "CVE-2014-9584", "CVE-2014-9683", "CVE-2014-9428", "CVE-2014-8133", "CVE-2014-9419", "CVE-2014-9585"], "description": "USN-2516-1 fixed vulnerabilities in the Linux kernel. There was an unrelated \nregression in the use of the virtual counter (CNTVCT) on arm64 architectures. \nThis update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nA flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of \nthe SYSTENTER instruction when the guest OS does not initialize the \nSYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of \nservice of the guest OS (crash) or potentially gain privileges on the guest \nOS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's Thread \nLocal Storage (TLS) implementation allowing users to bypass the espfix to \nobtain information that could be used to bypass the Address Space Layout \nRandomization (ASLR) protection mechanism. A local user could exploit this \nflaw to obtain potentially sensitive information from kernel memory. \n(CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules are \nspecified and the conntrack protocol handler module is not loaded into the \nLinux kernel. This flaw can cause the firewall rules on the system to be \nbypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local user \ncould exploit this flaw to cause a denial of service (deadlock and system \nhang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are handled in \ncertain namespace scenarios. A local user could exploit this flaw to bypass \nfile permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by the \ntask switching function in the Linux kernel for x86_64 based machines. A \nlocal user could exploit this flaw to bypass the Address Space Layout \nRadomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the Linux \nkernel's ISO 9660 CDROM file system. A local user could exploit this flaw \nto cause a denial of service (system crash or hang). (CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N. Advanced \nMeshing Protocol in the Linux kernel. A remote attacker could exploit this \nflaw to cause a denial of service (mesh-node system crash) via fragmented \npackets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A local \nuser could cause a denial of service (memory corruption or panic) or \npossibly have unspecified impact via the keyctl commands. (CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when parsing \nrock ridge ER records. A local user could exploit this flaw to obtain \nsensitive information from kernel memory via a crafted iso9660 image. \n(CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR) of \nthe Virtual Dynamically linked Shared Objects (vDSO) location. This flaw \nmakes it easier for a local user to bypass the ASLR protection mechanism. \n(CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted file \nname decoding. A local unprivileged user could exploit this flaw to cause a \ndenial of service (system crash) or potentially gain administrative \nprivileges. (CVE-2014-9683)", "edition": 5, "modified": "2015-02-28T00:00:00", "published": "2015-02-28T00:00:00", "id": "USN-2516-2", "href": "https://ubuntu.com/security/notices/USN-2516-2", "title": "Linux kernel vulnerability regression", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-07-02T11:37:32", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9529", "CVE-2014-9420", "CVE-2014-8160", "CVE-2014-8989", "CVE-2014-8559", "CVE-2015-0239", "CVE-2014-9584", "CVE-2014-9683", "CVE-2014-9428", "CVE-2014-8133", "CVE-2014-9419", "CVE-2014-9585"], "description": "USN-2516-1 fixed vulnerabilities in the Linux kernel, and the fix in \nUSN-2516-2 was incomplete. There was an unrelated regression in the use of \nthe virtual counter (CNTVCT) on arm64 architectures.\n\nThis update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nA flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of \nthe SYSTENTER instruction when the guest OS does not initialize the \nSYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of \nservice of the guest OS (crash) or potentially gain privileges on the guest \nOS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's Thread \nLocal Storage (TLS) implementation allowing users to bypass the espfix to \nobtain information that could be used to bypass the Address Space Layout \nRandomization (ASLR) protection mechanism. A local user could exploit this \nflaw to obtain potentially sensitive information from kernel memory. \n(CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules are \nspecified and the conntrack protocol handler module is not loaded into the \nLinux kernel. This flaw can cause the firewall rules on the system to be \nbypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local user \ncould exploit this flaw to cause a denial of service (deadlock and system \nhang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are handled in \ncertain namespace scenarios. A local user could exploit this flaw to bypass \nfile permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by the \ntask switching function in the Linux kernel for x86_64 based machines. A \nlocal user could exploit this flaw to bypass the Address Space Layout \nRadomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the Linux \nkernel's ISO 9660 CDROM file system. A local user could exploit this flaw \nto cause a denial of service (system crash or hang). (CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N. Advanced \nMeshing Protocol in the Linux kernel. A remote attacker could exploit this \nflaw to cause a denial of service (mesh-node system crash) via fragmented \npackets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A local \nuser could cause a denial of service (memory corruption or panic) or \npossibly have unspecified impact via the keyctl commands. (CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when parsing \nrock ridge ER records. A local user could exploit this flaw to obtain \nsensitive information from kernel memory via a crafted iso9660 image. \n(CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR) of \nthe Virtual Dynamically linked Shared Objects (vDSO) location. This flaw \nmakes it easier for a local user to bypass the ASLR protection mechanism. \n(CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted file \nname decoding. A local unprivileged user could exploit this flaw to cause a \ndenial of service (system crash) or potentially gain administrative \nprivileges. (CVE-2014-9683)", "edition": 5, "modified": "2015-03-04T00:00:00", "published": "2015-03-04T00:00:00", "id": "USN-2516-3", "href": "https://ubuntu.com/security/notices/USN-2516-3", "title": "Linux kernel vulnerabilities regression", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-07-02T11:33:35", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9529", "CVE-2014-9420", "CVE-2014-8160", "CVE-2014-8989", "CVE-2014-8559", "CVE-2015-0239", "CVE-2014-9584", "CVE-2014-9683", "CVE-2014-9428", "CVE-2014-8133", "CVE-2014-9419", "CVE-2014-9585"], "description": "USN-2515-1 fixed vulnerabilities in the Linux kernel. There was an unrelated \nregression in the use of the virtual counter (CNTVCT) on arm64 architectures. \nThis update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nA flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of \nthe SYSTENTER instruction when the guest OS does not initialize the \nSYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of \nservice of the guest OS (crash) or potentially gain privileges on the guest \nOS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's Thread \nLocal Storage (TLS) implementation allowing users to bypass the espfix to \nobtain information that could be used to bypass the Address Space Layout \nRandomization (ASLR) protection mechanism. A local user could exploit this \nflaw to obtain potentially sensitive information from kernel memory. \n(CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules are \nspecified and the conntrack protocol handler module is not loaded into the \nLinux kernel. This flaw can cause the firewall rules on the system to be \nbypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local user \ncould exploit this flaw to cause a denial of service (deadlock and system \nhang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are handled in \ncertain namespace scenarios. A local user could exploit this flaw to bypass \nfile permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by the \ntask switching function in the Linux kernel for x86_64 based machines. A \nlocal user could exploit this flaw to bypass the Address Space Layout \nRadomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the Linux \nkernel's ISO 9660 CDROM file system. A local user could exploit this flaw \nto cause a denial of service (system crash or hang). (CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N. Advanced \nMeshing Protocol in the Linux kernel. A remote attacker could exploit this \nflaw to cause a denial of service (mesh-node system crash) via fragmented \npackets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A local \nuser could cause a denial of service (memory corruption or panic) or \npossibly have unspecified impact via the keyctl commands. (CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when parsing \nrock ridge ER records. A local user could exploit this flaw to obtain \nsensitive information from kernel memory via a crafted iso9660 image. \n(CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR) of \nthe Virtual Dynamically linked Shared Objects (vDSO) location. This flaw \nmakes it easier for a local user to bypass the ASLR protection mechanism. \n(CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted file \nname decoding. A local unprivileged user could exploit this flaw to cause a \ndenial of service (system crash) or potentially gain administrative \nprivileges. (CVE-2014-9683)", "edition": 5, "modified": "2015-03-04T00:00:00", "published": "2015-03-04T00:00:00", "id": "USN-2515-2", "href": "https://ubuntu.com/security/notices/USN-2515-2", "title": "Linux kernel (Trusty HWE) vulnerabilities regression", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-07-02T11:39:34", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9529", "CVE-2014-9420", "CVE-2014-8160", "CVE-2014-8989", "CVE-2014-8559", "CVE-2015-0239", "CVE-2014-9584", "CVE-2014-9683", "CVE-2014-9428", "CVE-2014-8133", "CVE-2014-9419", "CVE-2014-9585"], "description": "A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of \nthe SYSTENTER instruction when the guest OS does not initialize the \nSYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of \nservice of the guest OS (crash) or potentially gain privileges on the guest \nOS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's Thread \nLocal Storage (TLS) implementation allowing users to bypass the espfix to \nobtain information that could be used to bypass the Address Space Layout \nRandomization (ASLR) protection mechanism. A local user could exploit this \nflaw to obtain potentially sensitive information from kernel memory. \n(CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules are \nspecified and the conntrack protocol handler module is not loaded into the \nLinux kernel. This flaw can cause the firewall rules on the system to be \nbypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local user \ncould exploit this flaw to cause a denial of service (deadlock and system \nhang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are handled in \ncertain namespace scenarios. A local user could exploit this flaw to bypass \nfile permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by the \ntask switching function in the Linux kernel for x86_64 based machines. A \nlocal user could exploit this flaw to bypass the Address Space Layout \nRadomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the Linux \nkernel's ISO 9660 CDROM file system. A local user could exploit this flaw \nto cause a denial of service (system crash or hang). (CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N. Advanced \nMeshing Protocol in the Linux kernel. A remote attacker could exploit this \nflaw to cause a denial of service (mesh-node system crash) via fragmented \npackets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A local \nuser could cause a denial of service (memory corruption or panic) or \npossibly have unspecified impact via the keyctl commands. (CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when parsing \nrock ridge ER records. A local user could exploit this flaw to obtain \nsensitive information from kernel memory via a crafted iso9660 image. \n(CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR) of \nthe Virtual Dynamically linked Shared Objects (vDSO) location. This flaw \nmakes it easier for a local user to bypass the ASLR protection mechanism. \n(CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted file \nname decoding. A local unprivileged user could exploit this flaw to cause a \ndenial of service (system crash) or potentially gain administrative \nprivileges. (CVE-2014-9683)", "edition": 5, "modified": "2015-02-26T00:00:00", "published": "2015-02-26T00:00:00", "id": "USN-2516-1", "href": "https://ubuntu.com/security/notices/USN-2516-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-07-02T11:37:09", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9529", "CVE-2014-9420", "CVE-2014-8160", "CVE-2014-9728", "CVE-2014-8989", "CVE-2014-9730", "CVE-2014-8559", "CVE-2015-0239", "CVE-2014-9584", "CVE-2014-9729", "CVE-2014-9683", "CVE-2014-9428", "CVE-2014-8133", "CVE-2014-9419", "CVE-2014-9731", "CVE-2014-9585"], "description": "A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of \nthe SYSTENTER instruction when the guest OS does not initialize the \nSYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of \nservice of the guest OS (crash) or potentially gain privileges on the guest \nOS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's Thread \nLocal Storage (TLS) implementation allowing users to bypass the espfix to \nobtain information that could be used to bypass the Address Space Layout \nRandomization (ASLR) protection mechanism. A local user could exploit this \nflaw to obtain potentially sensitive information from kernel memory. \n(CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules are \nspecified and the conntrack protocol handler module is not loaded into the \nLinux kernel. This flaw can cause the firewall rules on the system to be \nbypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local user \ncould exploit this flaw to cause a denial of service (deadlock and system \nhang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are handled in \ncertain namespace scenarios. A local user could exploit this flaw to bypass \nfile permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by the \ntask switching function in the Linux kernel for x86_64 based machines. A \nlocal user could exploit this flaw to bypass the Address Space Layout \nRadomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the Linux \nkernel's ISO 9660 CDROM file system. A local user could exploit this flaw \nto cause a denial of service (system crash or hang). (CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N. Advanced \nMeshing Protocol in the Linux kernel. A remote attacker could exploit this \nflaw to cause a denial of service (mesh-node system crash) via fragmented \npackets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A local \nuser could cause a denial of service (memory corruption or panic) or \npossibly have unspecified impact via the keyctl commands. (CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when parsing \nrock ridge ER records. A local user could exploit this flaw to obtain \nsensitive information from kernel memory via a crafted iso9660 image. \n(CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR) of \nthe Virtual Dynamically linked Shared Objects (vDSO) location. This flaw \nmakes it easier for a local user to bypass the ASLR protection mechanism. \n(CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted file \nname decoding. A local unprivileged user could exploit this flaw to cause a \ndenial of service (system crash) or potentially gain administrative \nprivileges. (CVE-2014-9683)\n\nCarl H Lunde discovered that the UDF file system (CONFIG_UDF_FS) failed to \nverify symlink size info. A local attacker, who is able to mount a malicous \nUDF file system image, could exploit this flaw to cause a denial of service \n(system crash) or possibly cause other undesired behaviors. (CVE-2014-9728)\n\nCarl H Lunde discovered that the UDF file system (CONFIG_UDF_FS) did not \nvalid inode size information . A local attacker, who is able to mount a \nmalicous UDF file system image, could exploit this flaw to cause a denial \nof service (system crash) or possibly cause other undesired behaviors. \n(CVE-2014-9729)\n\nCarl H Lunde discovered that the UDF file system (CONFIG_UDF_FS) did not \ncorrectly verify the component length for symlinks. A local attacker, who \nis able to mount a malicous UDF file system image, could exploit this flaw \nto cause a denial of service (system crash) or possibly cause other \nundesired behaviors. (CVE-2014-9730)\n\nCarl H Lunde discovered an information leak in the UDF file system \n(CONFIG_UDF_FS). A local attacker, who is able to mount a malicous UDF file \nsystem image, could exploit this flaw to read potential sensitve kernel \nmemory. (CVE-2014-9731)", "edition": 5, "modified": "2015-02-26T00:00:00", "published": "2015-02-26T00:00:00", "id": "USN-2517-1", "href": "https://ubuntu.com/security/notices/USN-2517-1", "title": "Linux kernel (Utopic HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-07-09T01:38:42", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9529", "CVE-2014-9420", "CVE-2014-8160", "CVE-2014-9728", "CVE-2014-8989", "CVE-2014-9730", "CVE-2014-8559", "CVE-2015-0239", "CVE-2014-9584", "CVE-2014-9729", "CVE-2014-9683", "CVE-2014-9428", "CVE-2014-8133", "CVE-2014-9419", "CVE-2014-9731", "CVE-2014-9585"], "description": "A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of \nthe SYSTENTER instruction when the guest OS does not initialize the \nSYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of \nservice of the guest OS (crash) or potentially gain privileges on the guest \nOS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's Thread \nLocal Storage (TLS) implementation allowing users to bypass the espfix to \nobtain information that could be used to bypass the Address Space Layout \nRandomization (ASLR) protection mechanism. A local user could exploit this \nflaw to obtain potentially sensitive information from kernel memory. \n(CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules are \nspecified and the conntrack protocol handler module is not loaded into the \nLinux kernel. This flaw can cause the firewall rules on the system to be \nbypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local user \ncould exploit this flaw to cause a denial of service (deadlock and system \nhang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are handled in \ncertain namespace scenarios. A local user could exploit this flaw to bypass \nfile permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by the \ntask switching function in the Linux kernel for x86_64 based machines. A \nlocal user could exploit this flaw to bypass the Address Space Layout \nRadomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the Linux \nkernel's ISO 9660 CDROM file system. A local user could exploit this flaw \nto cause a denial of service (system crash or hang). (CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N. Advanced \nMeshing Protocol in the Linux kernel. A remote attacker could exploit this \nflaw to cause a denial of service (mesh-node system crash) via fragmented \npackets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A local \nuser could cause a denial of service (memory corruption or panic) or \npossibly have unspecified impact via the keyctl commands. (CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when parsing \nrock ridge ER records. A local user could exploit this flaw to obtain \nsensitive information from kernel memory via a crafted iso9660 image. \n(CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR) of \nthe Virtual Dynamically linked Shared Objects (vDSO) location. This flaw \nmakes it easier for a local user to bypass the ASLR protection mechanism. \n(CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted file \nname decoding. A local unprivileged user could exploit this flaw to cause a \ndenial of service (system crash) or potentially gain administrative \nprivileges. (CVE-2014-9683)\n\nCarl H Lunde discovered that the UDF file system (CONFIG_UDF_FS) failed to \nverify symlink size info. A local attacker, who is able to mount a malicous \nUDF file system image, could exploit this flaw to cause a denial of service \n(system crash) or possibly cause other undesired behaviors. (CVE-2014-9728)\n\nCarl H Lunde discovered that the UDF file system (CONFIG_UDF_FS) did not \nvalid inode size information . A local attacker, who is able to mount a \nmalicous UDF file system image, could exploit this flaw to cause a denial \nof service (system crash) or possibly cause other undesired behaviors. \n(CVE-2014-9729)\n\nCarl H Lunde discovered that the UDF file system (CONFIG_UDF_FS) did not \ncorrectly verify the component length for symlinks. A local attacker, who \nis able to mount a malicous UDF file system image, could exploit this flaw \nto cause a denial of service (system crash) or possibly cause other \nundesired behaviors. (CVE-2014-9730)\n\nCarl H Lunde discovered an information leak in the UDF file system \n(CONFIG_UDF_FS). A local attacker, who is able to mount a malicous UDF file \nsystem image, could exploit this flaw to read potential sensitve kernel \nmemory. (CVE-2014-9731)", "edition": 5, "modified": "2015-02-26T00:00:00", "published": "2015-02-26T00:00:00", "id": "USN-2518-1", "href": "https://ubuntu.com/security/notices/USN-2518-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:58", "bulletinFamily": "software", "cvelist": ["CVE-2014-9529", "CVE-2014-9420", "CVE-2014-9322", "CVE-2014-9588", "CVE-2013-6885", "CVE-2014-8133", "CVE-2014-9419", "CVE-2014-9585"], "description": "Protection bypass, privilege escalation, DoS.", "edition": 1, "modified": "2015-01-18T00:00:00", "published": "2015-01-18T00:00:00", "id": "SECURITYVULNS:VULN:14217", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14217", "title": "Linux kernel multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:57", "bulletinFamily": "software", "cvelist": ["CVE-2014-9644", "CVE-2014-7822", "CVE-2015-1420", "CVE-2015-1593", "CVE-2014-8160", "CVE-2015-1421", "CVE-2014-8559", "CVE-2015-0239", "CVE-2013-7421", "CVE-2014-9683", "CVE-2014-9585"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-3160-1 security@debian.org\r\nhttp://www.debian.org/security/ Ben Hutchings\r\nFebruary 23, 2015 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : linux\r\nCVE ID : CVE-2013-7421 CVE-2014-7822 CVE-2014-8160 CVE-2014-8559 \r\n CVE-2014-9585 CVE-2014-9644 CVE-2014-9683 CVE-2015-0239\r\n CVE-2015-1420 CVE-2015-1421 CVE-2015-1593\r\n\r\nSeveral vulnerabilities have been discovered in the Linux kernel that\r\nmay lead to a denial of service, information leaks or privilege\r\nescalation.\r\n\r\nCVE-2013-7421 / CVE-2014-9644\r\n\r\n It was discovered that the Crypto API allowed unprivileged users\r\n to load arbitrary kernel modules. A local user can use this flaw\r\n to exploit vulnerabilities in modules that would not normally be\r\n loaded.\r\n\r\nCVE-2014-7822\r\n\r\n Akira Fujita found that the splice() system call did not validate\r\n the given file offset and length. A local unprivileged user can use\r\n this flaw to cause filesystem corruption on ext4 filesystems, or\r\n possibly other effects.\r\n\r\nCVE-2014-8160\r\n\r\n Florian Westphal discovered that a netfilter (iptables/ip6tables) rule\r\n accepting packets to a specific SCTP, DCCP, GRE or UDPlite\r\n port/endpoint could result in incorrect connection tracking state.\r\n If only the generic connection tracking module (nf_conntrack) was\r\n loaded, and not the protocol-specific connection tracking module,\r\n this would allow access to any port/endpoint of the specified\r\n protocol.\r\n\r\nCVE-2014-8559\r\n\r\n It was found that kernel functions that iterate over a directory\r\n tree can dead-lock or live-lock in case some of the directory\r\n entries were recently deleted or dropped from the cache. A local\r\n unprivileged user can use this flaw for denial of service.\r\n\r\nCVE-2014-9585\r\n\r\n Andy Lutomirski discovered that address randomisation for the vDSO\r\n in 64-bit processes is extremely biased. A local unprivileged user\r\n could potentially use this flaw to bypass the ASLR protection\r\n mechanism.\r\n\r\nCVE-2014-9683\r\n\r\n Dmitry Chernenkov discovered that eCryptfs writes past the end of\r\n the allocated buffer during encrypted filename decoding, resulting\r\n in local denial of service.\r\n\r\nCVE-2015-0239\r\n\r\n It was found that KVM did not correctly emulate the x86 SYSENTER\r\n instruction. An unprivileged user within a guest system that has\r\n not enabled SYSENTER, for example because the emulated CPU vendor\r\n is AMD, could potentially use this flaw to cause a denial of\r\n service or privilege escalation in that guest.\r\n\r\nCVE-2015-1420\r\n\r\n It was discovered that the open_by_handle_at() system call reads\r\n the handle size from user memory a second time after validating\r\n it. A local user with the CAP_DAC_READ_SEARCH capability could use\r\n this flaw for privilege escalation.\r\n\r\nCVE-2015-1421\r\n\r\n It was found that the SCTP implementation could free an\r\n authentication state while it was still in use, resulting in heap\r\n corruption. This could allow remote users to cause a denial of\r\n service or privilege escalation.\r\n\r\nCVE-2015-1593\r\n\r\n It was found that address randomisation for the initial stack in\r\n 64-bit processes was limited to 20 rather than 22 bits of entropy.\r\n A local unprivileged user could potentially use this flaw to\r\n bypass the ASLR protection mechanism.\r\n\r\nFor the stable distribution (wheezy), these problems have been fixed in\r\nversion 3.2.65-1+deb7u2. Additionally this update fixes regressions\r\nintroduced in versions 3.2.65-1 and 3.2.65-1+deb7u1.\r\n\r\nFor the upcoming stable distribution (jessie), these problems will be fixed\r\nsoon (a subset is fixed already).\r\n\r\nFor the unstable distribution (sid), these problems will be fixed soon\r\n(a subset is fixed already).\r\n\r\nWe recommend that you upgrade your linux packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: https://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQIcBAEBAgAGBQJU62ZxAAoJEBDCk7bDfE42ii8P/0HlB7eLQP9bg46DAQfg6mzi\r\nQrLP3IbL/T3xtE9mbNDYSJ+5ndKdDEwZ73iFt+2lWsBu9Xmyyq0866NWc054jIV7\r\nhXrHb4gohrl1ZsShfPrq0ZwcMpg+nc9lLMTson2VXHDFV9LViI7NV1cjykQv+/FV\r\n9n5sfzDhsSPaI8tjzy6AU0ThKTfGFDXK64zBHuKRRO1WSQwcFtdFs05R6BS5VWrT\r\nwA/TT319syn9FCacMmnGkre00nCZyHsws4B2TAsiVdXPVeaOpHOxmRJIF+P6FOqE\r\nkkj7uxdyc2xPCupVmQghv37cgI4hnEBiAMyr4GtyDqnSEKpLgDGtLmkzd1dxyh3t\r\nteMIqbbvKpVqCeXnBbzWZzQBMNM8E9cx7tM0zxflc6GLMhenlTWqyDqLUPVxNnCW\r\nj0M3nI55a7Tcn3cTOce5+HOGUUfMyHnM81tUP8akr9EkzL3PKDbE5099yD2USa3W\r\ng4OLs6sm4YSrp0nGVvuFT5J/avrL3RtEojCc6oiHpKagjDj42B3hLPnea4fusdzd\r\nMe0m3HSkOSi5Y/9Bi7imLIGwmDpb+p/OKXGWwKwEQc8yH/cx30my6VSX0V+3meNN\r\nqv/aKaTZOEI35pS3qrC0EyP+J3bJbq0oKM/wce/lykXgeCQ+5yYZlN5wYbdelKiC\r\nlP51Rd4fMF4PWh9NyqxG\r\n=ICMx\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2015-03-07T00:00:00", "published": "2015-03-07T00:00:00", "id": "SECURITYVULNS:DOC:31766", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31766", "title": "[SECURITY] [DSA 3170-1] linux security update", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:59", "bulletinFamily": "software", "cvelist": ["CVE-2014-9644", "CVE-2014-7822", "CVE-2015-1420", "CVE-2015-1593", "CVE-2014-8160", "CVE-2015-1421", "CVE-2015-1465", "CVE-2014-8159", "CVE-2014-8559", "CVE-2015-0239", "CVE-2013-7421", "CVE-2014-9584", "CVE-2014-9683", "CVE-2014-9585"], "description": "DoS, information disclosure, privilege escalation.", "edition": 1, "modified": "2015-03-15T00:00:00", "published": "2015-03-15T00:00:00", "id": "SECURITYVULNS:VULN:14292", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14292", "title": "Linux kernel multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:56", "bulletinFamily": "software", "cvelist": ["CVE-2010-5313", "CVE-2014-9529", "CVE-2014-9420", "CVE-2014-9090", "CVE-2014-3688", "CVE-2014-7841", "CVE-2014-6417", "CVE-2014-9322", "CVE-2014-6416", "CVE-2014-8884", "CVE-2014-6418", "CVE-2014-9584", "CVE-2014-8133", "CVE-2014-9419", "CVE-2014-7842", "CVE-2014-9585"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2015:027\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : kernel\r\n Date : January 16, 2015\r\n Affected: Business Server 1.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Multiple vulnerabilities has been found and corrected in the Linux\r\n kernel:\r\n \r\n The SCTP implementation in the Linux kernel before 3.17.4 allows\r\n remote attackers to cause a denial of service (memory consumption) by\r\n triggering a large number of chunks in an association's output queue,\r\n as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and\r\n net/sctp/sm_statefuns.c (CVE-2014-3688=.\r\n \r\n Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux\r\n kernel before 3.16.3, allows remote attackers to cause a denial of\r\n service (memory corruption and panic) or possibly have unspecified\r\n other impact via a long unencrypted auth ticket (CVE-2014-6416).\r\n \r\n net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3,\r\n does not properly consider the possibility of kmalloc failure, which\r\n allows remote attackers to cause a denial of service (system crash)\r\n or possibly have unspecified other impact via a long unencrypted auth\r\n ticket (CVE-2014-6417).\r\n \r\n net/ceph/auth_x.c in Ceph, as used in the Linux kernel before\r\n 3.16.3, does not properly validate auth replies, which allows remote\r\n attackers to cause a denial of service (system crash) or possibly\r\n have unspecified other impact via crafted data from the IP address\r\n of a Ceph Monitor (CVE-2014-6418).\r\n \r\n The sctp_process_param function in net/sctp/sm_make_chunk.c in the\r\n SCTP implementation in the Linux kernel before 3.17.4, when ASCONF\r\n is used, allows remote attackers to cause a denial of service (NULL\r\n pointer dereference and system crash) via a malformed INIT chunk\r\n (CVE-2014-7841).\r\n \r\n Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4\r\n allows guest OS users to cause a denial of service (guest OS crash)\r\n via a crafted application that performs an MMIO transaction or a\r\n PIO transaction to trigger a guest userspace emulation error report,\r\n a similar issue to CVE-2010-5313 (CVE-2014-7842).\r\n \r\n arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation\r\n in the Linux kernel through 3.18.1 allows local users to bypass the\r\n espfix protection mechanism, and consequently makes it easier for\r\n local users to bypass the ASLR protection mechanism, via a crafted\r\n application that makes a set_thread_area system call and later reads\r\n a 16-bit value (CVE-2014-8133).\r\n \r\n Stack-based buffer overflow in the\r\n ttusbdecfe_dvbs_diseqc_send_master_cmd function in\r\n drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before\r\n 3.17.4 allows local users to cause a denial of service (system crash)\r\n or possibly gain privileges via a large message length in an ioctl call\r\n (CVE-2014-8884).\r\n \r\n The do_double_fault function in arch/x86/kernel/traps.c in the Linux\r\n kernel through 3.17.4 does not properly handle faults associated with\r\n the Stack Segment (SS) segment register, which allows local users\r\n to cause a denial of service (panic) via a modify_ldt system call,\r\n as demonstrated by sigreturn_32 in the linux-clock-tests test suite\r\n (CVE-2014-9090).\r\n \r\n arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does\r\n not properly handle faults associated with the Stack Segment (SS)\r\n segment register, which allows local users to gain privileges by\r\n triggering an IRET instruction that leads to access to a GS Base\r\n address from the wrong space (CVE-2014-9322).\r\n \r\n The __switch_to function in arch/x86/kernel/process_64.c in the Linux\r\n kernel through 3.18.1 does not ensure that Thread Local Storage (TLS)\r\n descriptors are loaded before proceeding with other steps, which makes\r\n it easier for local users to bypass the ASLR protection mechanism via\r\n a crafted application that reads a TLS base address (CVE-2014-9419).\r\n \r\n The rock_continue function in fs/isofs/rock.c in the Linux kernel\r\n through 3.18.1 does not restrict the number of Rock Ridge continuation\r\n entries, which allows local users to cause a denial of service\r\n (infinite loop, and system crash or hang) via a crafted iso9660 image\r\n (CVE-2014-9420).\r\n \r\n Race condition in the key_gc_unused_keys function in security/keys/gc.c\r\n in the Linux kernel through 3.18.2 allows local users to cause a denial\r\n of service (memory corruption or panic) or possibly have unspecified\r\n other impact via keyctl commands that trigger access to a key structure\r\n member during garbage collection of a key (CVE-2014-9529).\r\n \r\n The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in\r\n the Linux kernel before 3.18.2 does not validate a length value in\r\n the Extensions Reference (ER) System Use Field, which allows local\r\n users to obtain sensitive information from kernel memory via a crafted\r\n iso9660 image (CVE-2014-9584).\r\n \r\n The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel\r\n through 3.18.2 does not properly choose memory locations for the\r\n vDSO area, which makes it easier for local users to bypass the ASLR\r\n protection mechanism by guessing a location at the end of a PMD\r\n (CVE-2014-9585).\r\n \r\n The updated packages provides a solution for these security issues.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3688\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6416\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6417\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6418\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7841\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7842\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8133\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8884\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9090\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9322\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9419\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9420\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9529\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9584\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9585\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Business Server 1/X86_64:\r\n 84b2f7fd994f5ed9738484492cf1f6fb mbs1/x86_64/cpupower-3.4.105-2.1.mbs1.x86_64.rpm\r\n 3b7822069fb7f64c5954038f2a352816 mbs1/x86_64/kernel-firmware-3.4.105-2.1.mbs1.noarch.rpm\r\n 137bd01930fe4bdc9d1b7f095fd3237e mbs1/x86_64/kernel-headers-3.4.105-2.1.mbs1.x86_64.rpm\r\n 66eb79923df892f0492dc8b4011e3f47 mbs1/x86_64/kernel-server-3.4.105-2.1.mbs1.x86_64.rpm\r\n 6f24362ea683103e480874c2ff93407a mbs1/x86_64/kernel-server-devel-3.4.105-2.1.mbs1.x86_64.rpm\r\n 36aee1a085a5083200a7ffbd5da543f6 mbs1/x86_64/kernel-source-3.4.105-2.mbs1.noarch.rpm\r\n 93aef55bcc1f02263e07541db93b45ce mbs1/x86_64/lib64cpupower0-3.4.105-2.1.mbs1.x86_64.rpm\r\n f73d1f80d3d0db90a63d3889b71cc60f mbs1/x86_64/lib64cpupower-devel-3.4.105-2.1.mbs1.x86_64.rpm\r\n 854eb4e04b196c33441ce932ba48dfc7 mbs1/x86_64/perf-3.4.105-2.1.mbs1.x86_64.rpm \r\n 4727802fbd1d77523b157b7fd36177ea mbs1/SRPMS/cpupower-3.4.105-2.1.mbs1.src.rpm\r\n 1f2e120416115a646e0026e6079ac9df mbs1/SRPMS/kernel-firmware-3.4.105-2.1.mbs1.src.rpm\r\n cf4f1bbc72cb9369162703efa7b5adc3 mbs1/SRPMS/kernel-headers-3.4.105-2.1.mbs1.src.rpm\r\n 145c57c74bc2346e9435284873062057 mbs1/SRPMS/kernel-server-3.4.105-2.1.mbs1.src.rpm\r\n 7154bb874ff6fd31772fa2e03fc0a186 mbs1/SRPMS/kernel-source-3.4.105-2.mbs1.src.rpm\r\n acd00535b878c07c70ac0b2680d1b9cc mbs1/SRPMS/perf-3.4.105-2.1.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niD8DBQFUuULOmqjQ0CJFipgRAmTfAJ40ZrILR8XPoduEMKuokkZuOV2rXwCg424o\r\nPM+ddh+qKQrHCeweXyb+AdU=\r\n=zMRK\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2015-01-18T00:00:00", "published": "2015-01-18T00:00:00", "id": "SECURITYVULNS:DOC:31621", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31621", "title": "[ MDVSA-2015:027 ] kernel", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8133", "CVE-2014-8134", "CVE-2014-8559", "CVE-2014-8989", "CVE-2014-9090", "CVE-2014-9419", "CVE-2014-9428", "CVE-2014-9529", "CVE-2014-9585"], "description": "The kernel meta package ", "modified": "2015-01-26T02:31:22", "published": "2015-01-26T02:31:22", "id": "FEDORA:4F15F6087C54", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: kernel-3.18.3-201.fc21", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8133", "CVE-2014-8134", "CVE-2014-8559", "CVE-2014-8989", "CVE-2014-9090", "CVE-2014-9419", "CVE-2014-9428", "CVE-2014-9529", "CVE-2014-9585", "CVE-2015-0239", "CVE-2015-1465"], "description": "The kernel meta package ", "modified": "2015-02-06T04:00:35", "published": "2015-02-06T04:00:35", "id": "FEDORA:8EFBC604949F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: kernel-3.18.5-201.fc21", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8133", "CVE-2014-8134", "CVE-2014-8559", "CVE-2014-8989", "CVE-2014-9090", "CVE-2014-9419", "CVE-2014-9428", "CVE-2014-9529", "CVE-2014-9585", "CVE-2015-0239", "CVE-2015-0275", "CVE-2015-1421", "CVE-2015-1593"], "description": "The kernel meta package ", "modified": "2015-03-09T08:17:35", "published": "2015-03-09T08:17:35", "id": "FEDORA:E1CE2605E17A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: kernel-3.18.8-201.fc21", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8133", "CVE-2014-8134", "CVE-2014-8159", "CVE-2014-8559", "CVE-2014-8989", "CVE-2014-9090", "CVE-2014-9419", "CVE-2014-9428", "CVE-2014-9529", "CVE-2014-9585", "CVE-2015-0239", "CVE-2015-0275", "CVE-2015-1421", "CVE-2015-1593", "CVE-2015-2042", "CVE-2015-2150"], "description": "The kernel meta package ", "modified": "2015-03-21T05:01:11", "published": "2015-03-21T05:01:11", "id": "FEDORA:1661D600FD84", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: kernel-3.19.1-201.fc21", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2019-05-30T02:23:10", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9644", "CVE-2014-7822", "CVE-2015-1420", "CVE-2015-1593", "CVE-2014-8160", "CVE-2015-1421", "CVE-2014-8559", "CVE-2015-0239", "CVE-2013-7421", "CVE-2014-9683", "CVE-2014-9585"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3160-1 security@debian.org\nhttp://www.debian.org/security/ Ben Hutchings\nFebruary 23, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2013-7421 CVE-2014-7822 CVE-2014-8160 CVE-2014-8559 \n CVE-2014-9585 CVE-2014-9644 CVE-2014-9683 CVE-2015-0239\n CVE-2015-1420 CVE-2015-1421 CVE-2015-1593\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service, information leaks or privilege\nescalation.\n\nCVE-2013-7421 / CVE-2014-9644\n\n It was discovered that the Crypto API allowed unprivileged users\n to load arbitrary kernel modules. A local user can use this flaw\n to exploit vulnerabilities in modules that would not normally be\n loaded.\n\nCVE-2014-7822\n\n Akira Fujita found that the splice() system call did not validate\n the given file offset and length. A local unprivileged user can use\n this flaw to cause filesystem corruption on ext4 filesystems, or\n possibly other effects.\n\nCVE-2014-8160\n\n Florian Westphal discovered that a netfilter (iptables/ip6tables) rule\n accepting packets to a specific SCTP, DCCP, GRE or UDPlite\n port/endpoint could result in incorrect connection tracking state.\n If only the generic connection tracking module (nf_conntrack) was\n loaded, and not the protocol-specific connection tracking module,\n this would allow access to any port/endpoint of the specified\n protocol.\n\nCVE-2014-8559\n\n It was found that kernel functions that iterate over a directory\n tree can dead-lock or live-lock in case some of the directory\n entries were recently deleted or dropped from the cache. A local\n unprivileged user can use this flaw for denial of service.\n\nCVE-2014-9585\n\n Andy Lutomirski discovered that address randomisation for the vDSO\n in 64-bit processes is extremely biased. A local unprivileged user\n could potentially use this flaw to bypass the ASLR protection\n mechanism.\n\nCVE-2014-9683\n\n Dmitry Chernenkov discovered that eCryptfs writes past the end of\n the allocated buffer during encrypted filename decoding, resulting\n in local denial of service.\n\nCVE-2015-0239\n\n It was found that KVM did not correctly emulate the x86 SYSENTER\n instruction. An unprivileged user within a guest system that has\n not enabled SYSENTER, for example because the emulated CPU vendor\n is AMD, could potentially use this flaw to cause a denial of\n service or privilege escalation in that guest.\n\nCVE-2015-1420\n\n It was discovered that the open_by_handle_at() system call reads\n the handle size from user memory a second time after validating\n it. A local user with the CAP_DAC_READ_SEARCH capability could use\n this flaw for privilege escalation.\n\nCVE-2015-1421\n\n It was found that the SCTP implementation could free an\n authentication state while it was still in use, resulting in heap\n corruption. This could allow remote users to cause a denial of\n service or privilege escalation.\n\nCVE-2015-1593\n\n It was found that address randomisation for the initial stack in\n 64-bit processes was limited to 20 rather than 22 bits of entropy.\n A local unprivileged user could potentially use this flaw to\n bypass the ASLR protection mechanism.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 3.2.65-1+deb7u2. Additionally this update fixes regressions\nintroduced in versions 3.2.65-1 and 3.2.65-1+deb7u1.\n\nFor the upcoming stable distribution (jessie), these problems will be fixed\nsoon (a subset is fixed already).\n\nFor the unstable distribution (sid), these problems will be fixed soon\n(a subset is fixed already).\n\nWe recommend that you upgrade your linux packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2015-02-23T17:43:08", "published": "2015-02-23T17:43:08", "id": "DEBIAN:DSA-3170-1:F6570", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00056.html", "title": "[SECURITY] [DSA 3170-1] linux security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-11T13:15:53", "bulletinFamily": "unix", "cvelist": ["CVE-2014-7822", "CVE-2014-8134", "CVE-2014-9420", "CVE-2015-1593", "CVE-2014-8160", "CVE-2015-1421", "CVE-2014-9584", "CVE-2013-6885", "CVE-2014-8133", "CVE-2014-9419", "CVE-2014-9585"], "description": "Package : linux-2.6\nVersion : 2.6.32-48squeeze11\nCVE ID : CVE-2013-6885 CVE-2014-7822 CVE-2014-8133 CVE-2014-8134 \n CVE-2014-8160 CVE-2014-9420 CVE-2014-9584 CVE-2014-9585\n\t\t CVE-2015-1421 CVE-2015-1593\n\nThis update fixes the CVEs described below.\n\nA further issue, CVE-2014-9419, was considered, but appears to require\nextensive changes with a consequent high risk of regression. It is\nnow unlikely to be fixed in squeeze-lts.\n\nCVE-2013-6885\n\n It was discovered that under specific circumstances, a combination\n of write operations to write-combined memory and locked CPU\n instructions may cause a core hang on AMD 16h 00h through 0Fh\n processors. A local user can use this flaw to mount a denial of\n service (system hang) via a crafted application.\n\n For more information please refer to the AMD CPU erratum 793 in\n http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf\n\nCVE-2014-7822\n\n It was found that the splice() system call did not validate the\n given file offset and length. A local unprivileged user can use\n this flaw to cause filesystem corruption on ext4 filesystems, or\n possibly other effects.\n\nCVE-2014-8133\n\n It was found that the espfix functionality can be bypassed by\n installing a 16-bit RW data segment into GDT instead of LDT (which\n espfix checks for) and using it for stack. A local unprivileged user\n could potentially use this flaw to leak kernel stack addresses.\n\nCVE-2014-8134\n\n It was found that the espfix functionality is wrongly disabled in\n a 32-bit KVM guest. A local unprivileged user could potentially\n use this flaw to leak kernel stack addresses.\n\nCVE-2014-8160\n\n It was found that a netfilter (iptables or ip6tables) rule\n accepting packets to a specific SCTP, DCCP, GRE or UDPlite\n port/endpoint could result in incorrect connection tracking state.\n If only the generic connection tracking module (nf_conntrack) was\n loaded, and not the protocol-specific connection tracking module,\n this would allow access to any port/endpoint of the specified\n protocol.\n\nCVE-2014-9420\n\n It was found that the ISO-9660 filesystem implementation (isofs)\n follows arbitrarily long chains, including loops, of Continuation\n Entries (CEs). This allows local users to mount a denial of\n service via a crafted disc image.\n\nCVE-2014-9584\n\n It was found that the ISO-9660 filesystem implementation (isofs)\n does not validate a length value in the Extensions Reference (ER)\n System Use Field, which allows local users to obtain sensitive\n information from kernel memory via a crafted disc image.\n\nCVE-2014-9585\n\n It was discovered that address randomisation for the vDSO in\n 64-bit processes is extremely biassed. A local unprivileged user\n could potentially use this flaw to bypass the ASLR protection\n mechanism.\n\nCVE-2015-1421\n\n It was found that the SCTP implementation could free\n authentication state while it was still in use, resulting in heap\n corruption. This could allow remote users to cause a denial of\n service or privilege escalation.\n\nCVE-2015-1593\n\n It was found that address randomisation for the initial stack in\n 64-bit processes was limited to 20 rather than 22 bits of entropy.\n A local unprivileged user could potentially use this flaw to\n bypass the ASLR protection mechanism.\n\n\n-- \nBen Hutchings - Debian developer, kernel team member\n", "edition": 7, "modified": "2015-02-18T23:22:33", "published": "2015-02-18T23:22:33", "id": "DEBIAN:DLA-155-1:5E8B0", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201502/msg00009.html", "title": "[SECURITY] [DLA 155-1] linux-2.6 security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
