{"id": "UBUNTU_USN-1914-1.NASL", "bulletinFamily": "scanner", "title": "Ubuntu 12.04 LTS : linux vulnerability (USN-1914-1)", "description": "Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2013-07-30T00:00:00", "modified": "2018-12-01T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=69123", "reporter": "Tenable", "references": ["https://usn.ubuntu.com/1914-1/"], "cvelist": ["CVE-2013-2852"], "type": "nessus", "lastseen": "2019-02-21T01:19:49", "history": [{"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2013-2852"], "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 1, "hash": "15534e3cb0400e5b320be02155e4323971c2a64969dfd1244952a94d30b11410", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "e98da1909a73c93b1d00657dd74bc283", "key": "description"}, {"hash": "5ebefc09f1b29d9e0dad2276c1ad05e8", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "e7cabb12de5ffa362ad5470536e6b5c7", "key": "cvss"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "32e8a8cf70ea790dbf68292d68ca0e24", "key": "sourceData"}, {"hash": "239eb4b07ebbe930903b3e75c1404fb8", "key": "href"}, {"hash": "3dd8d2d749b7b1856a095830e996bcc6", "key": "pluginID"}, {"hash": "2ec57e3401442eccf281b34d2546eef3", "key": "published"}, {"hash": "4deb66481bee846993d6fd38c2bd3cfa", "key": "title"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0d4728c0d1697d32748c73ffca2aa35e", "key": "cvelist"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=69123", "id": "UBUNTU_USN-1914-1.NASL", "lastseen": "2016-09-26T17:23:06", "modified": "2016-05-25T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.2", "pluginID": "69123", "published": "2013-07-30T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1914-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69123);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2016/05/25 16:27:06 $\");\n\n script_cve_id(\"CVE-2013-2852\");\n script_osvdb_id(94034);\n script_xref(name:\"USN\", value:\"1914-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux vulnerability (USN-1914-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Kees Cook discovered a format string vulnerability in the Broadcom B43\nwireless driver for the Linux kernel. A local user could exploit this\nflaw to gain administrative privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2.0-51-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2.0-51-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2.0-51-highbank\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2.0-51-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2016 Canonical, Inc. / NASL script (C) 2013-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-51-generic\", pkgver:\"3.2.0-51.77\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-51-generic-pae\", pkgver:\"3.2.0-51.77\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-51-highbank\", pkgver:\"3.2.0-51.77\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-51-virtual\", pkgver:\"3.2.0-51.77\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.2.0-51-generic / linux-image-3.2.0-51-generic-pae / etc\");\n}\n", "title": "Ubuntu 12.04 LTS : linux vulnerability (USN-1914-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2016-09-26T17:23:06"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "cvelist": ["CVE-2013-2852"], "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "8629a3ad3c42bf38643bb4ea60c3ba2a24449185d64452e0fc8c1591ed451492", "hashmap": [{"hash": "c606eeac2a4fa3653e23cd27d1206082", "key": "sourceData"}, {"hash": "e98da1909a73c93b1d00657dd74bc283", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "239eb4b07ebbe930903b3e75c1404fb8", "key": "href"}, {"hash": "3dd8d2d749b7b1856a095830e996bcc6", "key": "pluginID"}, {"hash": "2ec57e3401442eccf281b34d2546eef3", "key": "published"}, {"hash": "4deb66481bee846993d6fd38c2bd3cfa", "key": "title"}, {"hash": "584146a6771679e1f8a19a6e44786f1f", "key": "cpe"}, {"hash": "e8bafdc9ad5c6f47fe1e6e5fd509b7a9", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0d4728c0d1697d32748c73ffca2aa35e", "key": "cvelist"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}, {"hash": "97454731434b552ff623b783862a4f17", "key": "modified"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=69123", "id": "UBUNTU_USN-1914-1.NASL", "lastseen": "2018-08-17T17:07:16", "modified": "2018-08-15T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.3", "pluginID": "69123", "published": "2013-07-30T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1914-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69123);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/08/15 12:24:49\");\n\n script_cve_id(\"CVE-2013-2852\");\n script_xref(name:\"USN\", value:\"1914-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux vulnerability (USN-1914-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Kees Cook discovered a format string vulnerability in the Broadcom B43\nwireless driver for the Linux kernel. A local user could exploit this\nflaw to gain administrative privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-51-generic\", pkgver:\"3.2.0-51.77\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-51-generic-pae\", pkgver:\"3.2.0-51.77\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-51-highbank\", pkgver:\"3.2.0-51.77\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-51-virtual\", pkgver:\"3.2.0-51.77\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.2-generic / linux-image-3.2-generic-pae / etc\");\n}\n", "title": "Ubuntu 12.04 LTS : linux vulnerability (USN-1914-1)", "type": "nessus", "viewCount": 12}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-17T17:07:16"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "cvelist": ["CVE-2013-2852"], "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Kees Cook discovered a format string vulnerability in the Broadcom B43\nwireless driver for the Linux kernel. A local user could exploit this\nflaw to gain administrative privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 8, "enchantments": {"dependencies": {"modified": "2019-01-16T20:17:01", "references": [{"idList": ["RHSA-2013:1051", "RHSA-2013:1450", "RHSA-2013:1264", "RHSA-2013:1076", "RHSA-2013:1080"], "type": "redhat"}, {"idList": ["OPENVAS:1361412562310841514", "OPENVAS:1361412562310841528", "OPENVAS:1361412562310841527", "OPENVAS:841522", "OPENVAS:1361412562310841512", "OPENVAS:1361412562310841515", "OPENVAS:1361412562310841521", "OPENVAS:841514", "OPENVAS:841528", "OPENVAS:841512"], "type": "openvas"}, {"idList": ["CESA-2013:1051"], "type": "centos"}, {"idList": ["CVE-2013-2852"], "type": "cve"}, {"idList": ["SECURITYVULNS:DOC:29561", "SECURITYVULNS:VULN:13100"], "type": "securityvulns"}, {"idList": ["ELSA-2013-1051", "ELSA-2013-2546", "ELSA-2013-2537", "ELSA-2013-2538"], "type": "oraclelinux"}, {"idList": ["ORACLELINUX_ELSA-2013-2537.NASL", "UBUNTU_USN-1917-1.NASL", "REDHAT-RHSA-2013-1450.NASL", "UBUNTU_USN-1936-1.NASL", "UBUNTU_USN-1915-1.NASL", "FEDORA_2013-10689.NASL", "UBUNTU_USN-1900-1.NASL", "UBUNTU_USN-1916-1.NASL", "UBUNTU_USN-1919-1.NASL", "UBUNTU_USN-1899-1.NASL"], "type": "nessus"}, {"idList": ["ALAS-2013-218"], "type": "amazon"}, {"idList": ["SSV:60839"], "type": "seebug"}, {"idList": ["EDB-ID:38559"], "type": "exploitdb"}, {"idList": ["SUSE-SU-2013:1473-1"], "type": "suse"}, {"idList": ["DEBIAN:DSA-2745-1:9CD12", "DEBIAN:DSA-2766-1:1DD94"], "type": "debian"}, {"idList": ["USN-1914-1", "USN-1920-1", "USN-1915-1", "USN-1900-1", "USN-1919-1", "USN-1916-1", "USN-1930-1", "USN-1917-1", "USN-1899-1", "USN-1918-1"], "type": "ubuntu"}]}, "score": {"value": 7.2, "vector": "NONE"}}, "hash": "c89d9e70c737143c5ceb3bffd4cb40d81a596f476ac56e88606d21815bf0b759", "hashmap": [{"hash": "6a3ed4dfb1eb98087830da8f0e4bb20d", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "239eb4b07ebbe930903b3e75c1404fb8", "key": "href"}, {"hash": "3dd8d2d749b7b1856a095830e996bcc6", "key": "pluginID"}, {"hash": "2ec57e3401442eccf281b34d2546eef3", "key": "published"}, {"hash": "fe9a9c319bd314c5299703db4cf93ba7", "key": "references"}, {"hash": "4deb66481bee846993d6fd38c2bd3cfa", "key": "title"}, {"hash": "0b7bc3d628637c0ff555114c533a3dda", "key": "modified"}, {"hash": "584146a6771679e1f8a19a6e44786f1f", "key": "cpe"}, {"hash": "e8bafdc9ad5c6f47fe1e6e5fd509b7a9", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1428f5871b8582e3b5d66efc80ba4478", "key": "sourceData"}, {"hash": "0d4728c0d1697d32748c73ffca2aa35e", "key": "cvelist"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=69123", "id": "UBUNTU_USN-1914-1.NASL", "lastseen": "2019-01-16T20:17:01", "modified": "2018-12-01T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.3", "pluginID": "69123", "published": "2013-07-30T00:00:00", "references": ["https://usn.ubuntu.com/1914-1/"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1914-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69123);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/12/01 13:19:08\");\n\n script_cve_id(\"CVE-2013-2852\");\n script_xref(name:\"USN\", value:\"1914-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux vulnerability (USN-1914-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Kees Cook discovered a format string vulnerability in the Broadcom B43\nwireless driver for the Linux kernel. A local user could exploit this\nflaw to gain administrative privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1914-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-51-generic\", pkgver:\"3.2.0-51.77\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-51-generic-pae\", pkgver:\"3.2.0-51.77\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-51-highbank\", pkgver:\"3.2.0-51.77\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-51-virtual\", pkgver:\"3.2.0-51.77\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.2-generic / linux-image-3.2-generic-pae / etc\");\n}\n", "title": "Ubuntu 12.04 LTS : linux vulnerability (USN-1914-1)", "type": "nessus", "viewCount": 12}, "differentElements": ["description"], "edition": 8, "lastseen": "2019-01-16T20:17:01"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "cvelist": ["CVE-2013-2852"], "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 3, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "c66cc4fb1f7259909e13c420f26d5f5af058a262b9f2fddb938229ac23e8e7cd", "hashmap": [{"hash": "e98da1909a73c93b1d00657dd74bc283", "key": "description"}, {"hash": "44df0cc3e04a71259ff4d0869758cdd4", "key": "sourceData"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "239eb4b07ebbe930903b3e75c1404fb8", "key": "href"}, {"hash": "3dd8d2d749b7b1856a095830e996bcc6", "key": "pluginID"}, {"hash": "2ec57e3401442eccf281b34d2546eef3", "key": "published"}, {"hash": "1d731490b777bc15c5d9375993128995", "key": "modified"}, {"hash": "4deb66481bee846993d6fd38c2bd3cfa", "key": "title"}, {"hash": "584146a6771679e1f8a19a6e44786f1f", "key": "cpe"}, {"hash": "e8bafdc9ad5c6f47fe1e6e5fd509b7a9", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0d4728c0d1697d32748c73ffca2aa35e", "key": "cvelist"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=69123", "id": "UBUNTU_USN-1914-1.NASL", "lastseen": "2017-10-29T13:33:07", "modified": "2016-10-26T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.3", "pluginID": "69123", "published": "2013-07-30T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1914-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69123);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2016/10/26 14:16:25 $\");\n\n script_cve_id(\"CVE-2013-2852\");\n script_osvdb_id(94034);\n script_xref(name:\"USN\", value:\"1914-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux vulnerability (USN-1914-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Kees Cook discovered a format string vulnerability in the Broadcom B43\nwireless driver for the Linux kernel. A local user could exploit this\nflaw to gain administrative privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2016 Canonical, Inc. / NASL script (C) 2013-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-51-generic\", pkgver:\"3.2.0-51.77\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-51-generic-pae\", pkgver:\"3.2.0-51.77\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-51-highbank\", pkgver:\"3.2.0-51.77\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-51-virtual\", pkgver:\"3.2.0-51.77\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.2-generic / linux-image-3.2-generic-pae / etc\");\n}\n", "title": "Ubuntu 12.04 LTS : linux vulnerability (USN-1914-1)", "type": "nessus", "viewCount": 12}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2017-10-29T13:33:07"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "cvelist": ["CVE-2013-2852"], "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 7, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "d0ccf09c5491053aad7df998cb5739f8ce7f2a751ef64100efed2c5805122409", "hashmap": [{"hash": "e98da1909a73c93b1d00657dd74bc283", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "239eb4b07ebbe930903b3e75c1404fb8", "key": "href"}, {"hash": "3dd8d2d749b7b1856a095830e996bcc6", "key": "pluginID"}, {"hash": "2ec57e3401442eccf281b34d2546eef3", "key": "published"}, {"hash": "fe9a9c319bd314c5299703db4cf93ba7", "key": "references"}, {"hash": "4deb66481bee846993d6fd38c2bd3cfa", "key": "title"}, {"hash": "0b7bc3d628637c0ff555114c533a3dda", "key": "modified"}, {"hash": "584146a6771679e1f8a19a6e44786f1f", "key": "cpe"}, {"hash": "e8bafdc9ad5c6f47fe1e6e5fd509b7a9", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1428f5871b8582e3b5d66efc80ba4478", "key": "sourceData"}, {"hash": "0d4728c0d1697d32748c73ffca2aa35e", "key": "cvelist"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=69123", "id": "UBUNTU_USN-1914-1.NASL", "lastseen": "2018-12-02T15:21:05", "modified": "2018-12-01T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.3", "pluginID": "69123", "published": "2013-07-30T00:00:00", "references": ["https://usn.ubuntu.com/1914-1/"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1914-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69123);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/12/01 13:19:08\");\n\n script_cve_id(\"CVE-2013-2852\");\n script_xref(name:\"USN\", value:\"1914-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux vulnerability (USN-1914-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Kees Cook discovered a format string vulnerability in the Broadcom B43\nwireless driver for the Linux kernel. A local user could exploit this\nflaw to gain administrative privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1914-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-51-generic\", pkgver:\"3.2.0-51.77\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-51-generic-pae\", pkgver:\"3.2.0-51.77\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-51-highbank\", pkgver:\"3.2.0-51.77\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-51-virtual\", pkgver:\"3.2.0-51.77\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.2-generic / linux-image-3.2-generic-pae / etc\");\n}\n", "title": "Ubuntu 12.04 LTS : linux vulnerability (USN-1914-1)", "type": "nessus", "viewCount": 12}, "differentElements": ["description"], "edition": 7, "lastseen": "2018-12-02T15:21:05"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2013-2852"], "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 2, "enchantments": {}, "hash": "a6d196e522e4b5c961826f6da01dee214854c9ada7317d8d7d2ba7da56a635e5", "hashmap": [{"hash": "e98da1909a73c93b1d00657dd74bc283", "key": "description"}, {"hash": "44df0cc3e04a71259ff4d0869758cdd4", "key": "sourceData"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "239eb4b07ebbe930903b3e75c1404fb8", "key": "href"}, {"hash": "3dd8d2d749b7b1856a095830e996bcc6", "key": "pluginID"}, {"hash": "2ec57e3401442eccf281b34d2546eef3", "key": "published"}, {"hash": "1d731490b777bc15c5d9375993128995", "key": "modified"}, {"hash": "4deb66481bee846993d6fd38c2bd3cfa", "key": "title"}, {"hash": "e8bafdc9ad5c6f47fe1e6e5fd509b7a9", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0d4728c0d1697d32748c73ffca2aa35e", "key": "cvelist"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=69123", "id": "UBUNTU_USN-1914-1.NASL", "lastseen": "2016-10-26T21:23:14", "modified": "2016-10-26T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.2", "pluginID": "69123", "published": "2013-07-30T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1914-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69123);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2016/10/26 14:16:25 $\");\n\n script_cve_id(\"CVE-2013-2852\");\n script_osvdb_id(94034);\n script_xref(name:\"USN\", value:\"1914-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux vulnerability (USN-1914-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Kees Cook discovered a format string vulnerability in the Broadcom B43\nwireless driver for the Linux kernel. A local user could exploit this\nflaw to gain administrative privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2016 Canonical, Inc. / NASL script (C) 2013-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-51-generic\", pkgver:\"3.2.0-51.77\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-51-generic-pae\", pkgver:\"3.2.0-51.77\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-51-highbank\", pkgver:\"3.2.0-51.77\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-51-virtual\", pkgver:\"3.2.0-51.77\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.2-generic / linux-image-3.2-generic-pae / etc\");\n}\n", "title": "Ubuntu 12.04 LTS : linux vulnerability (USN-1914-1)", "type": "nessus", "viewCount": 10}, "differentElements": ["cpe"], "edition": 2, "lastseen": "2016-10-26T21:23:14"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "cvelist": ["CVE-2013-2852"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "d39ac89f04f7a28bb523ca70a7a074599ae1b3a85306b3e48efd00ef33425d77", "hashmap": [{"hash": "c606eeac2a4fa3653e23cd27d1206082", "key": "sourceData"}, {"hash": "e98da1909a73c93b1d00657dd74bc283", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "239eb4b07ebbe930903b3e75c1404fb8", "key": "href"}, {"hash": "3dd8d2d749b7b1856a095830e996bcc6", "key": "pluginID"}, {"hash": "2ec57e3401442eccf281b34d2546eef3", "key": "published"}, {"hash": "4deb66481bee846993d6fd38c2bd3cfa", "key": "title"}, {"hash": "584146a6771679e1f8a19a6e44786f1f", "key": "cpe"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0d4728c0d1697d32748c73ffca2aa35e", "key": "cvelist"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}, {"hash": "97454731434b552ff623b783862a4f17", "key": "modified"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=69123", "id": "UBUNTU_USN-1914-1.NASL", "lastseen": "2018-08-30T19:30:01", "modified": "2018-08-15T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.3", "pluginID": "69123", "published": "2013-07-30T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1914-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69123);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/08/15 12:24:49\");\n\n script_cve_id(\"CVE-2013-2852\");\n script_xref(name:\"USN\", value:\"1914-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux vulnerability (USN-1914-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Kees Cook discovered a format string vulnerability in the Broadcom B43\nwireless driver for the Linux kernel. A local user could exploit this\nflaw to gain administrative privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-51-generic\", pkgver:\"3.2.0-51.77\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-51-generic-pae\", pkgver:\"3.2.0-51.77\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-51-highbank\", pkgver:\"3.2.0-51.77\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-51-virtual\", pkgver:\"3.2.0-51.77\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.2-generic / linux-image-3.2-generic-pae / etc\");\n}\n", "title": "Ubuntu 12.04 LTS : linux vulnerability (USN-1914-1)", "type": "nessus", "viewCount": 12}, "differentElements": ["cvss"], "edition": 5, "lastseen": "2018-08-30T19:30:01"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "cvelist": ["CVE-2013-2852"], "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 6, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "8629a3ad3c42bf38643bb4ea60c3ba2a24449185d64452e0fc8c1591ed451492", "hashmap": [{"hash": "c606eeac2a4fa3653e23cd27d1206082", "key": "sourceData"}, {"hash": "e98da1909a73c93b1d00657dd74bc283", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "239eb4b07ebbe930903b3e75c1404fb8", "key": "href"}, {"hash": "3dd8d2d749b7b1856a095830e996bcc6", "key": "pluginID"}, {"hash": "2ec57e3401442eccf281b34d2546eef3", "key": "published"}, {"hash": "4deb66481bee846993d6fd38c2bd3cfa", "key": "title"}, {"hash": "584146a6771679e1f8a19a6e44786f1f", "key": "cpe"}, {"hash": "e8bafdc9ad5c6f47fe1e6e5fd509b7a9", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0d4728c0d1697d32748c73ffca2aa35e", "key": "cvelist"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}, {"hash": "97454731434b552ff623b783862a4f17", "key": "modified"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=69123", "id": "UBUNTU_USN-1914-1.NASL", "lastseen": "2018-09-01T23:33:03", "modified": "2018-08-15T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.3", "pluginID": "69123", "published": "2013-07-30T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1914-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69123);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/08/15 12:24:49\");\n\n script_cve_id(\"CVE-2013-2852\");\n script_xref(name:\"USN\", value:\"1914-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux vulnerability (USN-1914-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Kees Cook discovered a format string vulnerability in the Broadcom B43\nwireless driver for the Linux kernel. A local user could exploit this\nflaw to gain administrative privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-51-generic\", pkgver:\"3.2.0-51.77\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-51-generic-pae\", pkgver:\"3.2.0-51.77\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-51-highbank\", pkgver:\"3.2.0-51.77\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-51-virtual\", pkgver:\"3.2.0-51.77\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.2-generic / linux-image-3.2-generic-pae / etc\");\n}\n", "title": "Ubuntu 12.04 LTS : linux vulnerability (USN-1914-1)", "type": "nessus", "viewCount": 12}, "differentElements": ["references", "modified", "sourceData"], "edition": 6, "lastseen": "2018-09-01T23:33:03"}], "edition": 9, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "584146a6771679e1f8a19a6e44786f1f"}, {"key": "cvelist", "hash": "0d4728c0d1697d32748c73ffca2aa35e"}, {"key": "cvss", "hash": "e8bafdc9ad5c6f47fe1e6e5fd509b7a9"}, {"key": "description", "hash": "e98da1909a73c93b1d00657dd74bc283"}, {"key": "href", "hash": "239eb4b07ebbe930903b3e75c1404fb8"}, {"key": "modified", "hash": "0b7bc3d628637c0ff555114c533a3dda"}, {"key": "naslFamily", "hash": "c9b7d00377a789a14c9bb9dab6c7168c"}, {"key": "pluginID", "hash": "3dd8d2d749b7b1856a095830e996bcc6"}, {"key": "published", "hash": "2ec57e3401442eccf281b34d2546eef3"}, {"key": "references", "hash": "fe9a9c319bd314c5299703db4cf93ba7"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "1428f5871b8582e3b5d66efc80ba4478"}, {"key": "title", "hash": "4deb66481bee846993d6fd38c2bd3cfa"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "d0ccf09c5491053aad7df998cb5739f8ce7f2a751ef64100efed2c5805122409", "viewCount": 12, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-2852"]}, {"type": "openvas", "idList": ["OPENVAS:841521", "OPENVAS:1361412562310841512", "OPENVAS:1361412562310841528", "OPENVAS:841522", "OPENVAS:1361412562310841521", "OPENVAS:1361412562310841514", "OPENVAS:841527", "OPENVAS:1361412562310841527", "OPENVAS:841515", "OPENVAS:841528"]}, {"type": "seebug", "idList": ["SSV:60839"]}, {"type": "nessus", "idList": ["UBUNTU_USN-1915-1.NASL", "UBUNTU_USN-1916-1.NASL", "UBUNTU_USN-1919-1.NASL", "UBUNTU_USN-1917-1.NASL", "UBUNTU_USN-1900-1.NASL", "UBUNTU_USN-1899-1.NASL", "REDHAT-RHSA-2013-1450.NASL", "FEDORA_2013-10689.NASL", "UBUNTU_USN-1936-1.NASL", "ORACLELINUX_ELSA-2013-2537.NASL"]}, {"type": "ubuntu", "idList": ["USN-1917-1", "USN-1915-1", "USN-1914-1", "USN-1918-1", "USN-1920-1", "USN-1930-1", "USN-1916-1", "USN-1919-1", "USN-1899-1", "USN-1900-1"]}, {"type": "exploitdb", "idList": ["EDB-ID:38559"]}, {"type": "redhat", "idList": ["RHSA-2013:1450", "RHSA-2013:1080", "RHSA-2013:1051", "RHSA-2013:1264", "RHSA-2013:1076"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-2537", "ELSA-2013-2538", "ELSA-2013-1051", "ELSA-2013-2546"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2745-1:9CD12", "DEBIAN:DSA-2766-1:1DD94"]}, {"type": "suse", "idList": ["SUSE-SU-2013:1473-1"]}, {"type": "centos", "idList": ["CESA-2013:1051"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:29561", "SECURITYVULNS:VULN:13100"]}, {"type": "amazon", "idList": ["ALAS-2013-218"]}], "modified": "2019-02-21T01:19:49"}, "score": {"value": 6.3, "vector": "NONE", "modified": "2019-02-21T01:19:49"}, "vulnersScore": 6.3}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1914-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69123);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/12/01 13:19:08\");\n\n script_cve_id(\"CVE-2013-2852\");\n script_xref(name:\"USN\", value:\"1914-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux vulnerability (USN-1914-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Kees Cook discovered a format string vulnerability in the Broadcom B43\nwireless driver for the Linux kernel. A local user could exploit this\nflaw to gain administrative privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1914-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-51-generic\", pkgver:\"3.2.0-51.77\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-51-generic-pae\", pkgver:\"3.2.0-51.77\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-51-highbank\", pkgver:\"3.2.0-51.77\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-51-virtual\", pkgver:\"3.2.0-51.77\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.2-generic / linux-image-3.2-generic-pae / etc\");\n}\n", "naslFamily": "Ubuntu Local Security Checks", "pluginID": "69123", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "scheme": null}

{"cve": [{"lastseen": "2019-05-29T18:13:02", "bulletinFamily": "NVD", "description": "Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message.", "modified": "2017-11-18T02:29:00", "id": "CVE-2013-2852", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2852", "published": "2013-06-07T14:03:00", "title": "CVE-2013-2852", "type": "cve", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2018-01-24T11:10:16", "bulletinFamily": "scanner", "description": "Check for the Version of linux-lts-raring", "modified": "2018-01-24T00:00:00", "published": "2013-08-08T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=841522", "id": "OPENVAS:841522", "title": "Ubuntu Update for linux-lts-raring USN-1916-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1916_1.nasl 8509 2018-01-24 06:57:46Z teissa $\n#\n# Ubuntu Update for linux-lts-raring USN-1916-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(841522);\n script_version(\"$Revision: 8509 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 07:57:46 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-08 11:47:38 +0530 (Thu, 08 Aug 2013)\");\n script_cve_id(\"CVE-2013-2852\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux-lts-raring USN-1916-1\");\n\n tag_insight = \"Kees Cook discovered a format string vulnerability in the Broadcom B43\nwireless driver for the Linux kernel. A local user could exploit this flaw\nto gain administrative privileges.\";\n\n tag_affected = \"linux-lts-raring on Ubuntu 12.04 LTS\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"1916-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1916-1/\");\n script_tag(name: \"summary\" , value: \"Check for the Version of linux-lts-raring\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.8.0-27-generic\", ver:\"3.8.0-27.40~precise3\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:25", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2013-08-08T00:00:00", "id": "OPENVAS:1361412562310841514", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841514", "title": "Ubuntu Update for linux USN-1917-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1917_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux USN-1917-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841514\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-08 11:43:29 +0530 (Thu, 08 Aug 2013)\");\n script_cve_id(\"CVE-2013-2852\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux USN-1917-1\");\n\n script_tag(name:\"affected\", value:\"linux on Ubuntu 12.10\");\n script_tag(name:\"insight\", value:\"Kees Cook discovered a format string vulnerability in the Broadcom B43\nwireless driver for the Linux kernel. A local user could exploit this flaw\nto gain administrative privileges.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"1917-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1917-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.10\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-37-generic\", ver:\"3.5.0-37.58\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-37-highbank\", ver:\"3.5.0-37.58\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-37-omap\", ver:\"3.5.0-37.58\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-37-powerpc-smp\", ver:\"3.5.0-37.58\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-37-powerpc64-smp\", ver:\"3.5.0-37.58\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:05", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2013-08-08T00:00:00", "id": "OPENVAS:1361412562310841521", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841521", "title": "Ubuntu Update for linux-lts-quantal USN-1915-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1915_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-lts-quantal USN-1915-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841521\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-08 11:47:36 +0530 (Thu, 08 Aug 2013)\");\n script_cve_id(\"CVE-2013-2852\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux-lts-quantal USN-1915-1\");\n\n script_tag(name:\"affected\", value:\"linux-lts-quantal on Ubuntu 12.04 LTS\");\n script_tag(name:\"insight\", value:\"Kees Cook discovered a format string vulnerability in the Broadcom B43\nwireless driver for the Linux kernel. A local user could exploit this flaw\nto gain administrative privileges.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"1915-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1915-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-quantal'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-37-generic\", ver:\"3.5.0-37.58~precise1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:52", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2013-08-08T00:00:00", "id": "OPENVAS:1361412562310841512", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841512", "title": "Ubuntu Update for linux-ti-omap4 USN-1918-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1918_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-ti-omap4 USN-1918-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841512\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-08 11:42:03 +0530 (Thu, 08 Aug 2013)\");\n script_cve_id(\"CVE-2013-2852\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-1918-1\");\n\n script_tag(name:\"affected\", value:\"linux-ti-omap4 on Ubuntu 12.10\");\n script_tag(name:\"insight\", value:\"Kees Cook discovered a format string vulnerability in the Broadcom B43\nwireless driver for the Linux kernel. A local user could exploit this flaw\nto gain administrative privileges.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"1918-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1918-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-ti-omap4'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.10\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-229-omap4\", ver:\"3.5.0-229.42\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:22", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2013-08-08T00:00:00", "id": "OPENVAS:1361412562310841528", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841528", "title": "Ubuntu Update for linux USN-1919-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1919_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux USN-1919-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841528\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-08 11:48:22 +0530 (Thu, 08 Aug 2013)\");\n script_cve_id(\"CVE-2013-2852\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux USN-1919-1\");\n\n script_tag(name:\"affected\", value:\"linux on Ubuntu 13.04\");\n script_tag(name:\"insight\", value:\"Kees Cook discovered a format string vulnerability in the Broadcom B43\nwireless driver for the Linux kernel. A local user could exploit this flaw\nto gain administrative privileges.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"1919-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1919-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU13\\.04\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU13.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.8.0-27-generic\", ver:\"3.8.0-27.40\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-02-05T11:11:17", "bulletinFamily": "scanner", "description": "Check for the Version of linux-lts-quantal", "modified": "2018-02-03T00:00:00", "published": "2013-08-08T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=841521", "id": "OPENVAS:841521", "title": "Ubuntu Update for linux-lts-quantal USN-1915-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1915_1.nasl 8650 2018-02-03 12:16:59Z teissa $\n#\n# Ubuntu Update for linux-lts-quantal USN-1915-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(841521);\n script_version(\"$Revision: 8650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-03 13:16:59 +0100 (Sat, 03 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-08 11:47:36 +0530 (Thu, 08 Aug 2013)\");\n script_cve_id(\"CVE-2013-2852\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux-lts-quantal USN-1915-1\");\n\n tag_insight = \"Kees Cook discovered a format string vulnerability in the Broadcom B43\nwireless driver for the Linux kernel. A local user could exploit this flaw\nto gain administrative privileges.\";\n\n tag_affected = \"linux-lts-quantal on Ubuntu 12.04 LTS\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"1915-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1915-1/\");\n script_tag(name: \"summary\" , value: \"Check for the Version of linux-lts-quantal\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-37-generic\", ver:\"3.5.0-37.58~precise1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:27", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2013-08-08T00:00:00", "id": "OPENVAS:1361412562310841527", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841527", "title": "Ubuntu Update for linux-ti-omap4 USN-1920-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1920_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-ti-omap4 USN-1920-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841527\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-08 11:48:20 +0530 (Thu, 08 Aug 2013)\");\n script_cve_id(\"CVE-2013-2852\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-1920-1\");\n\n script_tag(name:\"affected\", value:\"linux-ti-omap4 on Ubuntu 13.04\");\n script_tag(name:\"insight\", value:\"Kees Cook discovered a format string vulnerability in the Broadcom B43\nwireless driver for the Linux kernel. A local user could exploit this flaw\nto gain administrative privileges.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"1920-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1920-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-ti-omap4'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU13\\.04\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU13.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-229-omap4\", ver:\"3.5.0-229.42\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-18T11:09:36", "bulletinFamily": "scanner", "description": "Check for the Version of linux-ti-omap4", "modified": "2018-01-18T00:00:00", "published": "2013-08-08T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=841527", "id": "OPENVAS:841527", "title": "Ubuntu Update for linux-ti-omap4 USN-1920-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1920_1.nasl 8456 2018-01-18 06:58:40Z teissa $\n#\n# Ubuntu Update for linux-ti-omap4 USN-1920-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(841527);\n script_version(\"$Revision: 8456 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-18 07:58:40 +0100 (Thu, 18 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-08 11:48:20 +0530 (Thu, 08 Aug 2013)\");\n script_cve_id(\"CVE-2013-2852\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-1920-1\");\n\n tag_insight = \"Kees Cook discovered a format string vulnerability in the Broadcom B43\nwireless driver for the Linux kernel. A local user could exploit this flaw\nto gain administrative privileges.\";\n\n tag_affected = \"linux-ti-omap4 on Ubuntu 13.04\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"1920-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1920-1/\");\n script_tag(name: \"summary\" , value: \"Check for the Version of linux-ti-omap4\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU13.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-229-omap4\", ver:\"3.5.0-229.42\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-18T11:08:39", "bulletinFamily": "scanner", "description": "Check for the Version of linux", "modified": "2018-01-18T00:00:00", "published": "2013-08-08T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=841514", "id": "OPENVAS:841514", "title": "Ubuntu Update for linux USN-1917-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1917_1.nasl 8456 2018-01-18 06:58:40Z teissa $\n#\n# Ubuntu Update for linux USN-1917-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(841514);\n script_version(\"$Revision: 8456 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-18 07:58:40 +0100 (Thu, 18 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-08 11:43:29 +0530 (Thu, 08 Aug 2013)\");\n script_cve_id(\"CVE-2013-2852\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux USN-1917-1\");\n\n tag_insight = \"Kees Cook discovered a format string vulnerability in the Broadcom B43\nwireless driver for the Linux kernel. A local user could exploit this flaw\nto gain administrative privileges.\";\n\n tag_affected = \"linux on Ubuntu 12.10\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"1917-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1917-1/\");\n script_tag(name: \"summary\" , value: \"Check for the Version of linux\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-37-generic\", ver:\"3.5.0-37.58\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-37-highbank\", ver:\"3.5.0-37.58\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-37-omap\", ver:\"3.5.0-37.58\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-37-powerpc-smp\", ver:\"3.5.0-37.58\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-37-powerpc64-smp\", ver:\"3.5.0-37.58\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-22T13:09:52", "bulletinFamily": "scanner", "description": "Check for the Version of linux", "modified": "2018-01-22T00:00:00", "published": "2013-08-08T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=841528", "id": "OPENVAS:841528", "title": "Ubuntu Update for linux USN-1919-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1919_1.nasl 8483 2018-01-22 06:58:04Z teissa $\n#\n# Ubuntu Update for linux USN-1919-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(841528);\n script_version(\"$Revision: 8483 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 07:58:04 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-08 11:48:22 +0530 (Thu, 08 Aug 2013)\");\n script_cve_id(\"CVE-2013-2852\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux USN-1919-1\");\n\n tag_insight = \"Kees Cook discovered a format string vulnerability in the Broadcom B43\nwireless driver for the Linux kernel. A local user could exploit this flaw\nto gain administrative privileges.\";\n\n tag_affected = \"linux on Ubuntu 13.04\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"1919-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1919-1/\");\n script_tag(name: \"summary\" , value: \"Check for the Version of linux\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU13.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.8.0-27-generic\", ver:\"3.8.0-27.40\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-02-21T01:19:49", "bulletinFamily": "scanner", "description": "Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-1915-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=69124", "published": "2013-07-30T00:00:00", "title": "Ubuntu 12.04 LTS : linux-lts-quantal vulnerability (USN-1915-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1915-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69124);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/12/01 13:19:08\");\n\n script_cve_id(\"CVE-2013-2852\");\n script_xref(name:\"USN\", value:\"1915-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux-lts-quantal vulnerability (USN-1915-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Kees Cook discovered a format string vulnerability in the Broadcom B43\nwireless driver for the Linux kernel. A local user could exploit this\nflaw to gain administrative privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1915-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected linux-image-3.5-generic package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.5.0-37-generic\", pkgver:\"3.5.0-37.58~precise1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.5-generic\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:19:49", "bulletinFamily": "scanner", "description": "Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-1916-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=69125", "published": "2013-07-30T00:00:00", "title": "Ubuntu 12.04 LTS : linux-lts-raring vulnerability (USN-1916-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1916-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69125);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/12/01 13:19:08\");\n\n script_cve_id(\"CVE-2013-2852\");\n script_xref(name:\"USN\", value:\"1916-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux-lts-raring vulnerability (USN-1916-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Kees Cook discovered a format string vulnerability in the Broadcom B43\nwireless driver for the Linux kernel. A local user could exploit this\nflaw to gain administrative privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1916-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected linux-image-3.8-generic package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.8-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.8.0-27-generic\", pkgver:\"3.8.0-27.40~precise3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.8-generic\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:19:49", "bulletinFamily": "scanner", "description": "Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-1919-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=69127", "published": "2013-07-30T00:00:00", "title": "Ubuntu 13.04 : linux vulnerability (USN-1919-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1919-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69127);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/12/01 13:19:08\");\n\n script_cve_id(\"CVE-2013-2852\");\n script_bugtraq_id(60410);\n script_xref(name:\"USN\", value:\"1919-1\");\n\n script_name(english:\"Ubuntu 13.04 : linux vulnerability (USN-1919-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Kees Cook discovered a format string vulnerability in the Broadcom B43\nwireless driver for the Linux kernel. A local user could exploit this\nflaw to gain administrative privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1919-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected linux-image-3.8-generic package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.8-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(13\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 13.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"13.04\", pkgname:\"linux-image-3.8.0-27-generic\", pkgver:\"3.8.0-27.40\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.8-generic\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:19:49", "bulletinFamily": "scanner", "description": "Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-1917-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=69126", "published": "2013-07-30T00:00:00", "title": "Ubuntu 12.10 : linux vulnerability (USN-1917-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1917-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69126);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/12/01 13:19:08\");\n\n script_cve_id(\"CVE-2013-2852\");\n script_xref(name:\"USN\", value:\"1917-1\");\n\n script_name(english:\"Ubuntu 12.10 : linux vulnerability (USN-1917-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Kees Cook discovered a format string vulnerability in the Broadcom B43\nwireless driver for the Linux kernel. A local user could exploit this\nflaw to gain administrative privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1917-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.5-generic and / or\nlinux-image-3.5-highbank packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-highbank\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.10\", pkgname:\"linux-image-3.5.0-37-generic\", pkgver:\"3.5.0-37.58\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"linux-image-3.5.0-37-highbank\", pkgver:\"3.5.0-37.58\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.5-generic / linux-image-3.5-highbank\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:19:09", "bulletinFamily": "scanner", "description": "Dmitry Monakhov reported a race condition flaw the Linux ext4 filesystem that can expose stale data. An unprivileged user could exploit this flaw to cause an information leak. (CVE-2012-4508)\n\nAn information leak was discovered in the Linux kernel's tkill and tgkill system calls when used from compat processes. A local user could exploit this flaw to examine potentially sensitive kernel memory. (CVE-2013-2141)\n\nKees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges. (CVE-2013-2852).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-1900-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67191", "published": "2013-07-05T00:00:00", "title": "Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1900-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1900-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67191);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/12/01 13:19:08\");\n\n script_cve_id(\"CVE-2012-4508\", \"CVE-2013-2141\", \"CVE-2013-2852\");\n script_bugtraq_id(56238, 60254, 60410);\n script_xref(name:\"USN\", value:\"1900-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1900-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Dmitry Monakhov reported a race condition flaw the Linux ext4\nfilesystem that can expose stale data. An unprivileged user could\nexploit this flaw to cause an information leak. (CVE-2012-4508)\n\nAn information leak was discovered in the Linux kernel's tkill and\ntgkill system calls when used from compat processes. A local user\ncould exploit this flaw to examine potentially sensitive kernel\nmemory. (CVE-2013-2141)\n\nKees Cook discovered a format string vulnerability in the Broadcom B43\nwireless driver for the Linux kernel. A local user could exploit this\nflaw to gain administrative privileges. (CVE-2013-2852).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1900-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected linux-image-2.6-ec2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-354-ec2\", pkgver:\"2.6.32-354.67\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-ec2\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:22:42", "bulletinFamily": "scanner", "description": "Updated kernel packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 6.3 Extended Update Support.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\n* It was found that the fix for CVE-2012-3552 released via RHSA-2012:1540 introduced an invalid free flaw in the Linux kernel's TCP/IP protocol suite implementation. A local, unprivileged user could use this flaw to corrupt kernel memory via crafted sendmsg() calls, allowing them to cause a denial of service or, potentially, escalate their privileges on the system. (CVE-2013-2224, Important)\n\n* An information leak flaw was found in the way Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible.\n(CVE-2013-4299, Moderate)\n\n* A format string flaw was found in the b43_do_request_fw() function in the Linux kernel's b43 driver implementation. A local user who is able to specify the 'fwpostfix' b43 module parameter could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-2852, Low)\n\nRed Hat would like to thank Fujitsu for reporting CVE-2013-4299, and Kees Cook for reporting CVE-2013-2852.\n\nThis update also fixes the following bugs :\n\n* An insufficiently designed calculation in the CPU accelerator could cause an arithmetic overflow in the set_cyc2ns_scale() function if the system uptime exceeded 208 days prior to using kexec to boot into a new kernel. This overflow led to a kernel panic on the systems using the Time Stamp Counter (TSC) clock source, primarily the systems using Intel Xeon E5 processors that do not reset TSC on soft power cycles. A patch has been applied to modify the calculation so that this arithmetic overflow and kernel panic can no longer occur under these circumstances. (BZ#1004185)\n\n* A race condition in the abort task and SPP device task management path of the isci driver could, under certain circumstances, cause the driver to fail cleaning up timed-out I/O requests that were pending on an SAS disk device. As a consequence, the kernel removed such a device from the system. A patch applied to the isci driver fixes this problem by sending the task management function request to the SAS drive anytime the abort function is entered and the task has not completed.\nThe driver now cleans up timed-out I/O requests as expected in this situation. (BZ#1007467)\n\n* A kernel panic could occur during path failover on systems using multiple iSCSI, FC or SRP paths to connect an iSCSI initiator and an iSCSI target. This happened because a race condition in the SCSI driver allowed removing a SCSI device from the system before processing its run queue, which led to a NULL pointer dereference. The SCSI driver has been modified and the race is now avoided by holding a reference to a SCSI device run queue while it is active. (BZ#1008507)\n\nAll kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "modified": "2018-11-10T00:00:00", "id": "REDHAT-RHSA-2013-1450.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78974", "published": "2014-11-08T00:00:00", "title": "RHEL 6 : kernel (RHSA-2013:1450)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1450. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78974);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/10 11:49:53\");\n\n script_cve_id(\"CVE-2013-2224\", \"CVE-2013-2852\", \"CVE-2013-4299\");\n script_bugtraq_id(63183);\n script_xref(name:\"RHSA\", value:\"2013:1450\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2013:1450)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix three security issues and several\nbugs are now available for Red Hat Enterprise Linux 6.3 Extended\nUpdate Support.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the fix for CVE-2012-3552 released via\nRHSA-2012:1540 introduced an invalid free flaw in the Linux kernel's\nTCP/IP protocol suite implementation. A local, unprivileged user could\nuse this flaw to corrupt kernel memory via crafted sendmsg() calls,\nallowing them to cause a denial of service or, potentially, escalate\ntheir privileges on the system. (CVE-2013-2224, Important)\n\n* An information leak flaw was found in the way Linux kernel's device\nmapper subsystem, under certain conditions, interpreted data written\nto snapshot block devices. An attacker could use this flaw to read\ndata from disk blocks in free space, which are normally inaccessible.\n(CVE-2013-4299, Moderate)\n\n* A format string flaw was found in the b43_do_request_fw() function\nin the Linux kernel's b43 driver implementation. A local user who is\nable to specify the 'fwpostfix' b43 module parameter could use this\nflaw to cause a denial of service or, potentially, escalate their\nprivileges. (CVE-2013-2852, Low)\n\nRed Hat would like to thank Fujitsu for reporting CVE-2013-4299, and\nKees Cook for reporting CVE-2013-2852.\n\nThis update also fixes the following bugs :\n\n* An insufficiently designed calculation in the CPU accelerator could\ncause an arithmetic overflow in the set_cyc2ns_scale() function if the\nsystem uptime exceeded 208 days prior to using kexec to boot into a\nnew kernel. This overflow led to a kernel panic on the systems using\nthe Time Stamp Counter (TSC) clock source, primarily the systems using\nIntel Xeon E5 processors that do not reset TSC on soft power cycles. A\npatch has been applied to modify the calculation so that this\narithmetic overflow and kernel panic can no longer occur under these\ncircumstances. (BZ#1004185)\n\n* A race condition in the abort task and SPP device task management\npath of the isci driver could, under certain circumstances, cause the\ndriver to fail cleaning up timed-out I/O requests that were pending on\nan SAS disk device. As a consequence, the kernel removed such a device\nfrom the system. A patch applied to the isci driver fixes this problem\nby sending the task management function request to the SAS drive\nanytime the abort function is entered and the task has not completed.\nThe driver now cleans up timed-out I/O requests as expected in this\nsituation. (BZ#1007467)\n\n* A kernel panic could occur during path failover on systems using\nmultiple iSCSI, FC or SRP paths to connect an iSCSI initiator and an\niSCSI target. This happened because a race condition in the SCSI\ndriver allowed removing a SCSI device from the system before\nprocessing its run queue, which led to a NULL pointer dereference. The\nSCSI driver has been modified and the race is now avoided by holding a\nreference to a SCSI device run queue while it is active. (BZ#1008507)\n\nAll kernel users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The system\nmust be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:1450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2852\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2224\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4299\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6\\.3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.3\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1450\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"i686\", reference:\"kernel-2.6.32-279.37.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-2.6.32-279.37.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-2.6.32-279.37.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"i686\", reference:\"kernel-debug-2.6.32-279.37.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-debug-2.6.32-279.37.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-279.37.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-2.6.32-279.37.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-2.6.32-279.37.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-279.37.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.32-279.37.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.32-279.37.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-279.37.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"i686\", reference:\"kernel-debuginfo-2.6.32-279.37.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-debuginfo-2.6.32-279.37.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-279.37.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-2.6.32-279.37.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-2.6.32-279.37.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-279.37.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"i686\", reference:\"kernel-devel-2.6.32-279.37.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-devel-2.6.32-279.37.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-279.37.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", reference:\"kernel-doc-2.6.32-279.37.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", reference:\"kernel-firmware-2.6.32-279.37.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"i686\", reference:\"kernel-headers-2.6.32-279.37.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-headers-2.6.32-279.37.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-279.37.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.32-279.37.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-2.6.32-279.37.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.32-279.37.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"i686\", reference:\"perf-2.6.32-279.37.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"s390x\", reference:\"perf-2.6.32-279.37.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"x86_64\", reference:\"perf-2.6.32-279.37.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"i686\", reference:\"perf-debuginfo-2.6.32-279.37.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"s390x\", reference:\"perf-debuginfo-2.6.32-279.37.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-279.37.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"i686\", reference:\"python-perf-2.6.32-279.37.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"s390x\", reference:\"python-perf-2.6.32-279.37.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"x86_64\", reference:\"python-perf-2.6.32-279.37.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"i686\", reference:\"python-perf-debuginfo-2.6.32-279.37.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"s390x\", reference:\"python-perf-debuginfo-2.6.32-279.37.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-2.6.32-279.37.2.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debug / kernel-debug-debuginfo / kernel-debug-devel / etc\");\n }\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:19:09", "bulletinFamily": "scanner", "description": "Dmitry Monakhov reported a race condition flaw the Linux ext4 filesystem that can expose stale data. An unprivileged user could exploit this flaw to cause an information leak. (CVE-2012-4508)\n\nAn information leak was discovered in the Linux kernel's tkill and tgkill system calls when used from compat processes. A local user could exploit this flaw to examine potentially sensitive kernel memory. (CVE-2013-2141)\n\nKees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges. (CVE-2013-2852).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-1899-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67190", "published": "2013-07-05T00:00:00", "title": "Ubuntu 10.04 LTS : linux vulnerabilities (USN-1899-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1899-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67190);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/12/01 13:19:08\");\n\n script_cve_id(\"CVE-2012-4508\", \"CVE-2013-2141\", \"CVE-2013-2852\");\n script_bugtraq_id(56238, 60254, 60410);\n script_xref(name:\"USN\", value:\"1899-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux vulnerabilities (USN-1899-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Dmitry Monakhov reported a race condition flaw the Linux ext4\nfilesystem that can expose stale data. An unprivileged user could\nexploit this flaw to cause an information leak. (CVE-2012-4508)\n\nAn information leak was discovered in the Linux kernel's tkill and\ntgkill system calls when used from compat processes. A local user\ncould exploit this flaw to examine potentially sensitive kernel\nmemory. (CVE-2013-2141)\n\nKees Cook discovered a format string vulnerability in the Broadcom B43\nwireless driver for the Linux kernel. A local user could exploit this\nflaw to gain administrative privileges. (CVE-2013-2852).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1899-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-49-386\", pkgver:\"2.6.32-49.111\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-49-generic\", pkgver:\"2.6.32-49.111\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-49-generic-pae\", pkgver:\"2.6.32-49.111\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-49-lpia\", pkgver:\"2.6.32-49.111\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-49-preempt\", pkgver:\"2.6.32-49.111\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-49-server\", pkgver:\"2.6.32-49.111\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-49-versatile\", pkgver:\"2.6.32-49.111\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-49-virtual\", pkgver:\"2.6.32-49.111\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-386 / linux-image-2.6-generic / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:19:10", "bulletinFamily": "scanner", "description": "Update to latest upstream stable release, Linux v3.9.5.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-28T00:00:00", "id": "FEDORA_2013-10689.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67284", "published": "2013-07-12T00:00:00", "title": "Fedora 19 : kernel-3.9.5-301.fc19 (2013-10689)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-10689.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67284);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/28 22:47:44\");\n\n script_cve_id(\"CVE-2013-2140\", \"CVE-2013-2147\", \"CVE-2013-2148\", \"CVE-2013-2164\", \"CVE-2013-2851\", \"CVE-2013-2852\");\n script_bugtraq_id(60280, 60341, 60375, 60409, 60410, 60414);\n script_xref(name:\"FEDORA\", value:\"2013-10689\");\n\n script_name(english:\"Fedora 19 : kernel-3.9.5-301.fc19 (2013-10689)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to latest upstream stable release, Linux v3.9.5.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=969515\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=969518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=971146\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=971242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=971258\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=973100\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-June/108963.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b1a479db\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"kernel-3.9.5-301.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:19:53", "bulletinFamily": "scanner", "description": "Chanam Park reported a NULL pointer flaw in the Linux kernel's Ceph client. A remote attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2013-1059)\n\nAn information leak was discovered in the Linux kernel's fanotify interface. A local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-2148)\n\nJonathan Salwan discovered an information leak in the Linux kernel's cdrom driver. A local user can exploit this leak to obtain sensitive information from kernel memory if the CD-ROM drive is malfunctioning.\n(CVE-2013-2164)\n\nKees Cook discovered a format string vulnerability in the Linux kernel's disk block layer. A local user with administrator privileges could exploit this flaw to gain kernel privileges. (CVE-2013-2851)\n\nHannes Frederic Sowa discovered that the Linux kernel's IPv6 stack does not correctly handle Router Advertisement (RA) message in some cases. A remote attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2013-4125)\n\nA vulnerability was discovered in the Linux kernel's vhost net driver.\nA local user could cause a denial of service (system crash) by powering on a virtual machine. (CVE-2013-4127)\n\nMarcus Moeller and Ken Fallon discovered that the CIFS incorrectly built certain paths. A local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service. (CVE-2013-4247).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-1936-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=69419", "published": "2013-08-21T00:00:00", "title": "Ubuntu 12.04 LTS : linux-lts-raring vulnerabilities (USN-1936-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1936-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69419);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/12/01 13:19:08\");\n\n script_cve_id(\"CVE-2013-1059\", \"CVE-2013-2148\", \"CVE-2013-2164\", \"CVE-2013-2851\", \"CVE-2013-2852\", \"CVE-2013-4125\", \"CVE-2013-4127\", \"CVE-2013-4247\");\n script_bugtraq_id(61800);\n script_xref(name:\"USN\", value:\"1936-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux-lts-raring vulnerabilities (USN-1936-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chanam Park reported a NULL pointer flaw in the Linux kernel's Ceph\nclient. A remote attacker could exploit this flaw to cause a denial of\nservice (system crash). (CVE-2013-1059)\n\nAn information leak was discovered in the Linux kernel's fanotify\ninterface. A local user could exploit this flaw to obtain sensitive\ninformation from kernel memory. (CVE-2013-2148)\n\nJonathan Salwan discovered an information leak in the Linux kernel's\ncdrom driver. A local user can exploit this leak to obtain sensitive\ninformation from kernel memory if the CD-ROM drive is malfunctioning.\n(CVE-2013-2164)\n\nKees Cook discovered a format string vulnerability in the Linux\nkernel's disk block layer. A local user with administrator privileges\ncould exploit this flaw to gain kernel privileges. (CVE-2013-2851)\n\nHannes Frederic Sowa discovered that the Linux kernel's IPv6 stack\ndoes not correctly handle Router Advertisement (RA) message in some\ncases. A remote attacker could exploit this flaw to cause a denial of\nservice (system crash). (CVE-2013-4125)\n\nA vulnerability was discovered in the Linux kernel's vhost net driver.\nA local user could cause a denial of service (system crash) by\npowering on a virtual machine. (CVE-2013-4127)\n\nMarcus Moeller and Ken Fallon discovered that the CIFS incorrectly\nbuilt certain paths. A local attacker with access to a CIFS partition\ncould exploit this to crash the system, leading to a denial of\nservice. (CVE-2013-4247).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1936-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected linux-image-3.8-generic package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.8-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/08/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.8.0-29-generic\", pkgver:\"3.8.0-29.42~precise1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.8-generic\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:19:47", "bulletinFamily": "scanner", "description": "Description of changes:\n\nkernel-uek [2.6.32-400.29.2.el5uek]\n- Bluetooth: RFCOMM - Fix missing msg_namelen update in rfcomm_sock_recvmsg() (Mathias Krause) [Orabug: 17173824] {CVE-2013-3225}\n- Bluetooth: fix possible info leak in bt_sock_recvmsg() (Mathias Krause) [Orabug: 17173824] {CVE-2013-3224}\n- atm: update msg_namelen in vcc_recvmsg() (Mathias Krause) [Orabug: 17173824] {CVE-2013-3222}\n- dcbnl: fix various netlink info leaks (Mathias Krause) [Orabug: 17173824] {CVE-2013-2634}\n- udf: avoid info leak on export (Mathias Krause) [Orabug: 17173824] {CVE-2012-6548}\n- b43: stop format string leaking into error msgs (Kees Cook) [Orabug: 17173824] {CVE-2013-2852}\n- signal: always clear sa_restorer on execve (Kees Cook) [Orabug: 17173824] {CVE-2013-0914}", "modified": "2019-01-02T00:00:00", "id": "ORACLELINUX_ELSA-2013-2537.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68977", "published": "2013-07-19T00:00:00", "title": "Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2013-2537)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2013-2537.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68977);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/01/02 16:37:55\");\n\n script_cve_id(\"CVE-2012-6548\", \"CVE-2013-0914\", \"CVE-2013-2634\", \"CVE-2013-2852\", \"CVE-2013-3222\", \"CVE-2013-3224\", \"CVE-2013-3225\");\n script_bugtraq_id(58426, 58597, 58994, 59377, 59383, 59385, 60410);\n\n script_name(english:\"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2013-2537)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\nkernel-uek\n[2.6.32-400.29.2.el5uek]\n- Bluetooth: RFCOMM - Fix missing msg_namelen update in \nrfcomm_sock_recvmsg() (Mathias Krause) [Orabug: 17173824] {CVE-2013-3225}\n- Bluetooth: fix possible info leak in bt_sock_recvmsg() (Mathias \nKrause) [Orabug: 17173824] {CVE-2013-3224}\n- atm: update msg_namelen in vcc_recvmsg() (Mathias Krause) [Orabug: \n17173824] {CVE-2013-3222}\n- dcbnl: fix various netlink info leaks (Mathias Krause) [Orabug: \n17173824] {CVE-2013-2634}\n- udf: avoid info leak on export (Mathias Krause) [Orabug: 17173824] \n{CVE-2012-6548}\n- b43: stop format string leaking into error msgs (Kees Cook) [Orabug: \n17173824] {CVE-2013-2852}\n- signal: always clear sa_restorer on execve (Kees Cook) [Orabug: \n17173824] {CVE-2013-0914}\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-July/003586.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-July/003587.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.29.2.el5uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.29.2.el5uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.29.2.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.29.2.el6uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-400.29.2.el5uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-400.29.2.el5uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-400.29.2.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-400.29.2.el6uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-2.6.32\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-2.6.32-400.29.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-2.6.32\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-2.6.32-400.29.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-devel-2.6.32\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-devel-2.6.32-400.29.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-devel-2.6.32\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-devel-2.6.32-400.29.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-doc-2.6.32\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-doc-2.6.32-400.29.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-firmware-2.6.32\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-firmware-2.6.32-400.29.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-headers-2.6.32\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-headers-2.6.32-400.29.2.el5uek\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"mlnx_en-2.6.32-400.29.2.el5uek-1.5.7-2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"mlnx_en-2.6.32-400.29.2.el5uekdebug-1.5.7-2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"ofa-2.6.32-400.29.2.el5uek-1.5.1-4.0.58\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"ofa-2.6.32-400.29.2.el5uekdebug-1.5.1-4.0.58\")) flag++;\n\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-2.6.32-400.29.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-2.6.32-400.29.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-devel-2.6.32-400.29.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-devel-2.6.32-400.29.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-doc-2.6.32-400.29.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-firmware-2.6.32-400.29.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-headers-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-headers-2.6.32-400.29.2.el6uek\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"mlnx_en-2.6.32-400.29.2.el6uek-1.5.7-0.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"mlnx_en-2.6.32-400.29.2.el6uekdebug-1.5.7-0.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"ofa-2.6.32-400.29.2.el6uek-1.5.1-4.0.58\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"ofa-2.6.32-400.29.2.el6uekdebug-1.5.1-4.0.58\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T17:42:01", "bulletinFamily": "exploit", "description": "CVE ID:CVE-2013-2852\r\n\r\nLinux\u662f\u4e00\u6b3e\u5f00\u6e90\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nLinux b43\u65e0\u7ebf\u9a71\u52a8\u5b58\u5728\u5b89\u5168\u95ee\u9898\uff0c\u5141\u8bb8\u672c\u5730\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\u3002\r\nb43\u65e0\u7ebf\u9a71\u52a8drivers/net/wireless/b43/main.c b43_request_firmware\u51fd\u6570\u53ef\u4f7f\u7528&quot;fwpostfix&quot;\u6a21\u5757\u53c2\u6570\u6765\u66f4\u6539\u6587\u4ef6\u540d\u7528\u4e8e\u83b7\u53d6\u56fa\u4ef6\uff0c\u5982\u679c\u6b64\u6587\u4ef6\u6ca1\u6709\u627e\u5230\u7684\u60c5\u51b5\u4e0b\uff0c\u9519\u8bef\u6d88\u606f\u4f1a\u628a\u6587\u4ef6\u540d\u4ee5\u683c\u5f0f\u4e32\u5904\u7406\uff0c\u8fd9\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u53ef\u4ee5\u4eceuid-0\u63d0\u6743\u5230ring-0\u3002\n0\nLinux Kernel 3.9.4\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\n\r\n\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://git.kernel.org/cgit/linux/kernel/git/linville/wireless.git/commit/?id=9538cbaab6e8b8046039b4b2eb6c9d614dc782bd", "modified": "2013-06-11T00:00:00", "published": "2013-06-11T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60839", "id": "SSV:60839", "title": "Linux Kernel 'b43'\u65e0\u7ebf\u9a71\u52a8\u672c\u5730\u7279\u6743\u63d0\u5347\u6f0f\u6d1e", "type": "seebug", "sourceData": "\n # rmmod b43\r\n# modprobe b43 fwpostfix=AA%xBB\r\n...\r\n# dmesg\r\n...\r\nb43-0 ERROR: Firmware file &quot;b43AAdeff80ccBB/a0g1bsinitvals5.fw&quot; not found\r\n\r\nUsing %n instead of %x would lead to exciting crashes. :)\n ", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-60839"}], "ubuntu": [{"lastseen": "2019-05-29T17:22:45", "bulletinFamily": "unix", "description": "Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.", "modified": "2013-07-29T00:00:00", "published": "2013-07-29T00:00:00", "id": "USN-1917-1", "href": "https://usn.ubuntu.com/1917-1/", "title": "Linux kernel vulnerability", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T17:22:01", "bulletinFamily": "unix", "description": "Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.", "modified": "2013-07-29T00:00:00", "published": "2013-07-29T00:00:00", "id": "USN-1915-1", "href": "https://usn.ubuntu.com/1915-1/", "title": "Linux kernel (Quantal HWE) vulnerability", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T17:23:20", "bulletinFamily": "unix", "description": "Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.", "modified": "2013-07-29T00:00:00", "published": "2013-07-29T00:00:00", "id": "USN-1918-1", "href": "https://usn.ubuntu.com/1918-1/", "title": "Linux kernel (OMAP4) vulnerability", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T17:22:56", "bulletinFamily": "unix", "description": "Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.", "modified": "2013-07-30T00:00:00", "published": "2013-07-30T00:00:00", "id": "USN-1920-1", "href": "https://usn.ubuntu.com/1920-1/", "title": "Linux kernel (OMAP4) vulnerability", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T17:21:40", "bulletinFamily": "unix", "description": "Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.", "modified": "2013-07-29T00:00:00", "published": "2013-07-29T00:00:00", "id": "USN-1914-1", "href": "https://usn.ubuntu.com/1914-1/", "title": "Linux kernel vulnerability", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-22T02:40:48", "bulletinFamily": "unix", "description": "An information leak was discovered in the Linux kernel when inotify is used to monitor the /dev/ptmx device. A local user could exploit this flaw to discover keystroke timing and potentially discover sensitive information like password length.", "modified": "2013-07-29T00:00:00", "published": "2013-07-29T00:00:00", "id": "USN-1916-1", "href": "https://usn.ubuntu.com/1916-1/", "title": "Linux kernel (Raring HWE) vulnerability", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T19:21:12", "bulletinFamily": "unix", "description": "An information leak was discovered in the Linux kernel\u2019s fanotify interface. A local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-2148)\n\nKees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges. (CVE-2013-2852)", "modified": "2013-08-20T00:00:00", "published": "2013-08-20T00:00:00", "id": "USN-1930-1", "href": "https://usn.ubuntu.com/1930-1/", "title": "Linux kernel (OMAP4) vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T17:21:48", "bulletinFamily": "unix", "description": "Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges. (CVE-2013-2852)\n\nMarcus Moeller and Ken Fallon discovered that the CIFS incorrectly built certain paths. A local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service. (CVE-2013-4247)", "modified": "2013-07-29T00:00:00", "published": "2013-07-29T00:00:00", "id": "USN-1919-1", "href": "https://usn.ubuntu.com/1919-1/", "title": "Linux kernel vulnerability", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T17:23:00", "bulletinFamily": "unix", "description": "Dmitry Monakhov reported a race condition flaw the Linux ext4 filesystem that can expose stale data. An unprivileged user could exploit this flaw to cause an information leak. (CVE-2012-4508)\n\nDave Jones discovered that the Linux kernel\u2019s socket subsystem does not correctly ensure the keepalive action is associated with a stream socket. A local user could exploit this flaw to cause a denial of service (system crash) by creating a raw socket. (CVE-2012-6657)\n\nAn information leak was discovered in the Linux kernel\u2019s tkill and tgkill system calls when used from compat processes. A local user could exploit this flaw to examine potentially sensitive kernel memory. (CVE-2013-2141)\n\nKees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges. (CVE-2013-2852)", "modified": "2013-07-04T00:00:00", "published": "2013-07-04T00:00:00", "id": "USN-1899-1", "href": "https://usn.ubuntu.com/1899-1/", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T17:21:26", "bulletinFamily": "unix", "description": "Dmitry Monakhov reported a race condition flaw the Linux ext4 filesystem that can expose stale data. An unprivileged user could exploit this flaw to cause an information leak. (CVE-2012-4508)\n\nDave Jones discovered that the Linux kernel\u2019s socket subsystem does not correctly ensure the keepalive action is associated with a stream socket. A local user could exploit this flaw to cause a denial of service (system crash) by creating a raw socket. (CVE-2012-6657)\n\nAn information leak was discovered in the Linux kernel\u2019s tkill and tgkill system calls when used from compat processes. A local user could exploit this flaw to examine potentially sensitive kernel memory. (CVE-2013-2141)\n\nKees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges. (CVE-2013-2852)", "modified": "2013-07-04T00:00:00", "published": "2013-07-04T00:00:00", "id": "USN-1900-1", "href": "https://usn.ubuntu.com/1900-1/", "title": "Linux kernel (EC2) vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "exploitdb": [{"lastseen": "2016-02-04T08:21:29", "bulletinFamily": "exploit", "description": "Linux Kernel 3.3.5 'b43' Wireless Driver Local Privilege Escalation Vulnerability. CVE-2013-2852. Local exploit for linux platform", "modified": "2013-06-07T00:00:00", "published": "2013-06-07T00:00:00", "id": "EDB-ID:38559", "href": "https://www.exploit-db.com/exploits/38559/", "type": "exploitdb", "title": "Linux Kernel <= 3.3.5 'b43' Wireless Driver Local Privilege Escalation Vulnerability", "sourceData": "source: http://www.securityfocus.com/bid/60410/info\r\n\r\nLinux kernel is prone to a local privilege-escalation vulnerability.\r\n\r\nLocal attackers can exploit the issue to execute arbitrary code with kernel privileges or to crash the kernel, effectively denying service to legitimate users. \r\n\r\n# rmmod b43\r\n# modprobe b43 fwpostfix=AA%xBB\r\n# dmesg ", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/38559/"}], "redhat": [{"lastseen": "2019-08-13T18:45:16", "bulletinFamily": "unix", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the fix for CVE-2012-3552 released via RHSA-2012:1540\nintroduced an invalid free flaw in the Linux kernel's TCP/IP protocol suite\nimplementation. A local, unprivileged user could use this flaw to corrupt\nkernel memory via crafted sendmsg() calls, allowing them to cause a denial\nof service or, potentially, escalate their privileges on the\nsystem. (CVE-2013-2224, Important)\n\n* An information leak flaw was found in the way Linux kernel's device\nmapper subsystem, under certain conditions, interpreted data written to\nsnapshot block devices. An attacker could use this flaw to read data from\ndisk blocks in free space, which are normally inaccessible. (CVE-2013-4299,\nModerate)\n\n* A format string flaw was found in the b43_do_request_fw() function in the\nLinux kernel's b43 driver implementation. A local user who is able to\nspecify the \"fwpostfix\" b43 module parameter could use this flaw to cause a\ndenial of service or, potentially, escalate their privileges.\n(CVE-2013-2852, Low)\n\nRed Hat would like to thank Fujitsu for reporting CVE-2013-4299, and Kees\nCook for reporting CVE-2013-2852.\n\nThis update also fixes the following bugs:\n\n* An insufficiently designed calculation in the CPU accelerator could cause\nan arithmetic overflow in the set_cyc2ns_scale() function if the system\nuptime exceeded 208 days prior to using kexec to boot into a new\nkernel. This overflow led to a kernel panic on the systems using the Time\nStamp Counter (TSC) clock source, primarily the systems using Intel Xeon E5\nprocessors that do not reset TSC on soft power cycles. A patch has been\napplied to modify the calculation so that this arithmetic overflow and\nkernel panic can no longer occur under these circumstances. (BZ#1004185)\n\n* A race condition in the abort task and SPP device task management path of\nthe isci driver could, under certain circumstances, cause the driver to\nfail cleaning up timed-out I/O requests that were pending on an SAS disk\ndevice. As a consequence, the kernel removed such a device from the\nsystem. A patch applied to the isci driver fixes this problem by sending\nthe task management function request to the SAS drive anytime the abort\nfunction is entered and the task has not completed. The driver now cleans\nup timed-out I/O requests as expected in this situation. (BZ#1007467)\n\n* A kernel panic could occur during path failover on systems using multiple\niSCSI, FC or SRP paths to connect an iSCSI initiator and an iSCSI\ntarget. This happened because a race condition in the SCSI driver allowed\nremoving a SCSI device from the system before processing its run queue,\nwhich led to a NULL pointer dereference. The SCSI driver has been modified\nand the race is now avoided by holding a reference to a SCSI device run\nqueue while it is active. (BZ#1008507)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n", "modified": "2015-04-24T14:17:36", "published": "2013-10-22T04:00:00", "id": "RHSA-2013:1450", "href": "https://access.redhat.com/errata/RHSA-2013:1450", "type": "redhat", "title": "(RHSA-2013:1450) Important: kernel security and bug fix update", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:53", "bulletinFamily": "unix", "description": "Red Hat OpenStack 3.0 includes a custom Red Hat Enterprise Linux 6.4\nkernel. These custom kernel packages include support for network\nnamespaces, this support is required to facilitate advanced OpenStack\nNetworking deployments.\n\nThis update fixes the following security issues:\n\n* A flaw was found in the tcp_read_sock() function in the Linux kernel's\nIPv4 TCP/IP protocol suite implementation in the way socket buffers (skb)\nwere handled. A local, unprivileged user could trigger this issue via a\ncall to splice(), leading to a denial of service. (CVE-2013-2128,\nModerate)\n\n* Information leak flaws in the Linux kernel could allow a local,\nunprivileged user to leak kernel memory to user-space. (CVE-2012-6548,\nCVE-2013-2634, CVE-2013-2635, CVE-2013-3222, CVE-2013-3224, CVE-2013-3225,\nLow)\n\n* An information leak was found in the Linux kernel's POSIX signals\nimplementation. A local, unprivileged user could use this flaw to bypass\nthe Address Space Layout Randomization (ASLR) security feature.\n(CVE-2013-0914, Low)\n\n* A format string flaw was found in the ext3_msg() function in the Linux\nkernel's ext3 file system implementation. A local user who is able to mount\nan ext3 file system could use this flaw to cause a denial of service or,\npotentially, escalate their privileges. (CVE-2013-1848, Low)\n\n* A format string flaw was found in the b43_do_request_fw() function in the\nLinux kernel's b43 driver implementation. A local user who is able to\nspecify the \"fwpostfix\" b43 module parameter could use this flaw to cause a\ndenial of service or, potentially, escalate their privileges.\n(CVE-2013-2852, Low)\n\n* A NULL pointer dereference flaw was found in the Linux kernel's ftrace\nand function tracer implementations. A local user who has the CAP_SYS_ADMIN\ncapability could use this flaw to cause a denial of service.\n(CVE-2013-3301, Low)\n\nRed Hat would like to thank Kees Cook for reporting CVE-2013-2852.\n\nMore information on the Red Hat Enterprise Linux 6.4 kernel packages upon\nwhich these custom kernel packages are based is available in\nRHSA-2013:1051:\n\nhttps://rhn.redhat.com/errata/RHSA-2013-1051.html\n\nAll Red Hat OpenStack 3.0 users deploying the OpenStack Networking service\nare advised to install these updated packages.\n", "modified": "2018-06-13T01:27:36", "published": "2013-07-16T04:00:00", "id": "RHSA-2013:1080", "href": "https://access.redhat.com/errata/RHSA-2013:1080", "type": "redhat", "title": "(RHSA-2013:1080) Moderate: kernel security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:47:03", "bulletinFamily": "unix", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* A flaw was found in the tcp_read_sock() function in the Linux kernel's\nIPv4 TCP/IP protocol suite implementation in the way socket buffers (skb)\nwere handled. A local, unprivileged user could trigger this issue via a\ncall to splice(), leading to a denial of service. (CVE-2013-2128,\nModerate)\n\n* Information leak flaws in the Linux kernel could allow a local,\nunprivileged user to leak kernel memory to user-space. (CVE-2012-6548,\nCVE-2013-2634, CVE-2013-2635, CVE-2013-3222, CVE-2013-3224, CVE-2013-3225,\nLow)\n\n* An information leak was found in the Linux kernel's POSIX signals\nimplementation. A local, unprivileged user could use this flaw to bypass\nthe Address Space Layout Randomization (ASLR) security feature.\n(CVE-2013-0914, Low)\n\n* A format string flaw was found in the ext3_msg() function in the Linux\nkernel's ext3 file system implementation. A local user who is able to mount\nan ext3 file system could use this flaw to cause a denial of service or,\npotentially, escalate their privileges. (CVE-2013-1848, Low)\n\n* A format string flaw was found in the b43_do_request_fw() function in the\nLinux kernel's b43 driver implementation. A local user who is able to\nspecify the \"fwpostfix\" b43 module parameter could use this flaw to cause a\ndenial of service or, potentially, escalate their privileges.\n(CVE-2013-2852, Low)\n\n* A NULL pointer dereference flaw was found in the Linux kernel's ftrace\nand function tracer implementations. A local user who has the CAP_SYS_ADMIN\ncapability could use this flaw to cause a denial of service.\n(CVE-2013-3301, Low)\n\nRed Hat would like to thank Kees Cook for reporting CVE-2013-2852.\n\nThis update also fixes several bugs. Documentation for these changes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. The system must be rebooted for this\nupdate to take effect.\n", "modified": "2018-06-06T20:24:25", "published": "2013-07-16T04:00:00", "id": "RHSA-2013:1051", "href": "https://access.redhat.com/errata/RHSA-2013:1051", "type": "redhat", "title": "(RHSA-2013:1051) Moderate: kernel security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:00", "bulletinFamily": "unix", "description": "The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nIt was discovered that the fix for the CVE-2013-1619 issue released via\nRHSA-2013:0636 introduced a regression in the way GnuTLS decrypted TLS/SSL\nencrypted records when CBC-mode cipher suites were used. A remote attacker\ncould possibly use this flaw to crash a server or client application that\nuses GnuTLS. (CVE-2013-2116)\n\nThis updated package provides updated components that include fixes for\nvarious security issues. These issues have no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2013-2174 (curl issue)\n\nCVE-2012-6548, CVE-2013-0914, CVE-2013-1848, CVE-2013-2128, CVE-2013-2634,\nCVE-2013-2635, CVE-2013-2852, CVE-2013-3222, CVE-2013-3224, CVE-2013-3225,\nand CVE-2013-3301 (kernel issues)\n\nCVE-2002-2443 (krb5 issue)\n\nCVE-2013-1950 (libtirpc issue)\n\nUpgrade Note: If you upgrade the Red Hat Enterprise Virtualization\nHypervisor through the 3.2 Manager administration portal, the Host may\nappear with the status of \"Install Failed\". If this happens, place the host\ninto maintenance mode, then activate it again to get the host back to an\n\"Up\" state. \n\nThis update also contains the fixes from the following errata:\n\n* ovirt-node: RHBA-2013:1077\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which corrects these issues.\n", "modified": "2018-06-07T08:59:39", "published": "2013-07-16T04:00:00", "id": "RHSA-2013:1076", "href": "https://access.redhat.com/errata/RHSA-2013:1076", "type": "redhat", "title": "(RHSA-2013:1076) Important: rhev-hypervisor6 security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:57", "bulletinFamily": "unix", "description": "The kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* A heap-based buffer overflow flaw was found in the Linux kernel's iSCSI\ntarget subsystem. A remote attacker could use a specially-crafted iSCSI\nrequest to cause a denial of service on a system or, potentially, escalate\ntheir privileges on that system. (CVE-2013-2850, Important)\n\n* A flaw was found in the Linux kernel's Performance Events implementation.\nOn systems with certain Intel processors, a local, unprivileged user could\nuse this flaw to cause a denial of service by leveraging the perf subsystem\nto write into the reserved bits of the OFFCORE_RSP_0 and OFFCORE_RSP_1\nmodel-specific registers. (CVE-2013-2146, Moderate)\n\n* An invalid pointer dereference flaw was found in the Linux kernel's\nTCP/IP protocol suite implementation. A local, unprivileged user could use\nthis flaw to crash the system or, potentially, escalate their privileges on\nthe system by using sendmsg() with an IPv6 socket connected to an IPv4\ndestination. (CVE-2013-2232, Moderate)\n\n* Two flaws were found in the way the Linux kernel's TCP/IP protocol suite\nimplementation handled IPv6 sockets that used the UDP_CORK option. A local,\nunprivileged user could use these flaws to cause a denial of service.\n(CVE-2013-4162, CVE-2013-4163, Moderate)\n\n* A flaw was found in the Linux kernel's Chipidea USB driver. A local,\nunprivileged user could use this flaw to cause a denial of service.\n(CVE-2013-2058, Low)\n\n* Information leak flaws in the Linux kernel could allow a privileged,\nlocal user to leak kernel memory to user-space. (CVE-2013-2147,\nCVE-2013-2164, CVE-2013-2234, CVE-2013-2237, Low)\n\n* Information leak flaws in the Linux kernel could allow a local,\nunprivileged user to leak kernel memory to user-space. (CVE-2013-2141,\nCVE-2013-2148, Low)\n\n* A format string flaw was found in the Linux kernel's block layer. A\nprivileged, local user could potentially use this flaw to escalate their\nprivileges to kernel level (ring0). (CVE-2013-2851, Low)\n\n* A format string flaw was found in the b43_do_request_fw() function in the\nLinux kernel's b43 driver implementation. A local user who is able to\nspecify the \"fwpostfix\" b43 module parameter could use this flaw to cause a\ndenial of service or, potentially, escalate their privileges.\n(CVE-2013-2852, Low)\n\n* A NULL pointer dereference flaw was found in the Linux kernel's ftrace\nand function tracer implementations. A local user who has the CAP_SYS_ADMIN\ncapability could use this flaw to cause a denial of service.\n(CVE-2013-3301, Low)\n\nRed Hat would like to thank Kees Cook for reporting CVE-2013-2850,\nCVE-2013-2851, and CVE-2013-2852; and Hannes Frederic Sowa for reporting\nCVE-2013-4162 and CVE-2013-4163.\n\nThis update also fixes the following bugs:\n\n* The following drivers have been updated, fixing a number of bugs:\nmyri10ge, bna, enic, mlx4, bgmac, bcma, cxgb3, cxgb4, qlcnic, r8169,\nbe2net, e100, e1000, e1000e, igb, ixgbe, brcm80211, cpsw, pch_gbe,\nbfin_mac, bnx2x, bnx2, cnic, tg3, and sfc. (BZ#974138)\n\n* The realtime kernel was not built with the CONFIG_NET_DROP_WATCH kernel\nconfiguration option enabled. As such, attempting to run the dropwatch\ncommand resulted in the following error:\n\nUnable to find NET_DM family, dropwatch can't work\nCleaning up on socket creation error\n\nWith this update, the realtime kernel is built with the\nCONFIG_NET_DROP_WATCH option, allowing dropwatch to work as expected.\n(BZ#979417)\n\nUsers should upgrade to these updated packages, which upgrade the kernel-rt\nkernel to version kernel-rt-3.6.11.5-rt37, and correct these issues. The\nsystem must be rebooted for this update to take effect.\n", "modified": "2018-06-07T08:58:34", "published": "2013-09-16T04:00:00", "id": "RHSA-2013:1264", "href": "https://access.redhat.com/errata/RHSA-2013:1264", "type": "redhat", "title": "(RHSA-2013:1264) Important: kernel-rt security and bug fix update", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:38", "bulletinFamily": "unix", "description": "kernel-uek\n[2.6.32-400.29.2uek]\n- Bluetooth: RFCOMM - Fix missing msg_namelen update in rfcomm_sock_recvmsg() (Mathias Krause) [Orabug: 17173824] {CVE-2013-3225}\n- Bluetooth: fix possible info leak in bt_sock_recvmsg() (Mathias Krause) [Orabug: 17173824] {CVE-2013-3224}\n- atm: update msg_namelen in vcc_recvmsg() (Mathias Krause) [Orabug: 17173824] {CVE-2013-3222}\n- dcbnl: fix various netlink info leaks (Mathias Krause) [Orabug: 17173824] {CVE-2013-2634}\n- udf: avoid info leak on export (Mathias Krause) [Orabug: 17173824] {CVE-2012-6548}\n- b43: stop format string leaking into error msgs (Kees Cook) [Orabug: 17173824] {CVE-2013-2852}\n- signal: always clear sa_restorer on execve (Kees Cook) [Orabug: 17173824] {CVE-2013-0914}", "modified": "2013-07-18T00:00:00", "published": "2013-07-18T00:00:00", "id": "ELSA-2013-2537", "href": "http://linux.oracle.com/errata/ELSA-2013-2537.html", "title": "unbreakable enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:27", "bulletinFamily": "unix", "description": "[2.6.39-400.109.3]\n- Revert 'be2net: enable interrupts in probe' (Jerry Snitselaar) [Orabug: 17179597]\n[2.6.39-400.109.2]\n- be2net: enable interrupts in probe (Jerry Snitselaar) [Orabug: 17080364] \n- Bluetooth: RFCOMM - Fix missing msg_namelen update in rfcomm_sock_recvmsg() (Mathias Krause) [Orabug: 17173830] {CVE-2013-3225}\n- Bluetooth: fix possible info leak in bt_sock_recvmsg() (Mathias Krause) [Orabug: 17173830] {CVE-2013-3224}\n- atm: update msg_namelen in vcc_recvmsg() (Mathias Krause) [Orabug: 17173830] {CVE-2013-3222}\n- rtnl: fix info leak on RTM_GETLINK request for VF devices (Mathias Krause) [Orabug: 17173830] {CVE-2013-2635}\n- dcbnl: fix various netlink info leaks (Mathias Krause) [Orabug: 17173830] {CVE-2013-2634}\n- udf: avoid info leak on export (Mathias Krause) [Orabug: 17173830] {CVE-2012-6548}\n- tracing: Fix possible NULL pointer dereferences (Namhyung Kim) [Orabug: 17173830] {CVE-2013-3301}\n- b43: stop format string leaking into error msgs (Kees Cook) [Orabug: 17173830] {CVE-2013-2852}\n- signal: always clear sa_restorer on execve (Kees Cook) [Orabug: 17173830] {CVE-2013-0914}", "modified": "2013-07-18T00:00:00", "published": "2013-07-18T00:00:00", "id": "ELSA-2013-2538", "href": "http://linux.oracle.com/errata/ELSA-2013-2538.html", "title": "unbreakable enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:52", "bulletinFamily": "unix", "description": "[2.6.32-358.14.1]\n- [x86] apic: Add probe() for apic_flat (Prarit Bhargava) [975086 953342]\n[2.6.32-358.13.1]\n- [wireless] b43: stop format string leaking into error msgs (John Linville) [971387 971389] {CVE-2013-2852}\n- [pci] make sriov work with hotplug remove (Takahiro MUNEDA) [973555 965002]\n- [net] rtnl: fix info leak on RTM_GETLINK request for VF devices (Flavio Leitner) [923657 923659] {CVE-2013-2634 CVE-2013-2635}\n- [net] dcbnl: fix various netlink info leaks (Flavio Leitner) [923657 923659] {CVE-2013-2634 CVE-2013-2635}\n- [net] bonding: fix enslaving in alb mode when link down (Veaceslav Falico) [969306 965132]\n- [net] tcp: Fix oops from tcp_collapse() when using splice() (Nikola Pajkovsky) [968871 863512] {CVE-2013-2128}\n- [usb] uhci: fix IRQ race during initialization (Dave Young) [968557 915834]\n- [netdrv] e1000e: enable VLAN RX/TX in PROMISC mode (Stefan Assmann) [963564 886420]\n- [netdrv] bnx2x: strip VLAN header in PROMISC mode (Stefan Assmann) [963564 886420]\n- [net] vlan: handle packets with empty vlan_group via VLAN code (Stefan Assmann) [963564 886420]\n- [fs] namei.c: Dont allow to create hardlink for deleted file (Brian Foster) [956296 908158]\n- [fs] gfs2: Reinstate withdraw ack system (Robert S Peterson) [927308 908093]\n- [fs] nfs: open a file descriptor for fsync in nfs4 recovery (J. Bruce Fields) [964046 915479]\n- [net] macvlan: remove bogus check in macvlan_handle_frame() (Jiri Pirko) [962370 952785]\n- [net] macvlan: fix passthru mode race between dev removal and rx path (Jiri Pirko) [962370 952785]\n- [kernel] rcu: Replace list_first_entry_rcu() with list_first_or_null_rcu() (Jiri Pirko) [962370 952785]\n- [net] bluetooth/rfcomm: Fix missing msg_namelen update in rfcomm_sock_recvmsg() (Weiping Pan) [955653 955654] {CVE-2013-3225}\n- [net] bluetooth: fix possible info leak in bt_sock_recvmsg() (Radomir Vrbovsky) [955603 955604] {CVE-2013-3224}\n- [fs] gfs2: Issue discards in 512b sectors (Robert S Peterson) [927317 922779]\n- [fs] udf: avoid info leak on export (Nikola Pajkovsky) [922354 922355] {CVE-2012-6548}\n- [scsi] lpfc: Fixed deadlock between hbalock and nlp_lock use (Rob Evers) [962368 960717]\n- [kernel] tracing: Fix possible NULL pointer dereferences (Weiping Pan) [952212 952213] {CVE-2013-3301}\n- [kernel] tracing: Fix panic when lseek() called on 'trace' opened for writing (Weiping Pan) [952212 952213] {CVE-2013-3301}\n- [net] atm: update msg_namelen in vcc_recvmsg() (Nikola Pajkovsky) [955224 955225] {CVE-2013-3222}\n- [x86] apic: Work around boot failure on HP ProLiant DL980 G7 Server systems (Prarit Bhargava) [969326 912963]\n- [x86] apic: Use probe routines to simplify apic selection (Prarit Bhargava) [969326 912963]\n- [x86] x2apic: Simplify apic init in SMP and UP builds (Prarit Bhargava) [969326 912963]\n- [kvm] vmx: provide the vmclear function and a bitmap to support VMCLEAR in kdump (Andrew Jones) [962372 908608]\n- [x86] kexec: VMCLEAR VMCSs loaded on all cpus if necessary (Andrew Jones) [962372 908608]\n- [fs] ext3: Fix format string issues (Nikola Pajkovsky) [920784 920785] {CVE-2013-1848}\n- [kernel] signal: always clear sa_restorer on execve (Nikola Pajkovsky) [920505 920506] {CVE-2013-0914}\n[2.6.32-358.12.1]\n- [fs] Panic in gfs2_inplace_reserve after fix from BZ#875753 (Robert S Peterson) [924847 922999]\n- [nfs] sunrpc: Prevent an rpc_task wakeup race (Dave Wysochanski) [956979 840860]\n- [nfs] sunrpc: clarify comments on rpc_make_runnable (Dave Wysochanski) [956979 840860]\n- [x86] acpi: Avoid SRAT table checks for Fujitsu Primequest systems (Prarit Bhargava) [973198 966853]\n- [x86] oprofile: Fix crash when unloading module in nmi timer mode (Don Zickus) [972586 828936]\n- [block] propagate proper return codes from blk_get_request callers (Jeff Moyer) [958684 927918]\n- [block] Check the return value from blk_get_request (Jeff Moyer) [958684 927918]\n- [virt] kvm/mmu: fix hashing for TDP and non-paging modes (Marcelo Tosatti) [966432 908751]\n- [virt] kvm/mmu: Fix free memory accounting race in mmu_alloc_roots() (Marcelo Tosatti) [966432 908751]\n- [virt] kvm/mmu: Don't flush shadow when enabling dirty tracking (Marcelo Tosatti) [966432 908751]", "modified": "2013-07-16T00:00:00", "published": "2013-07-16T00:00:00", "id": "ELSA-2013-1051", "href": "http://linux.oracle.com/errata/ELSA-2013-1051.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:53", "bulletinFamily": "unix", "description": "[2.6.39-400.209.1]\r\n- Revert 'stop mig handler when lockres in progress ,and return -EAGAIN' (Srinivas Eeda) [Orabug: 16924802] \r\n- ocfs2/dlm: Fix list traversal in dlm_process_recovery_data (Srinivas Eeda) [Orabug: 17432400] \r\n- ocfs2/dlm: ocfs2 dlm umount skip migrating lockres (Srinivas Eeda) [Orabug: 16859627]\r\n \n[2.6.39-400.208.1]\r\n- Btrfs: make the chunk allocator completely tree lockless (Josef Bacik) [Orabug: 17334251] \r\n- mpt2sas: protect mpt2sas_ioc_list access with lock (Jerry Snitselaar) [Orabug: 17383579] \r\n- mptsas: update to 4.28.20.02 (Jerry Snitselaar) [Orabug: 17294806] \r\n- RDS: protocol negotiation fails during reconnect (Bang Nguyen) [Orabug: 17375389] \r\n- config:remove LM80 modules to void blindly loading cause crash (ethan.zhao) [Orabug: 16976462]\r\n \n[2.6.39-400.207.0]\r\n- Update lpfc version for 8.3.7.26.3p driver release (Gairy Grannum) [Orabug: 17340816] \r\n- lpfc 8.3.36: Update DIF support for passthru/strip/insert (James Smart) [Orabug: 17340816] \r\n- Update lpfc version for 8.3.7.26.1p driver release (Gairy Grannum) [Orabug: 17376967] \r\n- lpfc: whitespace fix (Vaios Papadimitriou) [Orabug: 17376967] \r\n- Update copyrights for 8.3.41 modifications (James Smart) [Orabug: 17376967] \r\n- Add first burst support to driver (James Smart) [Orabug: 17376967] \r\n- Fixed the format of some log message fields (James Smart) [Orabug: 17376967] \r\n- Add first burst support to driver (James Smart) [Orabug: 17376967] \r\n- Fixed not able to perform PCI function reset when board was not in online mode (James Smart) [Orabug: 17376967] \r\n- Fixed failure in setting SLI3 board mode (James Smart) [Orabug: 17376967] \r\n- Fixed SLI3 failing FCP write on check-condition no-sense with residual zero (James Smart) [Orabug: 17376967] \r\n- Fixed support for 128 byte WQEs (James Smart) [Orabug: 17376967] \r\n- Ensure driver properly zeros unused fields in SLI4 mailbox commands (James Smart) [Orabug: 17376967] \r\n- Fixed max value of lpfc_lun_queue_depth (James Smart) [Orabug: 17376967] \r\n- Fixed Receive Queue varied frame size handling (James Smart) [Orabug: 17376967] \r\n- Fix mailbox byteswap issue on PPC (James Smart) [Orabug: 17376967] \r\n- lpfc 8.3.40: Update Copyrights to 2013 for 8.3.38, 8.3.39, and 8.3.40 modifications (James Smart) [Orabug: 17376967] \r\n- Fixed freeing of iocb when internal loopback times out (James Smart) [Orabug: 17376967] \r\n- lpfc 8.3.40: Fixed a race condition between SLI host and port failed FCF rediscovery (James Smart) [Orabug: 17376967] \r\n- lpfc 8.3.40: Fixed issue mailbox wait routine failed to issue dump memory mbox command (James Smart) [Orabug: 17376967] \r\n- treewide: Fix typos in kernel messages (Masanari Iida) [Orabug: 17376967] \r\n- lpfc 8.3.40: Fixed system panic due to unsafe walking and deleting linked list (James Smart) [Orabug: 17376967] \r\n- lpfc 8.3.40: Fixed FCoE connection list vlan identifier and add FCF list debug (James Smart) [Orabug: 17376967] \r\n- lpfc 8.3.40: Clarified the behavior of the lpfc_max_luns module parameter (James Smart) [Orabug: 17376967] \r\n- lpfc 8.3.40: Fix to allow OCM to report FEC status (James Smart) [Orabug: 17376967] \r\n- lpfc 8.3.40: Fixed a missing return code in a logging message (James Smart) [Orabug: 17376967] \r\n- lpfc 8.3.40: Fixed some logging message fields (James Smart) [Orabug: 17376967] \r\n- lpfc 8.3.40: Fixed list corruption when lpfc_drain_tx runs (James Smart) [Orabug: 17376967] \r\n- lpfc 8.3.40: Fix inconsistent list removal causes crash (James Smart) [Orabug: 17376967] \r\n- lpfc 8.3.40: Fixed system panic during handling unsolicited receive buffer error condition (James Smart) [Orabug: 17376967] \r\n- lpfc 8.3.40: Fixed crash during FCoE failover testing. (James Smart) [Orabug: 17376967] \r\n- lpfc 8.3.40: Fix lpfc_used_cpu to be more dynamic (James Smart) [Orabug: 17376967] \r\n- sctp: deal with multiple COOKIE_ECHO chunks (Max Matveev) [Orabug: 17371930] {CVE-2013-2206}\r\n- Bluetooth: L2CAP - Fix info leak via getsockname() (Mathias Krause) [Orabug: 17371037] {CVE-2012-6544}\r\n- Bluetooth: HCI - Fix info leak via getsockname() (Mathias Krause) [Orabug: 17370887] {CVE-2012-6544}\r\n- Bluetooth: HCI - Fix info leak in getsockopt(HCI_FILTER) (Mathias Krause) [Orabug: 17371061] {CVE-2012-6544}\r\n- sctp: Use correct sideffect command in duplicate cookie handling (Vlad Yasevich) [Orabug: 17371114] {CVE-2013-2206}\r\n- af_key: initialize satype in key_notify_policy_flush() (Nicolas Dichtel) [Orabug: 17370761] {CVE-2013-2237}\r\n- dm: allow error target to replace either bio-based and request-based targets (Joe Jin) [Orabug: 17357884] \r\n- Btrfs: handle a bogus chunk tree nicely (Josef Bacik) [Orabug: 17361069] \r\n- OFED: Move R2 field to bottom of mlx4_caps for backward compatibility (Yuval Shaia) [Orabug: 17303785] \r\n- RDS: double free rdma_cm_id (Bang Nguyen) [Orabug: 17192816] \r\n- xen: initialize xen panic handler for PVHVM (Vaughan Cao) [Orabug: 17200031] \r\n- sg: push file descriptor list locking down to per-device locking (Vaughan Cao) [Orabug: 16835013] \r\n- sg: checking sdp->detached isnt protected when open (Vaughan Cao) [Orabug: 16835013] \r\n- sg: no need sg_open_exclusive_lock (Vaughan Cao) [Orabug: 16835013] \r\n- sg: use rwsem to solve race during exclusive open (Vaughan Cao) [Orabug: 16835013] \r\n- sg: remove sg_mutex (Jorn Engel) [Orabug: 16835013] \r\n- sg: completely protect sfds (Jorn Engel) [Orabug: 16835013] \r\n- sg: protect sdp->exclude (Jorn Engel) [Orabug: 16835013] \r\n- sg: prevent unwoken sleep (Jorn Engel) [Orabug: 16835013] \r\n- sg: remove closed flag (Jorn Engel) [Orabug: 16835013] \r\n- sg: use wait_event_interruptible() (Jorn Engel) [Orabug: 16835013] \r\n- sg: remove while (1) non-loop (Jorn Engel) [Orabug: 16835013] \r\n- sg: remove unnecessary indentation (Jorn Engel) [Orabug: 16835013] \r\n- RDS: ActiveBonding IP exclusion filter (Bang Nguyen) [Orabug: 17075950] \r\n- RDS: Reconnect stalls for 15s (Bang Nguyen) [Orabug: 17277974] \r\n- sk_buff: fix kabi broken for add new for union (Joe Jin) [Orabug: 14500568] \r\n- tcp: fix skb_availroom() (Eric Dumazet) [Orabug: 14500568] \r\n- tcp: avoid order-1 allocations on wifi and tx path (Eric Dumazet) [Orabug: 14500568] \r\n- tcp: Reallocate headroom if it would overflow csum_start (Thomas Graf) [Orabug: 14500568] \r\n- tcp: take care of misalignments (Eric Dumazet) [Orabug: 14500568] \r\n- RDS: Reconnect causes panic at completion phase (Bang Nguyen) [Orabug: 17213597] \r\n- RDS: added stats to track and display receive side memory usage (Venkat Venkatsubra) [Orabug: 17045536] \r\n- RDS: RDS reconnect stalls (Bang Nguyen) [Orabug: 1731355] \r\n- ext4: fix race between sync and completed io work (Jeff Moyer) [Orabug: 16908825] \r\n- ext4: optimize locking for end_io extent conversion (Theodore Tso) [Orabug: 16908825] \r\n- ext4: remove unnecessary call to waitqueue_active() (Theodore Tso) [Orabug: 16908825] \r\n- ext4: Use correct locking for ext4_end_io_nolock() (Tao Ma) [Orabug: 16908825] \r\n- xen/pci: Track PVHVM PIRQs. (Zhenzhong Duan) [Orabug: 16908825] \r\n- ocfs2_prep_new_orphaned_file return ret (Xiaowei.Hu) [Orabug: 16823825] \r\n- Revert 'Btrfs: remove ->dirty_inode' (Guangyu Sun) [Orabug: 16841843] \r\n- bonding: emit event when bonding changes MAC (Weiping Pan) [Orabug: 16750157] \r\n- net: fix incorrect credentials passing (Linus Torvalds) [Orabug: 16836975] {CVE-2013-1979}\r\n- tg3: fix length overflow in VPD firmware parsing (Kees Cook) [Orabug: 16836958] {CVE-2013-1929}\r\n- USB: cdc-wdm: fix buffer overflow (Oliver Neukum) [Orabug: 16836943] {CVE-2013-1860}\r\n- ext3: Fix format string issues (Lars-Peter Clausen) [Orabug: 16836934] {CVE-2013-1848}\r\n- cnic: dont use weak dependencies for ipv6 (Jerry Snitselaar) [Orabug: 16780307] \r\n- Revert 'drm/i915: correctly order the ring init sequence' (Guangyu Sun) [Orabug: 16486689] \r\n- x86/boot-image: Dont leak phdrs in arch/x86/boot/compressed/misc.c::Parse_elf() (Jesper Juhl) [Orabug: 16833437] \r\n- spec: add /boot/vmlinuz*.hmac needed for fips mode (John Haxby) [Orabug: 16807114] \r\n- perf: Treat attr.config as u64 in perf_swevent_init() (Tommi Rantala) [Orabug: 16808734] {CVE-2013-2094}\r\n- spec: ol6 add multipath version deps (Maxim Uvarov) [Orabug: 16763586]\r\n \n[2.6.39-400.206.0]\r\n- ipv6: ip6_append_data_mtu did not care about pmtudisc and frag_size (Hannes Frederic Sowa) [Orabug: 17296421] {CVE-2013-4163}\r\n- fib_trie: potential out of bounds access in trie_show_stats() (Jerry Snitselaar) [Orabug: 16840280] \r\n- aacraid: update from 1.1-7 to 1.2-0 (Jerry Snitselaar) [Orabug: 17296044] \r\n- qlcnic: update from 5.2.29.45 to 5.2.43 (Jerry Snitselaar) [Orabug: 17267102] \r\n- net: init perm_addr in register_netdevice() (Jiri Pirko) [Orabug: 17280581] \r\n- config: disable THP for OL6 builds (Jerry Snitselaar) [Orabug: 17279055] \r\n- ACPI / memhotplug: Fix a stale pointer in error path (Toshi Kani) [Orabug: 17271787] \r\n- xhci: Avoid NULL pointer deref when host dies. (Sarah Sharp) [Orabug: 17271780] \r\n- xhci: fix null pointer dereference on ring_doorbell_for_active_rings (Oleksij Rempel) [Orabug: 17271777] \r\n- SCSI: sd: fix crash when UA received on DIF enabled device (Ewan D. Milne) [Orabug: 17271761] \r\n- hrtimers: Move SMP function call to thread context (Thomas Gleixner) [Orabug: 17237808] \r\n- lockd: protect nlm_blocked access in nlmsvc_retry_blocked (David Jeffery) [Orabug: 17237800] \r\n- SCSI: megaraid_sas: fix memory leak if SGL has zero length entries (Bj?rn Mork) [Orabug: 17237796] \r\n- vlan: fix a race in egress prio management (Eric Dumazet) [Orabug: 17237794] \r\n- ifb: fix oops when loading the ifb failed (dingtianhong) [Orabug: 17237783] \r\n- dummy: fix oops when loading the dummy failed (dingtianhong) [Orabug: 17237779] \r\n- ifb: fix rcu_sched self-detected stalls (dingtianhong) [Orabug: 17237770] \r\n- ipv6: call udp_push_pending_frames when uncorking a socket with AF_INET pending data (Hannes Frederic Sowa) [Orabug: 17237766] \r\n- ipv6,mcast: always hold idev->lock before mca_lock (Amerigo Wang) [Orabug: 17237756] \r\n- af_key: fix info leaks in notify messages (Mathias Krause) [Orabug: 17237752] {CVE-2013-2234}\r\n- perf: Fix perf_lock_task_context() vs RCU (Peter Zijlstra) [Orabug: 17237744] \r\n- perf: Remove WARN_ON_ONCE() check in __perf_event_enable() for valid scenario (Jiri Olsa) [Orabug: 17237744] \r\n- perf: Clone child context from parent context pmu (Jiri Olsa) [Orabug: 17237744] \r\n- tracing: Use current_uid() for critical time tracing (Steven Rostedt (Red Hat)) [Orabug: 17237735] \r\n- ext4: fix overflow when counting used blocks on 32-bit architectures (Jan Kara) [Orabug: 17231269] \r\n- ext4: fix data offset overflow in ext4_xattr_fiemap() on 32-bit archs (Jan Kara) [Orabug: 17231264] \r\n- xhci: check for failed dma pool allocation (Mathias Nyman) [Orabug: 17231247] \r\n- crypto: sanitize argument for format string (Kees Cook) \r\n- drivers/cdrom/cdrom.c: use kzalloc() for failing hardware (Jonathan Salwan) [Orabug: 17230700] {CVE-2013-2164}\r\n- pch_uart: fix a deadlock when pch_uart as console (Liang Li) [Orabug: 17061700] \r\n- UBIFS: fix a horrid bug (Artem Bityutskiy) [Orabug: 17061699] \r\n- UBIFS: prepare to fix a horrid bug (Artem Bityutskiy) [Orabug: 17061697] \r\n- dlci: validate the net device in dlci_del() (Zefan Li) [Orabug: 17061696] \r\n- dlci: acquire rtnl_lock before calling __dev_get_by_name() (Zefan Li) [Orabug: 17061695] \r\n- Bluetooth: Fix crash in l2cap_build_cmd() with small MTU (Anderson Lizardo) [Orabug: 17061694] \r\n- fnic driver update from 1.5.0.41 to 1.5.0.45 (Maxim Uvarov) [Orabug: 17187644] \r\n- mpt3sas: update from v02.100.00.00 to v3.00.00.00 (Sreekanth Reddy) [Orabug: 17249188] \r\n- mpt3sas: enable build of mpt3sas driver (Jerry Snitselaar) [Orabug: 17187698] \r\n- mpt3sas: Updated driver code to have a compatibility with UEK r2 u5 kernel (Sreekanth Reddy) [Orabug: 17187698] \r\n- mpt3sas: Bump driver version to v02.100.00.00 (Sreekanth Reddy) [Orabug: 17187698] \r\n- mpt3sas: when async scanning is enabled then while scanning, devices are removed but their transport layer entries are not removed\r\n (Sreekanth Reddy) [Orabug: 17187698] \r\n- mpt3sas: MPI2.5 Rev F v2.5.1.1 specification (Sreekanth Reddy) [Orabug: 17187698] \r\n- mpt3sas: Infinite loops can occur if MPI2_IOCSTATUS_CONFIG_INVALID_PAGE is not returned (Sreekanth Reddy) [Orabug: 17187698] \r\n- mpt3sas: fix for kernel panic when driver loads with HBA conected to non LUN 0 configured expander (Sreekanth Reddy) [Orabug: 1718\r\n7698] \r\n- mpt3sas: Updated the Hardware timing requirements (Sreekanth Reddy) [Orabug: 17187698] \r\n- mpt3sas: 2013 source code copyright (Sreekanth Reddy) [Orabug: 17187698] \r\n- mpt3sas: dont wank with fasync on ->release() (Al Viro) [Orabug: 17187698] \r\n- mpt3sas: remove unused variables (Wei Yongjun) [Orabug: 17187698] \r\n- mpt3sas: Remove unneeded version.h header inclusion (Sachin Kamat) [Orabug: 17187698] \r\n- mpt3sas: cut and paste bug storing trigger mpi (Dan Carpenter) [Orabug: 17187698] \r\n- mpt3sas: add new driver supporting 12GB SAS (Sreekanth Reddy) [Orabug: 17187698] \r\n- scsi_transport_sas: add 12GB definitions for mpt3sas (Sreekanth Reddy) [Orabug: 17187698] \r\n- miscdevice: Adding support for MPT3SAS_MINOR(222) (Sreekanth Reddy) [Orabug: 17187698]\r\n \n[2.6.39-400.205.0]\r\n- xen/time: remove blocked time accounting from xen 'clockchip' (Laszlo Ersek) [Orabug: 17073675] \r\n- unix: fix a race condition in unix_release() (Paul Moore) [Orabug: 17209195] \r\n- ipv6: ip6_sk_dst_check() must not assume ipv6 dst (Eric Dumazet) [Orabug: 17215196] {CVE-2013-2232}\r\n- block: do not pass disk names as format strings (Kees Cook) [Orabug: 17230067] {CVE-2013-2851}\r\n- libceph: Fix NULL pointer dereference in auth client code (Tyler Hicks) [Orabug: 17230100] {CVE-2013-1059}\r\n- config: add xsigo config options (Ajaykumar Hotchandani) [Orabug: 17248170] \r\n- mpt2sas: update from 16.05.01.00 to 17.00.00.00 (Jerry Snitselaar) [Orabug: 17237402] \r\n- qla4xxx: Updated driver version to 5.03.00.03.06.02-uek2 (Tej Parkash) [Orabug: 17220575] \r\n- libiscsi: Add missing prints for session and connection sysfs attrs (Adheer Chandravanshi) [Orabug: 17220575] \r\n- qla4xxx: Export more firmware info in sysfs (Adheer Chandravanshi) [Orabug: 17220575] \r\n- qla4xxx: Only BIOS boot target entries should be at index 0 and 1. (Adheer Chandravanshi) [Orabug: 17220575] \r\n- qla4xxx: discovery_parent_idx can be shown without any check. (Adheer Chandravanshi) [Orabug: 17220575] \r\n- qla4xxx: Set IPv6 traffic class if device type is IPv6. (Adheer Chandravanshi) [Orabug: 17220575] \r\n- qla4xxx: Use discovery_parent_idx instead of discovery_parent_type (Adheer Chandravanshi) [Orabug: 17220575] \r\n- qla4xxx: Allow removal of failed session using logout. (Adheer Chandravanshi) [Orabug: 17220575] \r\n- qla4xxx: Exporting new attrs for iscsi session and connection in sysfs (Adheer Chandravanshi) [Orabug: 17220575] \r\n- libiscsi: Exporting new attrs for iscsi session and connection in sysfs (Adheer Chandravanshi) [Orabug: 17220575] \r\n- scsi_transport_iscsi: Exporting new attrs for iscsi session and connection in sysfs (Adheer Chandravanshi) [Orabug: 17220575] \r\n- libiscsi: Added new boot entries in the session sysfs (Eddie Wai) [Orabug: 17220575] \r\n- iscsi class, qla4xxx: fix sess/conn refcounting when find fns are used (Mike Christie) [Orabug: 17220575] \r\n- qla4xxx: Fix iocb_cnt calculation in qla4xxx_send_mbox_iocb() (Vikas Chaudhary) [Orabug: 17220575] \r\n- scsi_transport_iscsi: fix error return code in iscsi_transport_init() (Wei Yongjun) [Orabug: 17220575] \r\n- qla4xxx: Assign values using correct datatype (Adheer Chandravanshi) [Orabug: 17220575] \r\n- qla4xxx: Fix smatch warnings (Adheer Chandravanshi) [Orabug: 17220575] \r\n- qla4xxx: Fix sparse warning for qla4xxx_sysfs_ddb_tgt_create (Vikas Chaudhary) [Orabug: 17220575] \r\n- RDS: (Bang Nguyen) [Orabug: 17206167] \r\n- neighbour: fix a race in neigh_destroy() (Eric Dumazet) [Orabug: 17230315] \r\n- be2net: Updating version number (Sarveshwar Bandi) [Orabug: 17219620] \r\n- be2net: Fix to avoid hardware workaround when not needed (Sarveshwar Bandi) [Orabug: 17219620] \r\n- net/trivial: replace numeric with standard PM state macros (Yijing Wang) [Orabug: 17219620] \r\n- be2net: Fix 32-bit DMA Mask handling (Somnath Kotur) [Orabug: 17219620] \r\n- be2net: Implement initiate FW dump feature for Lancer (Somnath Kotur) [Orabug: 17219620] \r\n- be2net: Fix crash on 2nd invocation of PCI AER/EEH error_detected hook (Somnath Kotur) [Orabug: 17219620] \r\n- be2net: Mark checksum fail for IP fragmented packets (Somnath Kotur) [Orabug: 17219620] \r\n- be2net: Trim padded packets for Lancer (Somnath Kotur) [Orabug: 17219620] \r\n- be2net: Pad skb to meet min Tx pkt size in lancer (Somnath Kotur) [Orabug: 17219620] \r\n- be2net: cleanup be_get_drvinfo() (Somnath Kotur) [Orabug: 17219620] \r\n- be2net: refactor HW workarounds in be_xmit() (Sathya Perla) [Orabug: 17219620] \r\n- be2net: bug fix on returning an invalid nic descriptor (Wei Yang) [Orabug: 17219620] \r\n- be2net: Avoid double insertion of vlan tags. (Sarveshwar Bandi) [Orabug: 17219620] \r\n- be2net: disable TX in be_close() (Sathya Perla) [Orabug: 17219620] \r\n- be2net: fix EQ from getting full while cleaning RX CQ (Sathya Perla) [Orabug: 17219620] \r\n- be2net: fix payload_len value for GET_MAC_LIST cmd req (Sathya Perla) [Orabug: 17219620] \r\n- be2net: provision VF resources before enabling SR-IOV (Sathya Perla) [Orabug: 17219620] \r\n- be2net: Fix to fail probe if MSI-X enable fails for a VF (Somnath Kotur) [Orabug: 17219620] \r\n- be2net: avoid napi_disable() when it has not been enabled (Somnath Kotur) [Orabug: 17219620] \r\n- be2net: Fix firmware download for Lancer (Somnath Kotur) [Orabug: 17219620] \r\n- be2net: Fix to receive Multicast Packets when Promiscuous mode is enabled on certain devices (Ajit Khaparde) [Orabug: 17219620] \r\n- be2net: Fix to show tx priority pause counter in ethtool -S (Ajit Khaparde) [Orabug: 17219620] \r\n- be2net: Fix to use 32-bit stats to report rx_drops_no_fragment (Ajit Khaparde) [Orabug: 17219620] \r\n- be2net: Fix to use version 2 of cq_create for SkyHawk-R devices (Ajit Khaparde) [Orabug: 17219620] \r\n- be2net: FLR must be first cmd issued to Lancer FW (Kalesh AP) [Orabug: 17219620] \r\n- be2net: Use GET_FUNCTION_CONFIG V1 cmd (Kalesh AP) [Orabug: 17219620] \r\n- be2net: Fix to show wol disabled/enabled state correctly. (Sarveshwar Bandi) [Orabug: 17219620] \r\n- be2net: Fixed memory leak (Suresh Reddy) [Orabug: 17219620] \r\n- be2net: Avoid diagnostic test in certain versions of firmware to avoid NIC freeze. (Suresh Reddy) [Orabug: 17219620] \r\n- be2net: Renamed rx_address_mismatch_errors to rx_address_filtered (Suresh Reddy) [Orabug: 17219620] \r\n- be2net: Add support for setting and getting rx flow hash options (Suresh Reddy) [Orabug: 17219620] \r\n- be2net: Fix PVID tag offload for packets with inline VLAN tag. (Ajit Khaparde) [Orabug: 17219620] \r\n- be2net: fix a Tx stall bug caused by a specific ipv6 packet (Ajit Khaparde) [Orabug: 17219620] \r\n- be2net: Remove an incorrect pvid check in Tx (Ajit Khaparde) [Orabug: 17219620] \r\n- be2net: enable IOMMU pass through for be2net (Craig Hada) [Orabug: 17219620] \r\n- be2net: Use GET_PROFILE_CONFIG V1 cmd for BE3-R (Vasundhara Volam) [Orabug: 17219620] \r\n- be2net: Avoid flashing BE3 UFI on BE3-R chip. (Vasundhara Volam) [Orabug: 17219620] \r\n- be2net: Dont log 'Out of MCCQ wrbs' error (Vasundhara Volam) [Orabug: 17219620] \r\n- be2net: Use TXQ_CREATE_V2 cmd (Vasundhara Volam) [Orabug: 17219620] \r\n- be2net: take care of __vlan_put_tag return value (Ivan Vecera) [Orabug: 17219620] \r\n- be2net: remove unused variable 'sge' (Ivan Vecera) [Orabug: 17219620] \r\n- megaraid: update from 6.505 to 6.600.18.00 (Jerry Snitselaar) [Orabug: 17187623] \r\n- xsigo: Kconfig and Makefile updates (Ajaykumar Hotchandani) [Orabug: 17248170] \r\n- xsigo: Integrate 7489 release in UEK2 (Ajaykumar Hotchandani) [Orabug: 17248170] \r\n- fs writeback: fix race in mark inode dirty.patch (Srinivas Eeda) [Orabug: 17198525] \r\n- sxge: Check link state before xmit (Joe Jin) [Orabug: 17201198] \r\n- writeback: Fix periodic writeback after fs mount (Srinivas Eeda) [Orabug: 17185874] \r\n- spec: use _target_cpu in suffix for devel dir (Jerry Snitselaar) [Orabug: 17181059] \r\n- mm: leave hugepage pmd (Guru Anbalagane) [Orabug: 17186750] \r\n- Disable THP config (Guru Anbalagane) [Orabug: 17186750] \r\n- RDS: Fix a bug in QoS protocol negotiation (Bang Nguyen) [Orabug: 17079972] \r\n- RDS: alias failover is not working properly (Bang Nguyen) [Orabug: 17177994] \r\n- rdma_cm: CMA_QUERY_HANDLER: BAD STATUS -110 and -22 (Chien-Hua Yen) [Orabug: 16708786] \r\n- [RDS] add NETFILTER suppport (Ahmed Abbas) [Orabug: 17082619]\r\n \n[2.6.39-400.204.0]\r\n- be2net: enable interrupts in probe (Jerry Snitselaar) [Orabug: 17080364] \r\n- xen-netfront: use skb_partial_csum_set() to simplify the codes (Li RongQing) \r\n- xen-netfront: split event channels support for Xen frontend driver (Wei Liu) \r\n- xen-netfront: avoid leaking resources when setup_netfront fails (Wei Liu) \r\n- xen-netfront: reduce gso_max_size to account for max TCP header (Wei Liu) \r\n- xen-netfront: frags -> slots in log message (Wei Liu) \r\n- xen-netfront: frags -> slots in xennet_get_responses (Wei Liu) \r\n- xen-netfront: remove unused variable 'extra' (Wei Liu) \r\n- xen/netfront: improve truesize tracking (Ian Campbell) \r\n- xen-netfront: remove __dev* attributes (Bill Pemberton) \r\n- xen/netfront: handle compound page fragments on transmit (Ian Campbell) \r\n- xen-netfront: use __pskb_pull_tail to ensure linear area is big enough on RX (Ian Campbell) \r\n- ocfs2: xattr: fix inlined xattr reflink (Junxiao Bi) [Orabug: 15914937] \r\n- futex: Revert 'futex: Mark get_robust_list as deprecated' (Thomas Gleixner) [Orabug: 16818441] \r\n- xen: do not disable netfront in dom0 (Marek Marczykowski) \r\n- xen-netfront: correct MAX_TX_TARGET calculation. (Wei Liu) \r\n- xen-netback: xenbus.c: use more current logging styles (Wei Liu) \r\n- xen: Use more current logging styles (Joe Perches) \r\n- xen-netback: double free on unload (Dan Carpenter) \r\n- xen-netback: dont de-reference vif pointer after having called xenvif_put() (Jan Beulich) \r\n- xen-netback: split event channels support for Xen backend driver (Wei Liu) \r\n- xen-netback: enable user to unload netback module (Wei Liu) \r\n- xen-netback: remove dead code (Wei Liu) \r\n- xen-netback: better names for thresholds (Wei Liu) \r\n- xen-netback: avoid allocating variable size array on stack (Wei Liu) \r\n- xen-netback: remove redundent parameter in netbk_count_requests (Wei Liu)\r\n \n[2.6.39-400.203.0]\r\n- xen/netback: correctly calculate required slots of skb. (Annie Li) [Orabug: 16934362] \r\n- RDS: Local address resolution may be delayed after IP has moved. RDS to update local ARP cache directly to speed it up. (Bang Nguy\r\nen) [Orabug: 16979994] \r\n- mlx4: fix data corruption in hugetlb_user_mr (Chien Yen) [Orabug: 16772016] \r\n- fix compilation blk-core.c with missing rate-limit header (Maxim Uvarov) \r\n- block: rate-limit the error message from failing commands (Yi Zou) [Orabug: 15918663] \r\n- Revert 'xen-blkfront: use a different scatterlist for each request' (Konrad Rzeszutek Wilk) \r\n- xen/pciback: Fix for backport compilation issues. (Konrad Rzeszutek Wilk) \r\n- Revert 'xen-blkfront: use a different scatterlist for each request' (Konrad Rzeszutek Wilk) \r\n- xen-blkfront: use a different scatterlist for each request (Roger Pau Monne) \r\n- xen-blkback: check the number of iovecs before allocating a bios (Roger Pau Monne) \r\n- xen-blkfront: set blk_queue_max_hw_sectors correctly (Roger Pau Monne) \r\n- xen-blkback: workaround compiler bug in gcc 4.1 (Roger Pau Monne) \r\n- xen/blkback: Check for insane amounts of request on the ring (v6). (Konrad Rzeszutek Wilk) \r\n- xen/io/ring.h: new macro to detect whether there are too many requests on the ring (Jan Beulich) \r\n- xen/blkback: Check device permissions before allowing OP_DISCARD (Konrad Rzeszutek Wilk) {CVE-2013-2140}\r\n- xen/blkback: Fix backporting of printk_ratelimit. (Konrad Rzeszutek Wilk) \r\n- xen/blkback: Check device permissions before allowing OP_DISCARD (Konrad Rzeszutek Wilk) {CVE-2013-2140}\r\n- xen/blkback: Use physical sector size for setup (Stefan Bader) \r\n- xen-blkback/sysfs: Move the parameters for the persistent grant features (Konrad Rzeszutek Wilk) \r\n- xen-blkfront: Introduce a 'max' module parameter to alter the amount of indirect segments. (Konrad Rzeszutek Wilk) \r\n- xen-blkfront: use a different scatterlist for each request (Roger Pau Monne) \r\n- xen-blkback: allocate list of pending reqs in small chunks (Roger Pau Monne) \r\n- xen-block: implement indirect descriptors (Roger Pau Monne) \r\n- xen-blkback: expand map/unmap functions (Roger Pau Monne) \r\n- xen-blkback: make the queue of free requests per backend (Roger Pau Monne) \r\n- xen-blkback: move pending handles list from blkbk to pending_req (Roger Pau Monne) \r\n- xen-blkback: implement LRU mechanism for persistent grants (Roger Pau Monne) \r\n- xen-blkback: use balloon pages for all mappings (Roger Pau Monne) \r\n- xen-blkback: print stats about persistent grants (Roger Pau Monne)\r\n \n[2.6.39-400.202.0]\r\n- l2tp: Fix sendmsg() return value (Guillaume Nault) \r\n- l2tp: Fix PPP header erasure and memory leak (Guillaume Nault) [Orabug: 17030957] \r\n- packet: packet_getname_spkt: make sure string is always 0-terminated (Daniel Borkmann) [Orabug: 17030956] \r\n- net: sctp: fix NULL pointer dereference in socket destruction (Daniel Borkmann) [Orabug: 17030954] \r\n- ip_tunnel: fix kernel panic with icmp_dest_unreach (Eric Dumazet) [Orabug: 17030953] \r\n- netlabel: improve domain mapping validation (Paul Moore) [Orabug: 17030951] \r\n- ipv6: fix possible crashes in ip6_cork_release() (Eric Dumazet) [Orabug: 17030950] \r\n- tcp: fix tcp_md5_hash_skb_data() (Eric Dumazet) [Orabug: 17030948] \r\n- fmr: D-NFS/RDM (FMR) patches for OFED (abhishek varshney) [Orabug: 16966484] \r\n- lpfc: Update lpfc version for 8.3.7.10.7p driver release (James Smart) [Orabug: 17026768] \r\n- lpfc: Fix starting reference tag when calculating BG error (James Smart) [Orabug: 17026768] \r\n- lpfc: Fix BlockGuard error checking (James Smart) [Orabug: 17026768] \r\n- tg3: update from broadcom version 3.129d to 3.131d (Jerry Snitselaar) [Orabug: 17024939] \r\n- mm/THP: use pmd_populate() to update the pmd with pgtable_t pointer (Aneesh Kumar K.V) [Orabug: 17025306] \r\n- mac80211: close AP_VLAN interfaces before unregistering all (Johannes Berg) [Orabug: 17025303] \r\n- batman-adv: Only write requested number of byte to user buffer (Sven Eckelmann) [Orabug: 17025019] \r\n- x25: Validate incoming call user data lengths (Matthew Daley) [Orabug: 17025021] \r\n- aoe: reserve enough headroom on skbs (Eric Dumazet) [Orabug: 17025018] \r\n- perf,x86: fix kernel crash with PEBS/BTS after suspend/resume (Stephane Eranian) [Orabug: 17024915] \r\n- dcbnl: fix various netlink info leaks (Mathias Krause) [Orabug: 17024912] {CVE-2013-2634}\r\n- e1000e driver update from 2.3.2 to 2.4.14 (Maxim Uvarov) Merge Intel drivers update.\r\n- ixgbe driver update from 3.14.5 to 3.15.1 (Maxim Uvarov) Merge Intel drivers update.\r\n- igbvf driver update from 2.0.4 to 2.3.2 (Maxim Uvarov) Merge Intel drivers update.\r\n- igb driver update from 4.1.2 to 4.3.0 (Maxim Uvarov) Merge Intel drivers update.\r\n- spec: change version to 400.200.0 for ol5 (Maxim Uvarov) \r\n- RDS: restore two-sided reconnect with the lower IP node having a constant 100 ms backoff. (Bang Nguyen) [Orabug: 16710287] \r\n- scsi_prep_fn() check for empty queue (Maxim Uvarov) [Orabug: 17015328] \r\n- x86: Fix typo in kexec register clearing (Kees Cook) [Orabug: 16992876] \r\n- mm: migration: add migrate_entry_wait_huge() (Naoya Horiguchi) [Orabug: 16992874] \r\n- swap: avoid read_swap_cache_async() race to deadlock while waiting on discard I/O completion (Rafael Aquini) [Orabug: 16992871] \r\n- b43: stop format string leaking into error msgs (Kees Cook) [Orabug: 16992869] {CVE-2013-2852}\r\n- nohz: Fix update_ts_time_stat idle accounting (Michal Hocko) [Orabug: 16985182] \r\n- tracing: Fix possible NULL pointer dereferences (Namhyung Kim) [Orabug: 16963984] \r\n- drm: fix a use-after-free when GPU acceleration disabled (Huacai Chen) [Orabug: 16963983] \r\n- cifs: fix potential buffer overrun when composing a new options string (Jeff Layton) [Orabug: 16963818] \r\n- drivers/block/brd.c: fix brd_lookup_page() race (Brian Behlendorf) [Orabug: 16963816] \r\n- mm: mmu_notifier: re-fix freed page still mapped in secondary MMU (Xiao Guangrong) [Orabug: 16963814] \r\n- klist: del waiter from klist_remove_waiters before wakeup waitting process (wang, biao) [Orabug: 16963813] \r\n- ocfs2: goto out_unlock if ocfs2_get_clusters_nocache() failed in ocfs2_fiemap() (Joseph Qi) [Orabug: 16963812] \r\n- fat: fix possible overflow for fat_clusters (OGAWA Hirofumi) [Orabug: 16963811] \r\n- cifs: only set ops for inodes in I_NEW state (Jeff Layton) [Orabug: 16963810] \r\n- usermodehelper: check subprocess_info->path != NULL (Oleg Nesterov) [Orabug: 16909862] \r\n- ipv6: do not clear pinet6 field (Eric Dumazet) [Orabug: 16909856] \r\n- macvlan: fix passthru mode race between dev removal and rx path (Jiri Pirko) [Orabug: 16909854] \r\n- bridge: fix race with topology change timer (stephen hemminger) [Orabug: 16909638] \r\n- tick: Cleanup NOHZ per cpu data on cpu down (Thomas Gleixner) [Orabug: 16909637] \r\n- timer: Dont reinitialize the cpu base lock during CPU_UP_PREPARE (Tirupathi Reddy) [Orabug: 16909635] \r\n- x86/mm: account for PGDIR_SIZE alignment (Jerry Hoemann) [Orabug: 16903170] \r\n- kernel/audit_tree.c: tree will leak memory when failure occurs in audit_trim_trees() (Chen Gang) [Orabug: 16903120] \r\n- clockevents: Set dummy handler on CPU_DEAD shutdown (Thomas Gleixner) [Orabug: 16902369] \r\n- cgroup: fix an off-by-one bug which may trigger BUG_ON() (Li Zefan) [Orabug: 16902267] \r\n- hrtimer: Add expiry time overflow check in hrtimer_interrupt (Prarit Bhargava) [Orabug: 16902194] \r\n- hrtimer: Fix ktime_add_ns() overflow on 32bit architectures (David Engraf) [Orabug: 16902186] \r\n- fs/fscache/stats.c: fix memory leak (Anurup m) [Orabug: 16901677] \r\n- Bluetooth: RFCOMM - Fix missing msg_namelen update in rfcomm_sock_recvmsg() (Mathias Krause) [Orabug: 16888256] {CVE-2013-3225}\r\n- Bluetooth: fix possible info leak in bt_sock_recvmsg() (Mathias Krause) [Orabug: 16888251] {CVE-2013-3224}\r\n- atm: update msg_namelen in vcc_recvmsg() (Mathias Krause) [Orabug: 16888219] {CVE-2013-3222}\r\n- net: sctp: sctp_auth_key_put: use kzfree instead of kfree (Daniel Borkmann) [Orabug: 16888213] \r\n- Btrfs: make sure nbytes are right after log replay (Josef Bacik) [Orabug: 16864338] \r\n- Revert 'sysfs: fix race between readdir and lseek' (Jiri Kosina) [Orabug: 16858013] \r\n- crypto: algif - suppress sending source address information in recvmsg (Mathias Krause) [Orabug: 16864292] \r\n- sched: Convert BUG_ON()s in try_to_wake_up_local() to WARN_ON_ONCE()s (Tejun Heo) [Orabug: 16864274] \r\n- kernel/signal.c: stop info leak via the tkill and the tgkill syscalls (Emese Revfy) [Orabug: 16864214] \r\n- Revert '8021q: fix a potential use-after-free' (Greg Kroah-Hartman) [Orabug: 16858417] \r\n- hrtimer: Dont reinitialize a cpu_base lock on CPU_UP (Michael Bohan) [Orabug: 16864124] \r\n- PM / reboot: call syscore_shutdown() after disable_nonboot_cpus() (Huacai Chen) [Orabug: 16863936] \r\n- tracing: Fix double free when function profile init failed (Namhyung Kim) [Orabug: 16863887] \r\n- mm: prevent mmap_cache race in find_vma() (Jan Stancek) [Orabug: 16863788] \r\n- block: avoid using uninitialized value in from queue_var_store (Arnd Bergmann) [Orabug: 16863776] \r\n- bonding: get netdev_rx_handler_unregister out of locks (Veaceslav Falico) [Orabug: 16863608] \r\n- net: add a synchronize_net() in netdev_rx_handler_unregister() (Eric Dumazet) [Orabug: 16863608] \r\n- 8021q: fix a potential use-after-free (Cong Wang) [Orabug: 16858417] \r\n- efivars: Handle duplicate names from get_next_variable() (Matt Fleming) [Orabug: 16858386] \r\n- efivars: explicitly calculate length of VariableName (Matt Fleming) [Orabug: 16858386] \r\n- loop: prevent bdev freeing while device in use (Anatol Pomozov) [Orabug: 16858270] \r\n- Btrfs: limit the global reserve to 512mb (Josef Bacik) [Orabug: 16858090] \r\n- sysfs: handle failure path correctly for readdir() (Ming Lei) [Orabug: 16858013] \r\n- sysfs: fix race between readdir and lseek (Ming Lei) [Orabug: 16858013] \r\n \n \n ", "modified": "2013-09-16T00:00:00", "published": "2013-09-16T00:00:00", "id": "ELSA-2013-2546", "href": "http://linux.oracle.com/errata/ELSA-2013-2546.html", "title": "Unbreakable Enterprise Kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "debian": [{"lastseen": "2019-05-30T02:23:01", "bulletinFamily": "unix", "description": "- ----------------------------------------------------------------------\nDebian Security Advisory DSA-2745-1 security@debian.org\nhttp://www.debian.org/security/ Dann Frazier\nAugust 28, 2013 http://www.debian.org/security/faq\n- ----------------------------------------------------------------------\n\nPackage : linux\nVulnerability : privilege escalation/denial of service/information leak\nProblem type : local/remote\nDebian-specific: no\nCVE Id(s) : CVE-2013-1059 CVE-2013-2148 CVE-2013-2164 CVE-2013-2232\n CVE-2013-2234 CVE-2013-2237 CVE-2013-2851 CVE-2013-2852\n CVE-2013-4162 CVE-2013-4163\nDebian Bug : 701744\n\nSeveral vulnerabilities have been discovered in the Linux kernel that may lead\nto a denial of service, information leak or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2013-1059\n\n Chanam Park reported an issue in the Ceph distributed storage system.\n Remote users can cause a denial of service by sending a specially crafted\n auth_reply message.\n\nCVE-2013-2148\n\n Dan Carpenter reported an information leak in the filesystem wide access\n notification subsystem (fanotify). Local users could gain access to\n sensitive kernel memory.\n\nCVE-2013-2164\n\n Jonathan Salwan reported an information leak in the CD-ROM driver. A\n local user on a system with a malfunctioning CD-ROM drive could gain\n access to sensitive memory.\n\nCVE-2013-2232\n\n Dave Jones and Hannes Frederic Sowa resolved an issue in the IPv6\n subsystem. Local users could cause a denial of service by using an\n AF_INET6 socket to connect to an IPv4 destination.\n\nCVE-2013-2234\n\n Mathias Krause reported a memory leak in the implementation of PF_KEYv2\n sockets. Local users could gain access to sensitive kernel memory.\n\nCVE-2013-2237\n\n Nicolas Dichtel reported a memory leak in the implementation of PF_KEYv2\n sockets. Local users could gain access to sensitive kernel memory.\n\nCVE-2013-2851\n\n Kees Cook reported an issue in the block subsystem. Local users with\n uid 0 could gain elevated ring 0 privileges. This is only a security\n issue for certain specially configured systems.\n\nCVE-2013-2852\n\n Kees Cook reported an issue in the b43 network driver for certain Broadcom\n wireless devices. Local users with uid 0 could gain elevated ring 0 \n privileges. This is only a security issue for certain specially configured\n systems.\n\nCVE-2013-4162\n\n Hannes Frederic Sowa reported an issue in the IPv6 networking subsystem.\n Local users can cause a denial of service (system crash).\n\nCVE-2013-4163\n\n Dave Jones reported an issue in the IPv6 networking subsystem. Local\n users can cause a denial of service (system crash).\n\nThis update also includes a fix for a regression in the Xen subsystem.\n\nFor the stable distribution (wheezy), these problems has been fixed in version\n3.2.46-1+deb7u1.\n\nThe following matrix lists additional source packages that were rebuilt for\ncompatibility with or to take advantage of this update:\n\n Debian 7.0 (wheezy)\n user-mode-linux 3.2-2um-1+deb7u2\n\nWe recommend that you upgrade your linux and user-mode-linux packages.\n\nNote: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or &quot;leap-frog&quot; fashion.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2013-08-29T05:16:38", "published": "2013-08-29T05:16:38", "id": "DEBIAN:DSA-2745-1:9CD12", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2013/msg00155.html", "title": "[SECURITY] [DSA 2745-1] linux security update", "type": "debian", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-30T02:21:40", "bulletinFamily": "unix", "description": "- ----------------------------------------------------------------------\nDebian Security Advisory DSA-2766-1 security@debian.org\nhttp://www.debian.org/security/ Dann Frazier\nSeptember 27, 2013 http://www.debian.org/security/faq\n- ----------------------------------------------------------------------\n\nPackage : linux-2.6\nVulnerability : privilege escalation/denial of service/information leak\nProblem type : local/remote\nDebian-specific: no\nCVE Id(s) : CVE-2013-2141 CVE-2013-2164 CVE-2013-2206 CVE-2013-2232\n CVE-2013-2234 CVE-2013-2237 CVE-2013-2239 CVE-2013-2851\n CVE-2013-2852 CVE-2013-2888 CVE-2013-2892\n\nSeveral vulnerabilities have been discovered in the Linux kernel that may lead\nto a denial of service, information leak or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2013-2141\n\n Emese Revfy provided a fix for an information leak in the tkill and\n tgkill system calls. A local user on a 64-bit system maybe able to\n gain access to sensitive memory contents.\n\nCVE-2013-2164\n\n Jonathan Salwan reported an information leak in the CD-ROM driver. A\n local user on a system with a malfunctioning CD-ROM drive could gain\n access to sensitive memory.\n\nCVE-2013-2206\n\n Karl Heiss reported an issue in the Linux SCTP implementation. A remote\n user could cause a denial of service (system crash).\n\nCVE-2013-2232\n\n Dave Jones and Hannes Frederic Sowa resolved an issue in the IPv6\n subsystem. Local users could cause a denial of service by using an\n AF_INET6 socket to connect to an IPv4 destination.\n\nCVE-2013-2234\n\n Mathias Krause reported a memory leak in the implementation of PF_KEYv2\n sockets. Local users could gain access to sensitive kernel memory.\n\nCVE-2013-2237\n\n Nicolas Dichtel reported a memory leak in the implementation of PF_KEYv2\n sockets. Local users could gain access to sensitive kernel memory.\n\nCVE-2013-2239\n\n Jonathan Salwan discovered multiple memory leaks in the openvz kernel\n flavor. Local users could gain access to sensitive kernel memory.\n\nCVE-2013-2851\n\n Kees Cook reported an issue in the block subsystem. Local users with\n uid 0 could gain elevated ring 0 privileges. This is only a security\n issue for certain specially configured systems.\n\nCVE-2013-2852\n\n Kees Cook reported an issue in the b43 network driver for certain Broadcom\n wireless devices. Local users with uid 0 could gain elevated ring 0 \n privileges. This is only a security issue for certain specially configured\n systems.\n\nCVE-2013-2888\n\n Kees Cook reported an issue in the HID driver subsystem. A local user,\n with the ability to attach a device, could cause a denial of service\n (system crash).\n\nCVE-2013-2892\n\n Kees Cook reported an issue in the pantherlord HID device driver. Local\n users with the ability to attach a device could cause a denial of service\n or possibly gain elevated privileges.\n\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.6.32-48squeeze4.\n\nThe following matrix lists additional source packages that were rebuilt for\ncompatibility with or to take advantage of this update:\n\n Debian 6.0 (squeeze)\n user-mode-linux 2.6.32-1um-4+48squeeze4\n\nWe recommend that you upgrade your linux-2.6 and user-mode-linux packages.\n\nNote: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or &quot;leap-frog&quot; fashion.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2013-09-27T23:24:29", "published": "2013-09-27T23:24:29", "id": "DEBIAN:DSA-2766-1:1DD94", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2013/msg00177.html", "title": "[SECURITY] [DSA 2766-1] linux-2.6 security update", "type": "debian", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:57:20", "bulletinFamily": "unix", "description": "The SUSE Linux Enterprise 11 Service Pack 3 kernel has been\n updated to version 3.0.93 and to fix various bugs and\n security issues.\n\n The following features have been added:\n\n * NFS: Now supports a &quot;nosharetransport&quot; option\n (bnc#807502, bnc#828192, FATE#315593).\n * ALSA: virtuoso: Xonar DSX support was added\n (FATE#316016).\n\n The following security issues have been fixed:\n\n *\n\n CVE-2013-2148: The fill_event_metadata function in\n fs/notify/fanotify/fanotify_user.c in the Linux kernel did\n not initialize a certain structure member, which allowed\n local users to obtain sensitive information from kernel\n memory via a read operation on the fanotify descriptor.\n\n *\n\n CVE-2013-2237: The key_notify_policy_flush function\n in net/key/af_key.c in the Linux kernel did not initialize\n a certain structure member, which allowed local users to\n obtain sensitive information from kernel heap memory by\n reading a broadcast message from the notify_policy\n interface of an IPSec key_socket.\n\n *\n\n CVE-2013-2232: The ip6_sk_dst_check function in\n net/ipv6/ip6_output.c in the Linux kernel allowed local\n users to cause a denial of service (system crash) by using\n an AF_INET6 socket for a connection to an IPv4 interface.\n\n *\n\n CVE-2013-2234: The (1) key_notify_sa_flush and (2)\n key_notify_policy_flush functions in net/key/af_key.c in\n the Linux kernel did not initialize certain structure\n members, which allowed local users to obtain sensitive\n information from kernel heap memory by reading a broadcast\n message from the notify interface of an IPSec key_socket.\n CVE-2013-4162: The udp_v6_push_pending_frames function in\n net/ipv6/udp.c in the IPv6 implementation in the Linux\n kernel made an incorrect function call for pending data,\n which allowed local users to cause a denial of service (BUG\n and system crash) via a crafted application that uses the\n UDP_CORK option in a setsockopt system call.\n\n *\n\n CVE-2013-1059: net/ceph/auth_none.c in the Linux\n kernel allowed remote attackers to cause a denial of\n service (NULL pointer dereference and system crash) or\n possibly have unspecified other impact via an auth_reply\n message that triggers an attempted build_request operation.\n\n *\n\n CVE-2013-2164: The mmc_ioctl_cdrom_read_data function\n in drivers/cdrom/cdrom.c in the Linux kernel allowed local\n users to obtain sensitive information from kernel memory\n via a read operation on a malfunctioning CD-ROM drive.\n\n *\n\n CVE-2013-2851: Format string vulnerability in the\n register_disk function in block/genhd.c in the Linux kernel\n allowed local users to gain privileges by leveraging root\n access and writing format string specifiers to\n /sys/module/md_mod/parameters/new_array in order to create\n a crafted /dev/md device name.\n\n *\n\n CVE-2013-4163: The ip6_append_data_mtu function in\n net/ipv6/ip6_output.c in the IPv6 implementation in the\n Linux kernel did not properly maintain information about\n whether the IPV6_MTU setsockopt option had been specified,\n which allowed local users to cause a denial of service (BUG\n and system crash) via a crafted application that uses the\n UDP_CORK option in a setsockopt system call.\n\n *\n\n CVE-2013-1929: Heap-based buffer overflow in the\n tg3_read_vpd function in\n drivers/net/ethernet/broadcom/tg3.c in the Linux kernel\n allowed physically proximate attackers to cause a denial of\n service (system crash) or possibly execute arbitrary code\n via crafted firmware that specifies a long string in the\n Vital Product Data (VPD) data structure.\n\n *\n\n CVE-2013-1819: The _xfs_buf_find function in\n fs/xfs/xfs_buf.c in the Linux kernel did not validate block\n numbers, which allowed local users to cause a denial of\n service (NULL pointer dereference and system crash) or\n possibly have unspecified other impact by leveraging the\n ability to mount an XFS filesystem containing a metadata\n inode with an invalid extent map.\n\n Also the following non-security bugs have been fixed:\n\n * ACPI / APEI: Force fatal AER severity when component\n has been reset (bnc#828886 bnc#824568).\n * PCI/AER: Move AER severity defines to aer.h\n (bnc#828886 bnc#824568).\n * PCI/AER: Set dev-&gt;__aer_firmware_first only for\n matching devices (bnc#828886 bnc#824568).\n * PCI/AER: Factor out HEST device type matching\n (bnc#828886 bnc#824568).\n * PCI/AER: Do not parse HEST table for non-PCIe devices\n (bnc#828886 bnc#824568).\n *\n\n PCI/AER: Reset link for devices below Root Port or\n Downstream Port (bnc#828886 bnc#824568).\n\n *\n\n zfcp: fix lock imbalance by reworking request queue\n locking (bnc#835175, LTC#96825).\n\n *\n\n qeth: Fix crash on initial MTU size change\n (bnc#835175, LTC#96809).\n\n *\n\n qeth: change default standard blkt settings for OSA\n Express (bnc#835175, LTC#96808).\n\n *\n\n x86: Add workaround to NMI iret woes (bnc#831949).\n\n *\n\n x86: Do not schedule while still in NMI context\n (bnc#831949).\n\n *\n\n drm/i915: no longer call drm_helper_resume_force_mode\n (bnc#831424,bnc#800875).\n\n *\n\n bnx2x: protect different statistics flows\n (bnc#814336).\n\n * bnx2x: Avoid sending multiple statistics queries\n (bnc#814336).\n *\n\n bnx2x: protect different statistics flows\n (bnc#814336).\n\n *\n\n ALSA: hda - Fix unbalanced runtime pm refount\n (bnc#834742).\n\n *\n\n xhci: directly calling _PS3 on suspend (bnc#833148).\n\n *\n\n futex: Take hugepages into account when generating\n futex_key.\n\n *\n\n e1000e: workaround DMA unit hang on I218 (bnc#834647).\n\n * e1000e: unexpected &quot;Reset adapter&quot; message when cable\n pulled (bnc#834647).\n * e1000e: 82577: workaround for link drop issue\n (bnc#834647).\n * e1000e: helper functions for accessing EMI registers\n (bnc#834647).\n * e1000e: workaround DMA unit hang on I218 (bnc#834647).\n * e1000e: unexpected &quot;Reset adapter&quot; message when cable\n pulled (bnc#834647).\n * e1000e: 82577: workaround for link drop issue\n (bnc#834647).\n *\n\n e1000e: helper functions for accessing EMI registers\n (bnc#834647).\n\n *\n\n Drivers: hv: util: Fix a bug in version negotiation\n code for util services (bnc#828714).\n\n *\n\n printk: Add NMI ringbuffer (bnc#831949).\n\n * printk: extract ringbuffer handling from vprintk\n (bnc#831949).\n * printk: NMI safe printk (bnc#831949).\n * printk: Make NMI ringbuffer size independent on\n log_buf_len (bnc#831949).\n * printk: Do not call console_unlock from nmi context\n (bnc#831949).\n *\n\n printk: Do not use printk_cpu from finish_printk\n (bnc#831949).\n\n *\n\n zfcp: fix schedule-inside-lock in scsi_device list\n loops (bnc#833073, LTC#94937).\n\n *\n\n uvc: increase number of buffers (bnc#822164,\n bnc#805804).\n\n *\n\n drm/i915: Adding more reserved PCI IDs for Haswell\n (bnc#834116).\n\n *\n\n Refresh patches.xen/xen-netback-generalize\n (bnc#827378).\n\n *\n\n Update Xen patches to 3.0.87.\n\n *\n\n mlx4_en: Adding 40gb speed report for ethtool\n (bnc#831410).\n\n *\n\n drm/i915: Retry DP aux_ch communications with a\n different clock after failure (bnc#831422).\n\n * drm/i915: split aux_clock_divider logic in a\n separated function for reuse (bnc#831422).\n * drm/i915: dp: increase probe retries (bnc#831422).\n * drm/i915: Only clear write-domains after a successful\n wait-seqno (bnc#831422).\n * drm/i915: Fix write-read race with multiple rings\n (bnc#831422).\n * drm/i915: Retry DP aux_ch communications with a\n different clock after failure (bnc#831422).\n * drm/i915: split aux_clock_divider logic in a\n separated function for reuse (bnc#831422).\n * drm/i915: dp: increase probe retries (bnc#831422).\n * drm/i915: Only clear write-domains after a successful\n wait-seqno (bnc#831422).\n *\n\n drm/i915: Fix write-read race with multiple rings\n (bnc#831422).\n\n *\n\n xhci: Add xhci_disable_ports boot option (bnc#822164).\n\n *\n\n xhci: set device to D3Cold on shutdown (bnc#833097).\n\n *\n\n reiserfs: Fixed double unlock in reiserfs_setattr\n failure path.\n\n * reiserfs: locking, release lock around quota\n operations (bnc#815320).\n * reiserfs: locking, push write lock out of xattr code\n (bnc#815320).\n * reiserfs: locking, handle nested locks properly\n (bnc#815320).\n * reiserfs: do not lock journal_init() (bnc#815320).\n *\n\n reiserfs: delay reiserfs lock until journal\n initialization (bnc#815320).\n\n *\n\n NFS: support &quot;nosharetransport&quot; option (bnc#807502,\n bnc#828192, FATE#315593).\n\n *\n\n HID: hyperv: convert alloc+memcpy to memdup.\n\n * Drivers: hv: vmbus: Implement multi-channel support\n (fate#316098).\n * Drivers: hv: Add the GUID fot synthetic fibre channel\n device (fate#316098).\n * tools: hv: Check return value of setsockopt call.\n * tools: hv: Check return value of poll call.\n * tools: hv: Check retrun value of strchr call.\n * tools: hv: Fix file descriptor leaks.\n * tools: hv: Improve error logging in KVP daemon.\n * drivers: hv: switch to use mb() instead of smp_mb().\n * drivers: hv: check interrupt mask before read_index.\n * drivers: hv: allocate synic structures before\n hv_synic_init().\n * storvsc: Increase the value of scsi timeout for\n storvsc devices (fate#316098).\n * storvsc: Update the storage protocol to win8 level\n (fate#316098).\n * storvsc: Implement multi-channel support\n (fate#316098).\n * storvsc: Support FC devices (fate#316098).\n * storvsc: Increase the value of\n STORVSC_MAX_IO_REQUESTS (fate#316098).\n * hyperv: Fix the NETIF_F_SG flag setting in netvsc.\n * Drivers: hv: vmbus: incorrect device name is printed\n when child device is unregistered.\n *\n\n Tools: hv: KVP: Fix a bug in IPV6 subnet enumeration\n (bnc#828714).\n\n *\n\n ipv6: ip6_append_data_mtu did not care about pmtudisc\n and frag_size (bnc#831055, CVE-2013-4163).\n\n *\n\n ipv6: ip6_append_data_mtu did not care about pmtudisc\n and frag_size (bnc#831055, CVE-2013-4163).\n\n *\n\n dm mpath: add retain_attached_hw_handler feature\n (bnc#760407).\n\n *\n\n scsi_dh: add scsi_dh_attached_handler_name\n (bnc#760407).\n\n *\n\n af_key: fix info leaks in notify messages (bnc#827749\n CVE-2013-2234).\n\n *\n\n af_key: initialize satype in\n key_notify_policy_flush() (bnc#828119 CVE-2013-2237).\n\n *\n\n ipv6: call udp_push_pending_frames when uncorking a\n socket with (bnc#831058, CVE-2013-4162).\n\n *\n\n tg3: fix length overflow in VPD firmware parsing\n (bnc#813733 CVE-2013-1929).\n\n *\n\n xfs: fix _xfs_buf_find oops on blocks beyond the\n filesystem end (CVE-2013-1819 bnc#807471).\n\n *\n\n ipv6: ip6_sk_dst_check() must not assume ipv6 dst\n (bnc#827750, CVE-2013-2232).\n\n *\n\n dasd: fix hanging devices after path events\n (bnc#831623, LTC#96336).\n\n *\n\n kernel: z90crypt module load crash (bnc#831623,\n LTC#96214).\n\n *\n\n ata: Fix DVD not dectected at some platform with\n Wellsburg PCH (bnc#822225).\n\n *\n\n drm/i915: edp: add standard modes (bnc#832318).\n\n *\n\n Do not switch camera on yet more HP machines\n (bnc#822164).\n\n *\n\n Do not switch camera on HP EB 820 G1 (bnc#822164).\n\n *\n\n xhci: Avoid NULL pointer deref when host dies\n (bnc#827271).\n\n *\n\n bonding: disallow change of MAC if fail_over_mac\n enabled (bnc#827376).\n\n * bonding: propagate unicast lists down to slaves\n (bnc#773255 bnc#827372).\n * net/bonding: emit address change event also in\n bond_release (bnc#773255 bnc#827372).\n *\n\n bonding: emit event when bonding changes MAC\n (bnc#773255 bnc#827372).\n\n *\n\n usb: host: xhci: Enable XHCI_SPURIOUS_SUCCESS for all\n controllers with xhci 1.0 (bnc#797909).\n\n *\n\n xhci: fix null pointer dereference on\n ring_doorbell_for_active_rings (bnc#827271).\n\n *\n\n updated reference for security issue fixed inside\n (CVE-2013-3301 bnc#815256)\n\n *\n\n qla2xxx: Clear the MBX_INTR_WAIT flag when the\n mailbox time-out happens (bnc#830478).\n\n *\n\n drm/i915: initialize gt_lock early with other spin\n locks (bnc#801341).\n\n * drm/i915: fix up gt init sequence fallout\n (bnc#801341).\n * drm/i915: initialize gt_lock early with other spin\n locks (bnc#801341).\n *\n\n drm/i915: fix up gt init sequence fallout\n (bnc#801341).\n\n *\n\n timer_list: Correct the iterator for timer_list\n (bnc#818047).\n\n *\n\n firmware: do not spew errors in normal boot\n (bnc#831438, fate#314574).\n\n *\n\n ALSA: virtuoso: Xonar DSX support (FATE#316016).\n\n *\n\n SUNRPC: Ensure we release the socket write lock if\n the rpc_task exits early (bnc#830901).\n\n *\n\n ext4: Re-add config option Building ext4 as the\n ext4-writeable KMP uses CONFIG_EXT4_FS_RW=y to denote that\n read-write module should be enabled. This update just\n defaults allow_rw to true if it is set.\n\n *\n\n e1000: fix vlan processing regression (bnc#830766).\n\n *\n\n ext4: force read-only unless rw=1 module option is\n used (fate#314864).\n\n *\n\n dm mpath: fix ioctl deadlock when no paths\n (bnc#808940).\n\n *\n\n HID: fix unused rsize usage (bnc#783475).\n\n *\n\n add reference for b43 format string flaw (bnc#822579\n CVE-2013-2852)\n\n *\n\n HID: fix data access in implement() (bnc#783475).\n\n *\n\n xfs: fix deadlock in xfs_rtfree_extent with kernel\n v3.x (bnc#829622).\n\n *\n\n kernel: sclp console hangs (bnc#830346, LTC#95711).\n\n *\n\n Refresh\n patches.fixes/rtc-add-an-alarm-disable-quirk.patch.\n\n *\n\n Delete\n patches.drm/1209-nvc0-fb-shut-up-pmfb-interrupt-after-the-fi\n rst-occurrence. It was removed from series.conf in\n 063ed686e5a3cda01a7ddbc49db1499da917fef5 but the file was\n not deleted.\n\n *\n\n Drivers: hv: balloon: Do not post pressure status if\n interrupted (bnc#829539).\n\n *\n\n Drivers: hv: balloon: Fix a bug in the hot-add code\n (bnc#829539).\n\n *\n\n drm/i915: Fix incoherence with fence updates on\n Sandybridge+ (bnc#809463).\n\n * drm/i915: merge {i965, sandybridge}_write_fence_reg()\n (bnc#809463).\n * drm/i915: Fix incoherence with fence updates on\n Sandybridge+ (bnc#809463).\n *\n\n drm/i915: merge {i965, sandybridge}_write_fence_reg()\n (bnc#809463).\n\n *\n\n Refresh\n patches.fixes/rtc-add-an-alarm-disable-quirk.patch.\n\n *\n\n r8169: allow multicast packets on sub-8168f chipset\n (bnc#805371).\n\n * r8169: support new chips of RTL8111F (bnc#805371).\n * r8169: define the early size for 8111evl (bnc#805371).\n * r8169: fix the reset setting for 8111evl (bnc#805371).\n * r8169: add MODULE_FIRMWARE for the firmware of\n 8111evl (bnc#805371).\n * r8169: fix sticky accepts packet bits in RxConfig\n (bnc#805371).\n * r8169: adjust the RxConfig settings (bnc#805371).\n * r8169: support RTL8111E-VL (bnc#805371).\n * r8169: add ERI functions (bnc#805371).\n * r8169: modify the flow of the hw reset (bnc#805371).\n * r8169: adjust some registers (bnc#805371).\n * r8169: check firmware content sooner (bnc#805371).\n * r8169: support new firmware format (bnc#805371).\n * r8169: explicit firmware format check (bnc#805371).\n * r8169: move the firmware down into the device private\n data (bnc#805371).\n * r8169: allow multicast packets on sub-8168f chipset\n (bnc#805371).\n * r8169: support new chips of RTL8111F (bnc#805371).\n * r8169: define the early size for 8111evl (bnc#805371).\n * r8169: fix the reset setting for 8111evl (bnc#805371).\n * r8169: add MODULE_FIRMWARE for the firmware of\n 8111evl (bnc#805371).\n * r8169: fix sticky accepts packet bits in RxConfig\n (bnc#805371).\n * r8169: adjust the RxConfig settings (bnc#805371).\n * r8169: support RTL8111E-VL (bnc#805371).\n * r8169: add ERI functions (bnc#805371).\n * r8169: modify the flow of the hw reset (bnc#805371).\n * r8169: adjust some registers (bnc#805371).\n * r8169: check firmware content sooner (bnc#805371).\n * r8169: support new firmware format (bnc#805371).\n * r8169: explicit firmware format check (bnc#805371).\n *\n\n r8169: move the firmware down into the device private\n data (bnc#805371).\n\n *\n\n patches.fixes/mm-link_mem_sections-touch-nmi-watchdog.patch:\n mm: link_mem_sections make sure nmi watchdog does not\n trigger while linking memory sections (bnc#820434).\n\n *\n\n drm/i915: fix long-standing SNB regression in power\n consumption after resume v2 (bnc#801341).\n\n *\n\n RTC: Add an alarm disable quirk (bnc#805740).\n\n *\n\n drm/i915: Fix bogus hotplug warnings at resume\n (bnc#828087).\n\n * drm/i915: Serialize all register access\n (bnc#809463,bnc#812274,bnc#822878,bnc#828914).\n * drm/i915: Resurrect ring kicking for semaphores,\n selectively (bnc#828087).\n * drm/i915: Fix bogus hotplug warnings at resume\n (bnc#828087).\n * drm/i915: Serialize all register access\n (bnc#809463,bnc#812274,bnc#822878,bnc#828914).\n *\n\n drm/i915: Resurrect ring kicking for semaphores,\n selectively (bnc#828087).\n\n *\n\n drm/i915: use lower aux clock divider on non-ULT HSW\n (bnc#800875).\n\n * drm/i915: preserve the PBC bits of TRANS_CHICKEN2\n (bnc#828087).\n * drm/i915: set CPT FDI RX polarity bits based on VBT\n (bnc#828087).\n * drm/i915: hsw: fix link training for eDP on port-A\n (bnc#800875).\n * drm/i915: use lower aux clock divider on non-ULT HSW\n (bnc#800875).\n * drm/i915: preserve the PBC bits of TRANS_CHICKEN2\n (bnc#828087).\n * drm/i915: set CPT FDI RX polarity bits based on VBT\n (bnc#828087).\n *\n\n drm/i915: hsw: fix link training for eDP on port-A\n (bnc#800875).\n\n *\n\n patches.arch/s390-66-02-smp-ipi.patch: kernel: lost\n IPIs on CPU hotplug (bnc#825048, LTC#94784).\n\n *\n\n patches.fixes/iwlwifi-use-correct-supported-firmware-for-603\n 5-and-.patch: iwlwifi: use correct supported firmware for\n 6035 and 6000g2 (bnc#825887).\n\n *\n\n patches.fixes/watchdog-update-watchdog_thresh-atomically.pat\n ch: watchdog: Update watchdog_thresh atomically\n (bnc#829357).\n\n *\n patches.fixes/watchdog-update-watchdog_tresh-properly.patch:\n watchdog: update watchdog_tresh properly (bnc#829357).\n *\n\n patches.fixes/watchdog-make-disable-enable-hotplug-and-preem\n pt-save.patch:\n watchdog-make-disable-enable-hotplug-and-preempt-save.patch\n (bnc#829357).\n\n *\n\n kabi/severities: Ignore changes in drivers/hv\n\n *\n\n patches.drivers/lpfc-return-correct-error-code-on-bsg_timeou\n t.patch: lpfc: Return correct error code on bsg_timeout\n (bnc#816043).\n\n *\n\n patches.fixes/dm-drop-table-reference-on-ioctl-retry.patch:\n dm-multipath: Drop table when retrying ioctl (bnc#808940).\n\n *\n\n scsi: Do not retry invalid function error\n (bnc#809122).\n\n *\n\n patches.suse/scsi-do-not-retry-invalid-function-error.patch:\n scsi: Do not retry invalid function error (bnc#809122).\n\n *\n\n scsi: Always retry internal target error (bnc#745640,\n bnc#825227).\n\n *\n\n patches.suse/scsi-always-retry-internal-target-error.patch:\n scsi: Always retry internal target error (bnc#745640,\n bnc#825227).\n\n *\n\n patches.drivers/drm-edid-Don-t-print-messages-regarding-ster\n eo-or-csync-by-default.patch: Refresh: add upstream commit\n ID.\n\n *\n\n patches.suse/acpiphp-match-to-Bochs-dmi-data.patch:\n Refresh. (bnc#824915).\n\n *\n\n Refresh\n patches.suse/acpiphp-match-to-Bochs-dmi-data.patch\n (bnc#824915).\n\n *\n\n Update kabi files.\n\n *\n\n ACPI:remove panic in case hardware has changed after\n S4 (bnc#829001).\n\n *\n\n ibmvfc: Driver version 1.0.1 (bnc#825142).\n\n * ibmvfc: Fix for offlining devices during error\n recovery (bnc#825142).\n * ibmvfc: Properly set cancel flags when cancelling\n abort (bnc#825142).\n * ibmvfc: Send cancel when link is down (bnc#825142).\n * ibmvfc: Support FAST_IO_FAIL in EH handlers\n (bnc#825142).\n *\n\n ibmvfc: Suppress ABTS if target gone (bnc#825142).\n\n *\n\n fs/dcache.c: add cond_resched() to\n shrink_dcache_parent() (bnc#829082).\n\n *\n\n drivers/cdrom/cdrom.c: use kzalloc() for failing\n hardware (bnc#824295, CVE-2013-2164).\n\n *\n\n kmsg_dump: do not run on non-error paths by default\n (bnc#820172).\n\n *\n\n supported.conf: mark tcm_qla2xxx as supported\n\n *\n\n mm: honor min_free_kbytes set by user (bnc#826960).\n\n *\n\n Drivers: hv: util: Fix a bug in version negotiation\n code for util services (bnc#828714).\n\n *\n\n hyperv: Fix a kernel warning from\n netvsc_linkstatus_callback() (bnc#828574).\n\n *\n\n RT: Fix up hardening patch to not gripe when avg &gt;\n available, which lockless access makes possible and happens\n in -rt kernels running a cpubound ltp realtime testcase.\n Just keep the output sane in that case.\n\n *\n\n kabi/severities: Add exception for\n aer_recover_queue() There should not be any user besides\n ghes.ko.\n\n *\n\n Fix rpm changelog\n\n *\n\n PCI / PM: restore the original behavior of\n pci_set_power_state() (bnc#827930).\n\n *\n\n fanotify: info leak in copy_event_to_user()\n (CVE-2013-2148 bnc#823517).\n\n *\n\n usb: xhci: check usb2 port capabilities before adding\n hw link PM support (bnc#828265).\n\n *\n\n aerdrv: Move cper_print_aer() call out of interrupt\n context (bnc#822052, bnc#824568).\n\n *\n\n PCI/AER: pci_get_domain_bus_and_slot() call missing\n required pci_dev_put() (bnc#822052, bnc#824568).\n\n *\n\n patches.fixes/block-do-not-pass-disk-names-as-format-strings\n .patch: block: do not pass disk names as format strings\n (bnc#822575 CVE-2013-2851).\n\n *\n\n powerpc: POWER8 cputable entries (bnc#824256).\n\n *\n\n libceph: Fix NULL pointer dereference in auth client\n code. (CVE-2013-1059, bnc#826350)\n\n *\n\n md/raid10: Fix two bug affecting RAID10 reshape.\n\n *\n\n Allow NFSv4 to run execute-only files (bnc#765523).\n\n *\n\n fs/ocfs2/namei.c: remove unecessary ERROR when\n removing non-empty directory (bnc#819363).\n\n *\n\n block: Reserve only one queue tag for sync IO if only\n 3 tags are available (bnc#806396).\n\n *\n\n btrfs: merge contigous regions when loading free\n space cache\n\n *\n\n btrfs: fix how we deal with the orphan block rsv.\n\n * btrfs: fix wrong check during log recovery.\n * btrfs: change how we indicate we are adding csums.\n", "modified": "2013-09-21T00:04:17", "published": "2013-09-21T00:04:17", "id": "SUSE-SU-2013:1473-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html", "title": "Security update for Linux kernel (important)", "type": "suse", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "centos": [{"lastseen": "2019-05-29T18:35:41", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2013:1051\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* A flaw was found in the tcp_read_sock() function in the Linux kernel's\nIPv4 TCP/IP protocol suite implementation in the way socket buffers (skb)\nwere handled. A local, unprivileged user could trigger this issue via a\ncall to splice(), leading to a denial of service. (CVE-2013-2128,\nModerate)\n\n* Information leak flaws in the Linux kernel could allow a local,\nunprivileged user to leak kernel memory to user-space. (CVE-2012-6548,\nCVE-2013-2634, CVE-2013-2635, CVE-2013-3222, CVE-2013-3224, CVE-2013-3225,\nLow)\n\n* An information leak was found in the Linux kernel's POSIX signals\nimplementation. A local, unprivileged user could use this flaw to bypass\nthe Address Space Layout Randomization (ASLR) security feature.\n(CVE-2013-0914, Low)\n\n* A format string flaw was found in the ext3_msg() function in the Linux\nkernel's ext3 file system implementation. A local user who is able to mount\nan ext3 file system could use this flaw to cause a denial of service or,\npotentially, escalate their privileges. (CVE-2013-1848, Low)\n\n* A format string flaw was found in the b43_do_request_fw() function in the\nLinux kernel's b43 driver implementation. A local user who is able to\nspecify the \"fwpostfix\" b43 module parameter could use this flaw to cause a\ndenial of service or, potentially, escalate their privileges.\n(CVE-2013-2852, Low)\n\n* A NULL pointer dereference flaw was found in the Linux kernel's ftrace\nand function tracer implementations. A local user who has the CAP_SYS_ADMIN\ncapability could use this flaw to cause a denial of service.\n(CVE-2013-3301, Low)\n\nRed Hat would like to thank Kees Cook for reporting CVE-2013-2852.\n\nThis update also fixes several bugs. Documentation for these changes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. The system must be rebooted for this\nupdate to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-July/019858.html\n\n**Affected packages:**\nkernel\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-firmware\nkernel-headers\nperf\npython-perf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-1051.html", "modified": "2013-07-17T04:56:29", "published": "2013-07-17T04:56:29", "href": "http://lists.centos.org/pipermail/centos-announce/2013-July/019858.html", "id": "CESA-2013:1051", "title": "kernel, perf, python security update", "type": "centos", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:48", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2013:194\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : kernel\r\n Date : July 11, 2013\r\n Affected: Business Server 1.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Multiple vulnerabilities has been found and corrected in the Linux\r\n kernel:\r\n \r\n net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote\r\n attackers to cause a denial of service &#40;NULL pointer dereference\r\n and system crash&#41; or possibly have unspecified other impact via\r\n an auth_reply message that triggers an attempted build_request\r\n operation. &#40;CVE-2013-1059&#41;\r\n \r\n The HP Smart Array controller disk-array driver and Compaq SMART2\r\n controller disk-array driver in the Linux kernel through 3.9.4\r\n do not initialize certain data structures, which allows local\r\n users to obtain sensitive information from kernel memory via &#40;1&#41;\r\n a crafted IDAGETPCIINFO command for a /dev/ida device, related\r\n to the ida_locked_ioctl function in drivers/block/cpqarray.c\r\n or &#40;2&#41; a crafted CCISS_PASSTHRU32 command for a /dev/cciss\r\n device, related to the cciss_ioctl32_passthru function in\r\n drivers/block/cciss.c. &#40;CVE-2013-2147&#41;\r\n \r\n The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c\r\n in the Linux kernel through 3.9.4 does not initialize a certain\r\n structure member, which allows local users to obtain sensitive\r\n information from kernel memory via a read operation on the fanotify\r\n descriptor. &#40;CVE-2013-2148&#41;\r\n \r\n Format string vulnerability in the register_disk function in\r\n block/genhd.c in the Linux kernel through 3.9.4 allows local users to\r\n gain privileges by leveraging root access and writing format string\r\n specifiers to /sys/module/md_mod/parameters/new_array in order to\r\n create a crafted /dev/md device name. &#40;CVE-2013-2851&#41;\r\n \r\n The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in\r\n the Linux kernel through 3.10 allows local users to obtain sensitive\r\n information from kernel memory via a read operation on a malfunctioning\r\n CD-ROM drive. &#40;CVE-2013-2164&#41;\r\n \r\n The key_notify_policy_flush function in net/key/af_key.c in the Linux\r\n kernel before 3.9 does not initialize a certain structure member,\r\n which allows local users to obtain sensitive information from kernel\r\n heap memory by reading a broadcast message from the notify_policy\r\n interface of an IPSec key_socket. &#40;CVE-2013-2237&#41;\r\n \r\n The &#40;1&#41; key_notify_sa_flush and &#40;2&#41; key_notify_policy_flush functions\r\n in net/key/af_key.c in the Linux kernel before 3.10 do not initialize\r\n certain structure members, which allows local users to obtain sensitive\r\n information from kernel heap memory by reading a broadcast message\r\n from the notify interface of an IPSec key_socket. &#40;CVE-2013-2234&#41;\r\n \r\n The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux\r\n kernel before 3.10 allows local users to cause a denial of service\r\n &#40;system crash&#41; by using an AF_INET6 socket for a connection to an\r\n IPv4 interface. &#40;CVE-2013-2232&#41;\r\n \r\n The online_pages function in mm/memory_hotplug.c in the Linux kernel\r\n before 3.6 allows local users to cause a denial of service &#40;NULL\r\n pointer dereference and system crash&#41; or possibly have unspecified\r\n other impact in opportunistic circumstances by using memory that was\r\n hot-added by an administrator. &#40;CVE-2012-5517&#41;\r\n \r\n Format string vulnerability in the b43_request_firmware function in\r\n drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in\r\n the Linux kernel through 3.9.4 allows local users to gain privileges\r\n by leveraging root access and including format string specifiers in\r\n an fwpostfix modprobe parameter, leading to improper construction of\r\n an error message. &#40;CVE-2013-2852&#41;\r\n \r\n The ftrace implementation in the Linux kernel before 3.8.8 allows\r\n local users to cause a denial of service &#40;NULL pointer dereference\r\n and system crash&#41; or possibly have unspecified other impact by\r\n leveraging the CAP_SYS_ADMIN capability for write access to the &#40;1&#41;\r\n set_ftrace_pid or &#40;2&#41; set_graph_function file, and then making an\r\n lseek system call. &#40;CVE-2013-3301&#41;\r\n \r\n The pciback_enable_msi function in the PCI backend driver\r\n &#40;drivers/xen/pciback/conf_space_capability_msi.c&#41; in Xen for the\r\n Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device\r\n access to cause a denial of service via a large number of kernel log\r\n messages. NOTE: some of these details are obtained from third party\r\n information. &#40;CVE-2013-0231&#41;\r\n \r\n The chase_port function in drivers/usb/serial/io_ti.c in the\r\n Linux kernel before 3.7.4 allows local users to cause a denial of\r\n service &#40;NULL pointer dereference and system crash&#41; via an attempted\r\n /dev/ttyUSB read or write operation on a disconnected Edgeport USB\r\n serial converter. &#40;CVE-2013-1774&#41;\r\n \r\n Heap-based buffer overflow in the iscsi_add_notunderstood_response\r\n function in drivers/target/iscsi/iscsi_target_parameters.c in the\r\n iSCSI target subsystem in the Linux kernel through 3.9.4 allows\r\n remote attackers to cause a denial of service &#40;memory corruption\r\n and OOPS&#41; or possibly execute arbitrary code via a long key that\r\n is not properly handled during construction of an error-response\r\n packet. &#40;CVE-2013-2850&#41;\r\n \r\n The updated packages provides a solution for these security issues.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5517\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0231\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1059\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1774\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2147\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2148\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2164\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2232\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2234\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2237\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2850\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2851\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2852\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3301\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Business Server 1/X86_64:\r\n 435865a49ae270fc37e81d1a03a7b574 mbs1/x86_64/cpupower-3.4.52-1.1.mbs1.x86_64.rpm\r\n ff1f8cf01c899a47b02f8257aa531026 mbs1/x86_64/kernel-firmware-3.4.52-1.1.mbs1.noarch.rpm\r\n 88f35a2dd3da9fa54c80689e9867edc7 mbs1/x86_64/kernel-headers-3.4.52-1.1.mbs1.x86_64.rpm\r\n 1d49db696ff5b5c75c8dc63f87bc02bc mbs1/x86_64/kernel-server-3.4.52-1.1.mbs1.x86_64.rpm\r\n d718fabb7c5503d536aa815535f44294 mbs1/x86_64/kernel-server-devel-3.4.52-1.1.mbs1.x86_64.rpm\r\n 7aa979aa1c26d51a8e1c3fdf22a6f076 mbs1/x86_64/kernel-source-3.4.52-1.mbs1.noarch.rpm\r\n 871b5453e7e2f65330c9748c4368886b mbs1/x86_64/lib64cpupower0-3.4.52-1.1.mbs1.x86_64.rpm\r\n 0826823b3c0ca675b5762df19171fd05 mbs1/x86_64/lib64cpupower-devel-3.4.52-1.1.mbs1.x86_64.rpm\r\n 8b859bb8ef426ab1d810bf238e3695df mbs1/x86_64/perf-3.4.52-1.1.mbs1.x86_64.rpm \r\n f89854b0909910f6d6e1c7a7153bec08 mbs1/SRPMS/cpupower-3.4.52-1.1.mbs1.src.rpm\r\n a4f26a06789df750207a45b9750978e5 mbs1/SRPMS/kernel-firmware-3.4.52-1.1.mbs1.src.rpm\r\n 761cd4ef33ea2e9de5c06812720c9ea1 mbs1/SRPMS/kernel-headers-3.4.52-1.1.mbs1.src.rpm\r\n 59cacb9eb2a781df3e7785078d6fd129 mbs1/SRPMS/kernel-server-3.4.52-1.1.mbs1.src.rpm\r\n f170b5ef3f2afe9ef213c981f82a47cd mbs1/SRPMS/kernel-source-3.4.52-1.mbs1.src.rpm\r\n 8058f28e41b2e7c05c5719853463cf34 mbs1/SRPMS/perf-3.4.52-1.1.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFR3o0wmqjQ0CJFipgRAo6CAKCWv16hAfjsyxOxBaLJrtDqI0YIawCdEFxp\r\nDKoOAlhqIBT4C0AuyxWYlIw=\r\n=beBr\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2013-07-15T00:00:00", "published": "2013-07-15T00:00:00", "id": "SECURITYVULNS:DOC:29561", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29561", "title": "[ MDVSA-2013:194 ] kernel", "type": "securityvulns", "cvss": {"score": 7.9, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:51", "bulletinFamily": "software", "description": "iSCSI memory corruption, multiple information leaks, DoS, Broadcom B43 driver privilege escalation.", "modified": "2013-07-15T00:00:00", "published": "2013-07-15T00:00:00", "id": "SECURITYVULNS:VULN:13100", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13100", "title": "Linux kernel security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.9, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "amazon": [{"lastseen": "2019-05-29T17:22:51", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nThe bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. \n\nThe udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application. \n\nThe ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call. \n\nThe rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux kernel before 3.8.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. \n\nThe ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface. \n\nThe tcp_read_sock function in net/ipv4/tcp.c in the Linux kernel before 2.6.34 does not properly manage skb consumption, which allows local users to cause a denial of service (system crash) via a crafted splice system call for a TCP socket. \n\nThe rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. \n\nFormat string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message. \n\nThe (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket. \n\nThe vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. \n\nThe flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call. \n\nnet/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. \n\nfs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain circumstances related to printk input, which allows local users to conduct format-string attacks and possibly gain privileges via a crafted application. \n\nnet/ceph/auth_none.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation. \n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ to update your system. You will need to reboot your system in order for the new kernel to be running.\n\n \n\n\n**New Packages:**\n \n \n i686: \n kernel-headers-3.4.57-48.42.amzn1.i686 \n kernel-debuginfo-common-i686-3.4.57-48.42.amzn1.i686 \n kernel-tools-3.4.57-48.42.amzn1.i686 \n kernel-3.4.57-48.42.amzn1.i686 \n kernel-devel-3.4.57-48.42.amzn1.i686 \n kernel-debuginfo-3.4.57-48.42.amzn1.i686 \n kernel-tools-debuginfo-3.4.57-48.42.amzn1.i686 \n \n noarch: \n kernel-doc-3.4.57-48.42.amzn1.noarch \n \n src: \n kernel-3.4.57-48.42.amzn1.src \n \n x86_64: \n kernel-tools-debuginfo-3.4.57-48.42.amzn1.x86_64 \n kernel-tools-3.4.57-48.42.amzn1.x86_64 \n kernel-3.4.57-48.42.amzn1.x86_64 \n kernel-debuginfo-common-x86_64-3.4.57-48.42.amzn1.x86_64 \n kernel-devel-3.4.57-48.42.amzn1.x86_64 \n kernel-headers-3.4.57-48.42.amzn1.x86_64 \n kernel-debuginfo-3.4.57-48.42.amzn1.x86_64 \n \n \n", "modified": "2014-09-15T23:25:00", "published": "2014-09-15T23:25:00", "id": "ALAS-2013-218", "href": "https://alas.aws.amazon.com/ALAS-2013-218.html", "title": "Medium: kernel", "type": "amazon", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}]}