{"lastseen": "2019-05-29T18:36:56", "references": ["http://linux.oracle.com/errata/ELSA-2011-0498.html"], "scheme": null, "pluginID": "1361412562310122179", "description": "Oracle Linux Local Security Checks ELSA-2011-0498", "edition": 6, "reporter": "Eero Volotinen", "published": "2015-10-06T00:00:00", "title": "Oracle Linux Local Check: ELSA-2011-0498", "type": "openvas", "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310840691", "OPENVAS:870632", "OPENVAS:1361412562310840671", "OPENVAS:1361412562310870632", "OPENVAS:840725", "OPENVAS:1361412562310122155", "OPENVAS:1361412562310122177", "OPENVAS:1361412562310840725", "OPENVAS:840691", "OPENVAS:840671"]}, {"type": "redhat", "idList": ["RHSA-2011:0498", "RHSA-2011:0500", "RHSA-2011:0833", "RHSA-2011:0927", "RHSA-2011:0330"]}, {"type": "nessus", "idList": ["SL_20110510_KERNEL_ON_SL6_X.NASL", "UBUNTU_USN-1160-1.NASL", "SUSE_11_KERNEL-110414.NASL", "ORACLELINUX_ELSA-2011-0833.NASL", "REDHAT-RHSA-2011-0498.NASL", "SUSE_11_KERNEL-110415.NASL", "CENTOS_RHSA-2011-0833.NASL", "UBUNTU_USN-1141-1.NASL", "ORACLELINUX_ELSA-2011-2015.NASL", "ORACLELINUX_ELSA-2011-0498.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-0542", "ELSA-2011-1065", "ELSA-2011-0498", "ELSA-2011-2015", "ELSA-2011-0927", "ELSA-2011-0833"]}, {"type": "cve", "idList": ["CVE-2011-0726", "CVE-2011-0711", "CVE-2011-1019", "CVE-2011-1080", "CVE-2011-0712", "CVE-2011-1013", "CVE-2010-4250", "CVE-2010-4649", "CVE-2011-1573", "CVE-2011-1079"]}, {"type": "ubuntu", "idList": ["USN-1187-1", "USN-1159-1", "USN-1189-1", "USN-1162-1", "USN-1081-1", "USN-1141-1", "USN-1160-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:26447"]}, {"type": "suse", "idList": ["SUSE-SA:2011:019", "SUSE-SA:2011:021"]}, {"type": "centos", "idList": ["CESA-2011:0927", "CESA-2011:0833"]}, {"type": "exploitdb", "idList": ["EDB-ID:35013"]}, {"type": "seebug", "idList": ["SSV:20512", "SSV:20537", "SSV:20536", "SSV:20357"]}], "modified": "2019-05-29T18:36:56", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2019-05-29T18:36:56", "rev": 2}, "vulnersScore": 7.1}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4649", "CVE-2011-1573", "CVE-2011-0006", "CVE-2011-0711", "CVE-2011-1079", "CVE-2011-1044", "CVE-2011-0712", "CVE-2011-1019", "CVE-2011-1013", "CVE-2010-4250", "CVE-2011-1093", "CVE-2011-1016", "CVE-2011-0726", "CVE-2010-4565", "CVE-2011-1080"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122179", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122179", "viewCount": 1, "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-0498.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122179\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:14:20 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-0498\");\n script_tag(name:\"insight\", value:\"ELSA-2011-0498 - kernel security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-0498\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-0498.html\");\n script_cve_id(\"CVE-2010-4250\", \"CVE-2010-4565\", \"CVE-2010-4649\", \"CVE-2011-0006\", \"CVE-2011-0711\", \"CVE-2011-0712\", \"CVE-2011-0726\", \"CVE-2011-1013\", \"CVE-2011-1016\", \"CVE-2011-1019\", \"CVE-2011-1044\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1573\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~71.29.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~71.29.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~71.29.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~71.29.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~71.29.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~71.29.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~71.29.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~71.29.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}

{"redhat": [{"lastseen": "2019-08-13T18:45:30", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4250", "CVE-2010-4565", "CVE-2010-4649", "CVE-2011-0006", "CVE-2011-0711", "CVE-2011-0712", "CVE-2011-0726", "CVE-2011-1013", "CVE-2011-1016", "CVE-2011-1019", "CVE-2011-1044", "CVE-2011-1079", "CVE-2011-1080", "CVE-2011-1093", "CVE-2011-1573"], "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes:\n\n* An integer overflow flaw in ib_uverbs_poll_cq() could allow a local,\nunprivileged user to cause a denial of service or escalate their\nprivileges. (CVE-2010-4649, Important)\n\n* An integer signedness flaw in drm_modeset_ctl() could allow a local,\nunprivileged user to cause a denial of service or escalate their\nprivileges. (CVE-2011-1013, Important)\n\n* The Radeon GPU drivers in the Linux kernel were missing sanity checks for\nthe Anti Aliasing (AA) resolve register values which could allow a local,\nunprivileged user to cause a denial of service or escalate their privileges\non systems using a graphics card from the ATI Radeon R300, R400, or R500\nfamily of cards. (CVE-2011-1016, Important)\n\n* A flaw in dccp_rcv_state_process() could allow a remote attacker to\ncause a denial of service, even when the socket was already closed.\n(CVE-2011-1093, Important)\n\n* A flaw in the Linux kernel's Stream Control Transmission Protocol (SCTP)\nimplementation could allow a remote attacker to cause a denial of service\nif the sysctl \"net.sctp.addip_enable\" and \"auth_enable\" variables were\nturned on (they are off by default). (CVE-2011-1573, Important)\n\n* A memory leak in the inotify_init() system call. In some cases, it could\nleak a group, which could allow a local, unprivileged user to eventually\ncause a denial of service. (CVE-2010-4250, Moderate)\n\n* A missing validation of a null-terminated string data structure element\nin bnep_sock_ioctl() could allow a local user to cause an information leak\nor a denial of service. (CVE-2011-1079, Moderate)\n\n* An information leak in bcm_connect() in the Controller Area Network (CAN)\nBroadcast Manager implementation could allow a local, unprivileged user to\nleak kernel mode addresses in \"/proc/net/can-bcm\". (CVE-2010-4565, Low)\n\n* A flaw was found in the Linux kernel's Integrity Measurement Architecture\n(IMA) implementation. When SELinux was disabled, adding an IMA rule which\nwas supposed to be processed by SELinux would cause ima_match_rules() to\nalways succeed, ignoring any remaining rules. (CVE-2011-0006, Low)\n\n* A missing initialization flaw in the XFS file system implementation could\nlead to an information leak. (CVE-2011-0711, Low)\n\n* Buffer overflow flaws in snd_usb_caiaq_audio_init() and\nsnd_usb_caiaq_midi_init() could allow a local, unprivileged user with\naccess to a Native Instruments USB audio device to cause a denial of\nservice or escalate their privileges. (CVE-2011-0712, Low)\n\n* The start_code and end_code values in \"/proc/[pid]/stat\" were not\nprotected. In certain scenarios, this flaw could be used to defeat Address\nSpace Layout Randomization (ASLR). (CVE-2011-0726, Low)\n\n* A flaw in dev_load() could allow a local user who has the CAP_NET_ADMIN\ncapability to load arbitrary modules from \"/lib/modules/\", instead of only\nnetdev modules. (CVE-2011-1019, Low)\n\n* A flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to\ncause an information leak. (CVE-2011-1044, Low)\n\n* A missing validation of a null-terminated string data structure element\nin do_replace() could allow a local user who has the CAP_NET_ADMIN\ncapability to cause an information leak. (CVE-2011-1080, Low)\n\nRed Hat would like to thank Vegard Nossum for reporting CVE-2010-4250;\nVasiliy Kulikov for reporting CVE-2011-1079, CVE-2011-1019, and\nCVE-2011-1080; Dan Rosenberg for reporting CVE-2010-4565 and CVE-2011-0711;\nRafael Dominguez Vega for reporting CVE-2011-0712; and Kees Cook for\nreporting CVE-2011-0726.\n\nThis update also fixes various bugs and adds an enhancement. Documentation\nfor these changes will be available shortly from the Technical Notes\ndocument linked to in the References section.\n\nUsers should upgrade to these updated packages, which contain backported\npatches to resolve these issues, and fix the bugs and add the enhancement\nnoted in the Technical Notes. The system must be rebooted for this update\nto take effect.\n", "modified": "2018-06-06T20:24:11", "published": "2011-05-10T04:00:00", "id": "RHSA-2011:0498", "href": "https://access.redhat.com/errata/RHSA-2011:0498", "type": "redhat", "title": "(RHSA-2011:0498) Important: kernel security, bug fix, and enhancement update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:46:51", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0695", "CVE-2011-0711", "CVE-2011-0726", "CVE-2011-1010", "CVE-2011-1013", "CVE-2011-1019", "CVE-2011-1078", "CVE-2011-1079", "CVE-2011-1080", "CVE-2011-1082", "CVE-2011-1093", "CVE-2011-1163", "CVE-2011-1170", "CVE-2011-1171", "CVE-2011-1172"], "description": "The kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* A race condition in the way the Linux kernel's InfiniBand implementation\nset up new connections could allow a remote user to cause a denial of\nservice. (CVE-2011-0695, Important)\n\n* An integer signedness flaw in drm_modeset_ctl() could allow a local,\nunprivileged user to cause a denial of service or escalate their\nprivileges. (CVE-2011-1013, Important)\n\n* A flaw in dccp_rcv_state_process() could allow a remote attacker to cause\na denial of service, even when the socket was already closed.\n(CVE-2011-1093, Important)\n\n* A missing validation of a null-terminated string data structure element\nin bnep_sock_ioctl() could allow a local user to cause an information leak\nor a denial of service. (CVE-2011-1079, Moderate)\n\n* A flaw in the Linux kernel's Event Poll (epoll) implementation could\nallow a local, unprivileged user to cause a denial of service.\n(CVE-2011-1082, Moderate)\n\n* A missing initialization flaw in the XFS file system implementation could\nlead to an information leak. (CVE-2011-0711, Low)\n\n* The start_code and end_code values in \"/proc/[pid]/stat\" were not\nprotected. In certain scenarios, this flaw could be used to defeat Address\nSpace Layout Randomization (ASLR). (CVE-2011-0726, Low)\n\n* A missing validation check in the Linux kernel's mac_partition()\nimplementation, used for supporting file systems created on Mac OS\noperating systems, could allow a local attacker to cause a denial of\nservice by mounting a disk that contains specially-crafted partitions.\n(CVE-2011-1010, Low)\n\n* A flaw in dev_load() could allow a local user who has the CAP_NET_ADMIN\ncapability to load arbitrary modules from \"/lib/modules/\", instead of only\nnetdev modules. (CVE-2011-1019, Low)\n\n* A missing initialization flaw in sco_sock_getsockopt_old() could allow a\nlocal, unprivileged user to cause an information leak. (CVE-2011-1078, Low)\n\n* A buffer overflow flaw in the DEC Alpha OSF partition implementation in\nthe Linux kernel could allow a local attacker to cause an information leak\nby mounting a disk that contains specially-crafted partition tables.\n(CVE-2011-1163, Low)\n\n* Missing validations of null-terminated string data structure elements\nin the do_replace(), compat_do_replace(), do_ipt_get_ctl(),\ndo_ip6t_get_ctl(), and do_arpt_get_ctl() functions could allow a local user\nwho has the CAP_NET_ADMIN capability to cause an information leak.\n(CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1080, Low)\n\nRed Hat would like to thank Jens Kuehnel for reporting CVE-2011-0695;\nVasiliy Kulikov for reporting CVE-2011-1079, CVE-2011-1019, CVE-2011-1078,\nCVE-2011-1170, CVE-2011-1171, CVE-2011-1172, and CVE-2011-1080; Nelson\nElhage for reporting CVE-2011-1082; Dan Rosenberg for reporting\nCVE-2011-0711; Kees Cook for reporting CVE-2011-0726; and Timo Warns for\nreporting CVE-2011-1010 and CVE-2011-1163.\n\nThis update also fixes various bugs. Documentation for these bug fixes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nUsers should upgrade to these updated packages, which upgrade the kernel-rt\nkernel to version 2.6.33.9-rt31, and correct these issues. The system must\nbe rebooted for this update to take effect.\n", "modified": "2019-03-22T23:44:44", "published": "2011-05-10T04:00:00", "id": "RHSA-2011:0500", "href": "https://access.redhat.com/errata/RHSA-2011:0500", "type": "redhat", "title": "(RHSA-2011:0500) Important: kernel-rt security and bug fix update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:46:01", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0726", "CVE-2011-1078", "CVE-2011-1079", "CVE-2011-1080", "CVE-2011-1093", "CVE-2011-1163", "CVE-2011-1166", "CVE-2011-1170", "CVE-2011-1171", "CVE-2011-1172", "CVE-2011-1494", "CVE-2011-1495", "CVE-2011-1577", "CVE-2011-1763"], "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* A flaw in the dccp_rcv_state_process() function could allow a remote\nattacker to cause a denial of service, even when the socket was already\nclosed. (CVE-2011-1093, Important)\n\n* Multiple buffer overflow flaws were found in the Linux kernel's\nManagement Module Support for Message Passing Technology (MPT) based\ncontrollers. A local, unprivileged user could use these flaws to cause a\ndenial of service, an information leak, or escalate their privileges.\n(CVE-2011-1494, CVE-2011-1495, Important)\n\n* A missing validation of a null-terminated string data structure element\nin the bnep_sock_ioctl() function could allow a local user to cause an\ninformation leak or a denial of service. (CVE-2011-1079, Moderate)\n\n* Missing error checking in the way page tables were handled in the Xen\nhypervisor implementation could allow a privileged guest user to cause the\nhost, and the guests, to lock up. (CVE-2011-1166, Moderate)\n\n* A flaw was found in the way the Xen hypervisor implementation checked for\nthe upper boundary when getting a new event channel port. A privileged\nguest user could use this flaw to cause a denial of service or escalate\ntheir privileges. (CVE-2011-1763, Moderate)\n\n* The start_code and end_code values in \"/proc/[pid]/stat\" were not\nprotected. In certain scenarios, this flaw could be used to defeat Address\nSpace Layout Randomization (ASLR). (CVE-2011-0726, Low)\n\n* A missing initialization flaw in the sco_sock_getsockopt() function could\nallow a local, unprivileged user to cause an information leak.\n(CVE-2011-1078, Low)\n\n* A missing validation of a null-terminated string data structure element\nin the do_replace() function could allow a local user who has the\nCAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1080, Low)\n\n* A buffer overflow flaw in the DEC Alpha OSF partition implementation in\nthe Linux kernel could allow a local attacker to cause an information leak\nby mounting a disk that contains specially-crafted partition tables.\n(CVE-2011-1163, Low)\n\n* Missing validations of null-terminated string data structure elements in\nthe do_replace(), compat_do_replace(), do_ipt_get_ctl(), do_ip6t_get_ctl(),\nand do_arpt_get_ctl() functions could allow a local user who has the\nCAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1170,\nCVE-2011-1171, CVE-2011-1172, Low)\n\n* A heap overflow flaw in the Linux kernel's EFI GUID Partition Table (GPT)\nimplementation could allow a local attacker to cause a denial of service\nby mounting a disk that contains specially-crafted partition tables.\n(CVE-2011-1577, Low)\n\nRed Hat would like to thank Dan Rosenberg for reporting CVE-2011-1494 and\nCVE-2011-1495; Vasiliy Kulikov for reporting CVE-2011-1079, CVE-2011-1078,\nCVE-2011-1080, CVE-2011-1170, CVE-2011-1171, and CVE-2011-1172; Kees Cook\nfor reporting CVE-2011-0726; and Timo Warns for reporting CVE-2011-1163\nand CVE-2011-1577.\n\nThis update also fixes several bugs. Documentation for these bug fixes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues, and fix the bugs noted in the Technical\nNotes. The system must be rebooted for this update to take effect.\n", "modified": "2017-09-08T12:14:44", "published": "2011-05-31T04:00:00", "id": "RHSA-2011:0833", "href": "https://access.redhat.com/errata/RHSA-2011:0833", "type": "redhat", "title": "(RHSA-2011:0833) Important: kernel security and bug fix update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:44:46", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4649", "CVE-2011-0695", "CVE-2011-0711", "CVE-2011-1044", "CVE-2011-1182", "CVE-2011-1573", "CVE-2011-1576", "CVE-2011-1593", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1776", "CVE-2011-1936", "CVE-2011-2022", "CVE-2011-2213", "CVE-2011-2492"], "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* An integer overflow flaw in ib_uverbs_poll_cq() could allow a local,\nunprivileged user to cause a denial of service or escalate their\nprivileges. (CVE-2010-4649, Important)\n\n* A race condition in the way new InfiniBand connections were set up could\nallow a remote user to cause a denial of service. (CVE-2011-0695,\nImportant)\n\n* A flaw in the Stream Control Transmission Protocol (SCTP) implementation\ncould allow a remote attacker to cause a denial of service if the sysctl\n\"net.sctp.addip_enable\" variable was turned on (it is off by default).\n(CVE-2011-1573, Important)\n\n* Flaws in the AGPGART driver implementation when handling certain IOCTL\ncommands could allow a local, unprivileged user to cause a denial of\nservice or escalate their privileges. (CVE-2011-1745, CVE-2011-2022,\nImportant)\n\n* An integer overflow flaw in agp_allocate_memory() could allow a local,\nunprivileged user to cause a denial of service or escalate their\nprivileges. (CVE-2011-1746, Important)\n\n* A flaw allowed napi_reuse_skb() to be called on VLAN (virtual LAN)\npackets. An attacker on the local network could trigger this flaw by\nsending specially-crafted packets to a target system, possibly causing a\ndenial of service. (CVE-2011-1576, Moderate)\n\n* An integer signedness error in next_pidmap() could allow a local,\nunprivileged user to cause a denial of service. (CVE-2011-1593, Moderate)\n\n* A flaw in the way the Xen hypervisor implementation handled CPUID\ninstruction emulation during virtual machine exits could allow an\nunprivileged guest user to crash a guest. This only affects systems that\nhave an Intel x86 processor with the Intel VT-x extension enabled.\n(CVE-2011-1936, Moderate)\n\n* A flaw in inet_diag_bc_audit() could allow a local, unprivileged user to\ncause a denial of service (infinite loop). (CVE-2011-2213, Moderate)\n\n* A missing initialization flaw in the XFS file system implementation\ncould lead to an information leak. (CVE-2011-0711, Low)\n\n* A flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to\ncause an information leak. (CVE-2011-1044, Low)\n\n* A missing validation check was found in the signals implementation. A\nlocal, unprivileged user could use this flaw to send signals via the\nsigqueueinfo system call, with the si_code set to SI_TKILL and with spoofed\nprocess and user IDs, to other processes. Note: This flaw does not allow\nexisting permission checks to be bypassed; signals can only be sent if your\nprivileges allow you to already do so. (CVE-2011-1182, Low)\n\n* A heap overflow flaw in the EFI GUID Partition Table (GPT) implementation\ncould allow a local attacker to cause a denial of service by mounting a\ndisk containing specially-crafted partition tables. (CVE-2011-1776, Low)\n\n* Structure padding in two structures in the Bluetooth implementation\nwas not initialized properly before being copied to user-space, possibly\nallowing local, unprivileged users to leak kernel stack memory to\nuser-space. (CVE-2011-2492, Low)\n\nRed Hat would like to thank Jens Kuehnel for reporting CVE-2011-0695;\nVasiliy Kulikov for reporting CVE-2011-1745, CVE-2011-2022, and\nCVE-2011-1746; Ryan Sweat for reporting CVE-2011-1576; Robert Swiecki for\nreporting CVE-2011-1593; Dan Rosenberg for reporting CVE-2011-2213 and\nCVE-2011-0711; Julien Tinnes of the Google Security Team for reporting\nCVE-2011-1182; Timo Warns for reporting CVE-2011-1776; and Marek Kroemeke\nand Filip Palian for reporting CVE-2011-2492.\n\nBug fix documentation will be available shortly from the Technical Notes\ndocument linked to in the References.\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues, and fix the bugs noted in the Technical\nNotes. The system must be rebooted for this update to take effect.\n", "modified": "2017-09-08T12:14:10", "published": "2011-07-15T04:00:00", "id": "RHSA-2011:0927", "href": "https://access.redhat.com/errata/RHSA-2011:0927", "type": "redhat", "title": "(RHSA-2011:0927) Important: kernel security and bug fix update", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-04T10:03:52", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3477", "CVE-2010-4160", "CVE-2010-4162", "CVE-2010-4163", "CVE-2010-4165", "CVE-2010-4242", "CVE-2010-4248", "CVE-2010-4249", "CVE-2010-4250", "CVE-2010-4346", "CVE-2010-4347", "CVE-2010-4565", "CVE-2010-4648", "CVE-2010-4649", "CVE-2010-4655", "CVE-2010-4656", "CVE-2010-4668", "CVE-2011-0521", "CVE-2011-1044"], "description": "The kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes:\n\n* Missing boundary checks in the PPP over L2TP sockets implementation could\nallow a local, unprivileged user to cause a denial of service or escalate\ntheir privileges. (CVE-2010-4160, Important)\n\n* Integer overflow in ib_uverbs_poll_cq() could allow a local, unprivileged\nuser to cause a denial of service or escalate their privileges.\n(CVE-2010-4649, Important)\n\n* Missing boundary check in dvb_ca_ioctl() in the av7110 module. On systems\nusing old DVB cards requiring the av7110 module, a local, unprivileged user\ncould use this flaw to cause a denial of service or escalate their\nprivileges. (CVE-2011-0521, Important)\n\n* Flaw in tcf_act_police_dump() in the network traffic policing\nimplementation could allow a local, unprivileged user to cause an\ninformation leak. (CVE-2010-3477, Moderate)\n\n* Missing boundary checks in the block layer implementation could allow a\nlocal, unprivileged user to cause a denial of service. (CVE-2010-4162,\nCVE-2010-4163, CVE-2010-4668, Moderate)\n\n* Divide-by-zero flaw in tcp_select_initial_window() in the Linux kernel's\nTCP/IP protocol suite implementation could allow a local, unprivileged user\nto cause a denial of service. (CVE-2010-4165, Moderate)\n\n* NULL pointer dereference flaw in the Bluetooth HCI UART driver could\nallow a local, unprivileged user to cause a denial of service.\n(CVE-2010-4242, Moderate)\n\n* Flaw in the CPU time clocks implementation for the POSIX clock interface\ncould allow a local, unprivileged user to cause a denial of service.\n(CVE-2010-4248, Moderate)\n\n* Flaw in the garbage collector for AF_UNIX sockets could allow a local,\nunprivileged user to trigger a denial of service (out-of-memory condition).\n(CVE-2010-4249, Moderate)\n\n* Memory leak in the inotify_init() system call. In some cases, it could\nleak a group, which could allow a local, unprivileged user to eventually\ncause a denial of service. (CVE-2010-4250, Moderate)\n\n* /sys/kernel/debug/acpi/custom_method had world-writable permissions,\nwhich could allow a local, unprivileged user to escalate their privileges.\nNote: The debugfs file system must be mounted locally to exploit this\nissue. It is not mounted by default. (CVE-2010-4347, Moderate)\n\n* Heap overflow in iowarrior_write() could allow a user with access to an\nIO-Warrior USB device to cause a denial of service or escalate their\nprivileges. (CVE-2010-4656, Moderate)\n\n* Missing security check in the Linux kernel's implementation of the\ninstall_special_mapping routine could allow a local, unprivileged user to\nbypass the mmap_min_addr protection mechanism. (CVE-2010-4346, Low)\n\n* Information leak in bcm_connect() in the Controller Area Network (CAN)\nBroadcast Manager implementation could allow a local, unprivileged user to\nleak kernel mode addresses in /proc/net/can-bcm. (CVE-2010-4565, Low)\n\n* A logic error in orinoco_ioctl_set_auth() in the Linux kernel's ORiNOCO\nwireless extensions support implementation could render TKIP\ncountermeasures ineffective when it is enabled, as it enabled the card\ninstead of shutting it down. (CVE-2010-4648, Low)\n\n* Missing initialization flaw in ethtool_get_regs() could allow a local\nuser who has the CAP_NET_ADMIN capability to cause an information leak.\n(CVE-2010-4655, Low)\n\n* Flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to\ncause an information leak. (CVE-2011-1044, Low)\n\nRed Hat would like to thank Dan Rosenberg for reporting CVE-2010-4160,\nCVE-2010-4162, CVE-2010-4163, CVE-2010-4668, and CVE-2010-4565; Steve Chen\nfor reporting CVE-2010-4165; Alan Cox for reporting CVE-2010-4242; Vegard\nNossum for reporting CVE-2010-4249 and CVE-2010-4250; Kees Cook for\nreporting CVE-2010-4656 and CVE-2010-4655; and Tavis Ormandy for reporting\nCVE-2010-4346.\n\nThis update also fixes three bugs. Documentation for these bug fixes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n", "modified": "2019-03-22T23:44:22", "published": "2011-03-10T05:00:00", "id": "RHSA-2011:0330", "href": "https://access.redhat.com/errata/RHSA-2011:0330", "type": "redhat", "title": "(RHSA-2011:0330) Important: kernel-rt security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2018-01-02T10:57:55", "description": "Check for the Version of kernel", "edition": 3, "published": "2012-06-06T00:00:00", "title": "RedHat Update for kernel RHSA-2011:0498-01", "type": "openvas", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4649", "CVE-2011-1573", "CVE-2011-0006", "CVE-2011-0711", "CVE-2011-1079", "CVE-2011-1044", "CVE-2011-0712", "CVE-2011-1019", "CVE-2011-1013", "CVE-2010-4250", "CVE-2011-1093", "CVE-2011-1016", "CVE-2011-0726", "CVE-2010-4565", "CVE-2011-1080"], "modified": "2017-12-28T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870632", "id": "OPENVAS:870632", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2011:0498-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n Security fixes:\n\n * An integer overflow flaw in ib_uverbs_poll_cq() could allow a local,\n unprivileged user to cause a denial of service or escalate their\n privileges. (CVE-2010-4649, Important)\n\n * An integer signedness flaw in drm_modeset_ctl() could allow a local,\n unprivileged user to cause a denial of service or escalate their\n privileges. (CVE-2011-1013, Important)\n\n * The Radeon GPU drivers in the Linux kernel were missing sanity checks for\n the Anti Aliasing (AA) resolve register values which could allow a local,\n unprivileged user to cause a denial of service or escalate their privileges\n on systems using a graphics card from the ATI Radeon R300, R400, or R500\n family of cards. (CVE-2011-1016, Important)\n\n * A flaw in dccp_rcv_state_process() could allow a remote attacker to\n cause a denial of service, even when the socket was already closed.\n (CVE-2011-1093, Important)\n\n * A flaw in the Linux kernel's Stream Control Transmission Protocol (SCTP)\n implementation could allow a remote attacker to cause a denial of service\n if the sysctl &quot;net.sctp.addip_enable&quot; and &quot;auth_enable&quot; variables were\n turned on (they are off by default). (CVE-2011-1573, Important)\n\n * A memory leak in the inotify_init() system call. In some cases, it could\n leak a group, which could allow a local, unprivileged user to eventually\n cause a denial of service. (CVE-2010-4250, Moderate)\n\n * A missing validation of a null-terminated string data structure element\n in bnep_sock_ioctl() could allow a local user to cause an information leak\n or a denial of service. (CVE-2011-1079, Moderate)\n\n * An information leak in bcm_connect() in the Controller Area Network (CAN)\n Broadcast Manager implementation could allow a local, unprivileged user to\n leak kernel mode addresses in &quot;/proc/net/can-bcm&quot;. (CVE-2010-4565, Low)\n\n * A flaw was found in the Linux kernel's Integrity Measurement Architecture\n (IMA) implementation. When SELinux was disabled, adding an IMA rule which\n was supposed to be processed by SELinux would cause ima_match_rules() to\n always succeed, ignoring any remaining rules. (CVE-2011-0006, Low)\n\n * A missing initialization flaw in the XFS file system implementation could\n lead to an information leak. (CVE-2011-0711, Low)\n\n * Buffer overflow flaws in snd_usb_caiaq_audio_init() and\n snd_usb_caiaq_midi_init() could allow a l ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"kernel on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-May/msg00008.html\");\n script_id(870632);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-06 10:37:21 +0530 (Wed, 06 Jun 2012)\");\n script_cve_id(\"CVE-2010-4250\", \"CVE-2010-4565\", \"CVE-2010-4649\", \"CVE-2011-0006\",\n \"CVE-2011-0711\", \"CVE-2011-0712\", \"CVE-2011-0726\", \"CVE-2011-1013\",\n \"CVE-2011-1016\", \"CVE-2011-1019\", \"CVE-2011-1044\", \"CVE-2011-1079\",\n \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1573\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"RHSA\", value: \"2011:0498-01\");\n script_name(\"RedHat Update for kernel RHSA-2011:0498-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-i686\", rpm:\"kernel-debuginfo-common-i686~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:16", "description": "The remote host is missing an update for the ", "edition": 8, "published": "2012-06-06T00:00:00", "title": "RedHat Update for kernel RHSA-2011:0498-01", "type": "openvas", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4649", "CVE-2011-1573", "CVE-2011-0006", "CVE-2011-0711", "CVE-2011-1079", "CVE-2011-1044", "CVE-2011-0712", "CVE-2011-1019", "CVE-2011-1013", "CVE-2010-4250", "CVE-2011-1093", "CVE-2011-1016", "CVE-2011-0726", "CVE-2010-4565", "CVE-2011-1080"], "modified": "2019-03-12T00:00:00", "id": "OPENVAS:1361412562310870632", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870632", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2011:0498-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-May/msg00008.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870632\");\n script_version(\"$Revision: 14114 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-12 12:48:52 +0100 (Tue, 12 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-06 10:37:21 +0530 (Wed, 06 Jun 2012)\");\n script_cve_id(\"CVE-2010-4250\", \"CVE-2010-4565\", \"CVE-2010-4649\", \"CVE-2011-0006\",\n \"CVE-2011-0711\", \"CVE-2011-0712\", \"CVE-2011-0726\", \"CVE-2011-1013\",\n \"CVE-2011-1016\", \"CVE-2011-1019\", \"CVE-2011-1044\", \"CVE-2011-1079\",\n \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1573\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"RHSA\", value:\"2011:0498-01\");\n script_name(\"RedHat Update for kernel RHSA-2011:0498-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"kernel on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n Security fixes:\n\n * An integer overflow flaw in ib_uverbs_poll_cq() could allow a local,\n unprivileged user to cause a denial of service or escalate their\n privileges. (CVE-2010-4649, Important)\n\n * An integer signedness flaw in drm_modeset_ctl() could allow a local,\n unprivileged user to cause a denial of service or escalate their\n privileges. (CVE-2011-1013, Important)\n\n * The Radeon GPU drivers in the Linux kernel were missing sanity checks for\n the Anti Aliasing (AA) resolve register values which could allow a local,\n unprivileged user to cause a denial of service or escalate their privileges\n on systems using a graphics card from the ATI Radeon R300, R400, or R500\n family of cards. (CVE-2011-1016, Important)\n\n * A flaw in dccp_rcv_state_process() could allow a remote attacker to\n cause a denial of service, even when the socket was already closed.\n (CVE-2011-1093, Important)\n\n * A flaw in the Linux kernel's Stream Control Transmission Protocol (SCTP)\n implementation could allow a remote attacker to cause a denial of service\n if the sysctl 'net.sctp.addip_enable' and 'auth_enable' variables were\n turned on (they are off by default). (CVE-2011-1573, Important)\n\n * A memory leak in the inotify_init() system call. In some cases, it could\n leak a group, which could allow a local, unprivileged user to eventually\n cause a denial of service. (CVE-2010-4250, Moderate)\n\n * A missing validation of a null-terminated string data structure element\n in bnep_sock_ioctl() could allow a local user to cause an information leak\n or a denial of service. (CVE-2011-1079, Moderate)\n\n * An information leak in bcm_connect() in the Controller Area Network (CAN)\n Broadcast Manager implementation could allow a local, unprivileged user to\n leak kernel mode addresses in '/proc/net/can-bcm'. (CVE-2010-4565, Low)\n\n * A flaw was found in the Linux kernel's Integrity Measurement Architecture\n (IMA) implementation. When SELinux was disabled, adding an IMA rule which\n was supposed to be processed by SELinux would cause ima_match_rules() to\n always succeed, ignoring any remaining rules. (CVE-2011-0006, Low)\n\n * A missing initialization flaw in the XFS file system implementation could\n lead to an information leak. (CVE-2011-0711, Low)\n\n * Buffer overflow flaws in snd_usb_caiaq_audio_init() and\n snd_usb_caiaq_midi_init() could allow a l ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-i686\", rpm:\"kernel-debuginfo-common-i686~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:53", "description": "Oracle Linux Local Security Checks ELSA-2011-2015", "edition": 6, "published": "2015-10-06T00:00:00", "title": "Oracle Linux Local Check: ELSA-2011-2015", "type": "openvas", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4649", "CVE-2011-1573", "CVE-2011-0006", "CVE-2011-0711", "CVE-2011-1079", "CVE-2011-1044", "CVE-2011-0712", "CVE-2011-1019", "CVE-2011-1013", "CVE-2011-1093", "CVE-2011-1016", "CVE-2011-0726", "CVE-2010-4565", "CVE-2011-1080"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122177", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122177", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-2015.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122177\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:14:18 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-2015\");\n script_tag(name:\"insight\", value:\"ELSA-2011-2015 - Oracle Linux 6 Unbreakable Enterprise kernel security fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-2015\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-2015.html\");\n script_cve_id(\"CVE-2010-4565\", \"CVE-2010-4649\", \"CVE-2011-0006\", \"CVE-2011-0711\", \"CVE-2011-0712\", \"CVE-2011-0726\", \"CVE-2011-1013\", \"CVE-2011-1016\", \"CVE-2011-1019\", \"CVE-2011-1044\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1573\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.32~100.28.15.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.32~100.28.15.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.32~100.28.15.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.32~100.28.15.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.32~100.28.15.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.32~100.28.15.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-headers\", rpm:\"kernel-uek-headers~2.6.32~100.28.15.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~100.28.15.el5~1.5.1~4.0.28\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~100.28.15.el5debug~1.5.1~4.0.28\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.32~100.28.15.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.32~100.28.15.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.32~100.28.15.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.32~100.28.15.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.32~100.28.15.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.32~100.28.15.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-headers\", rpm:\"kernel-uek-headers~2.6.32~100.28.15.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-12-04T11:26:35", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1141-1", "edition": 4, "published": "2011-06-06T00:00:00", "title": "Ubuntu Update for linux USN-1141-1", "type": "openvas", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0521", "CVE-2010-4529", "CVE-2011-0695", "CVE-2011-1083", "CVE-2011-1012", "CVE-2010-4656", "CVE-2011-0463", "CVE-2010-4263", "CVE-2011-0712", "CVE-2011-1019", "CVE-2010-4243", "CVE-2011-1013", "CVE-2010-4342", "CVE-2011-1010", "CVE-2011-1016", "CVE-2011-1082", "CVE-2011-0726", "CVE-2011-1182", "CVE-2010-4565"], "modified": "2017-12-01T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840671", "id": "OPENVAS:840671", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1141_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux USN-1141-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Brad Spengler discovered that the kernel did not correctly account for\n userspace memory allocations during exec() calls. A local attacker could\n exploit this to consume all system memory, leading to a denial of service.\n (CVE-2010-4243)\n\n Alexander Duyck discovered that the Intel Gigabit Ethernet driver did not\n correctly handle certain configurations. If such a device was configured\n without VLANs, a remote attacker could crash the system, leading to a\n denial of service. (CVE-2010-4263)\n \n Nelson Elhage discovered that Econet did not correctly handle AUN packets\n over UDP. A local attacker could send specially crafted traffic to crash\n the system, leading to a denial of service. (CVE-2010-4342)\n \n Dan Rosenberg discovered that IRDA did not correctly check the size of\n buffers. On non-x86 systems, a local attacker could exploit this to read\n kernel heap memory, leading to a loss of privacy. (CVE-2010-4529)\n \n Dan Rosenburg discovered that the CAN subsystem leaked kernel addresses\n into the /proc filesystem. A local attacker could use this to increase\n the chances of a successful memory corruption exploit. (CVE-2010-4565)\n \n Kees Cook discovered that the IOWarrior USB device driver did not\n correctly check certain size fields. A local attacker with physical\n access could plug in a specially crafted USB device to crash the system\n or potentially gain root privileges. (CVE-2010-4656)\n \n Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly\n clear memory when writing certain file holes. A local attacker could\n exploit this to read uninitialized data from the disk, leading to a loss\n of privacy. (CVE-2011-0463)\n \n Dan Carpenter discovered that the TTPCI DVB driver did not check certain\n values during an ioctl. If the dvb-ttpci module was loaded, a local\n attacker could exploit this to crash the system, leading to a denial of\n service, or possibly gain root privileges. (CVE-2011-0521)\n \n Jens Kuehnel discovered that the InfiniBand driver contained a race\n condition. On systems using InfiniBand, a local attacker could send\n specially crafted requests to crash the system, leading to a denial of\n service. (CVE-2011-0695)\n \n Rafael Dominguez Vega discovered that the caiaq Native Instruments USB\n driver did not correctly validate string lengths. A local attacker with\n physical access could plug in a specially crafted USB device to crash\n the system or potentially gain root privileges. (CVE-2011-0712)\n \n Kees Cook reported that /proc/pid/stat did not correctly filter certain\n memory locations. A local attacker could determine the mem ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1141-1\";\ntag_affected = \"linux on Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1141-1/\");\n script_id(840671);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-06 16:56:27 +0200 (Mon, 06 Jun 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1141-1\");\n script_cve_id(\"CVE-2010-4243\", \"CVE-2010-4263\", \"CVE-2010-4342\", \"CVE-2010-4529\", \"CVE-2010-4565\", \"CVE-2010-4656\", \"CVE-2011-0463\", \"CVE-2011-0521\", \"CVE-2011-0695\", \"CVE-2011-0712\", \"CVE-2011-0726\", \"CVE-2011-1010\", \"CVE-2011-1012\", \"CVE-2011-1013\", \"CVE-2011-1016\", \"CVE-2011-1019\", \"CVE-2011-1082\", \"CVE-2011-1083\", \"CVE-2011-1182\");\n script_name(\"Ubuntu Update for linux USN-1141-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-316-ec2\", ver:\"2.6.32-316.31\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-386\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-generic\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-generic-pae\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-ia64\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-lpia\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-powerpc\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-powerpc-smp\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-powerpc64-smp\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-preempt\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-server\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-sparc64\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-sparc64-smp\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-versatile\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-virtual\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-08-08T14:23:48", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1141-1", "edition": 9, "published": "2011-06-06T00:00:00", "title": "Ubuntu Update for linux USN-1141-1", "type": "openvas", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0521", "CVE-2010-4529", "CVE-2011-0695", "CVE-2011-1083", "CVE-2011-1012", "CVE-2010-4656", "CVE-2011-0463", "CVE-2010-4263", "CVE-2011-0712", "CVE-2011-1019", "CVE-2010-4243", "CVE-2011-1013", "CVE-2010-4342", "CVE-2011-1010", "CVE-2011-1016", "CVE-2011-1082", "CVE-2011-0726", "CVE-2011-1182", "CVE-2010-4565"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840671", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840671", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1141_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux USN-1141-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1141-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840671\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-06 16:56:27 +0200 (Mon, 06 Jun 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1141-1\");\n script_cve_id(\"CVE-2010-4243\", \"CVE-2010-4263\", \"CVE-2010-4342\", \"CVE-2010-4529\", \"CVE-2010-4565\", \"CVE-2010-4656\", \"CVE-2011-0463\", \"CVE-2011-0521\", \"CVE-2011-0695\", \"CVE-2011-0712\", \"CVE-2011-0726\", \"CVE-2011-1010\", \"CVE-2011-1012\", \"CVE-2011-1013\", \"CVE-2011-1016\", \"CVE-2011-1019\", \"CVE-2011-1082\", \"CVE-2011-1083\", \"CVE-2011-1182\");\n script_name(\"Ubuntu Update for linux USN-1141-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1141-1\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Brad Spengler discovered that the kernel did not correctly account for\n userspace memory allocations during exec() calls. A local attacker could\n exploit this to consume all system memory, leading to a denial of service.\n (CVE-2010-4243)\n\n Alexander Duyck discovered that the Intel Gigabit Ethernet driver did not\n correctly handle certain configurations. If such a device was configured\n without VLANs, a remote attacker could crash the system, leading to a\n denial of service. (CVE-2010-4263)\n\n Nelson Elhage discovered that Econet did not correctly handle AUN packets\n over UDP. A local attacker could send specially crafted traffic to crash\n the system, leading to a denial of service. (CVE-2010-4342)\n\n Dan Rosenberg discovered that IRDA did not correctly check the size of\n buffers. On non-x86 systems, a local attacker could exploit this to read\n kernel heap memory, leading to a loss of privacy. (CVE-2010-4529)\n\n Dan Rosenburg discovered that the CAN subsystem leaked kernel addresses\n into the /proc filesystem. A local attacker could use this to increase\n the chances of a successful memory corruption exploit. (CVE-2010-4565)\n\n Kees Cook discovered that the IOWarrior USB device driver did not\n correctly check certain size fields. A local attacker with physical\n access could plug in a specially crafted USB device to crash the system\n or potentially gain root privileges. (CVE-2010-4656)\n\n Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly\n clear memory when writing certain file holes. A local attacker could\n exploit this to read uninitialized data from the disk, leading to a loss\n of privacy. (CVE-2011-0463)\n\n Dan Carpenter discovered that the TTPCI DVB driver did not check certain\n values during an ioctl. If the dvb-ttpci module was loaded, a local\n attacker could exploit this to crash the system, leading to a denial of\n service, or possibly gain root privileges. (CVE-2011-0521)\n\n Jens Kuehnel discovered that the InfiniBand driver contained a race\n condition. On systems using InfiniBand, a local attacker could send\n specially crafted requests to crash the system, leading to a denial of\n service. (CVE-2011-0695)\n\n Rafael Dominguez Vega discovered that the caiaq Native Instruments USB\n driver did not correctly validate string lengths. A local attacker with\n physical access could plug in a specially crafted USB device to crash\n the system or potentially gain root privileges. (CVE-2011-0712)\n\n Kees Cook reported that /proc/pid/stat did not correctly filter certain\n memory locations. A local attacker could determine the mem ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-316-ec2\", ver:\"2.6.32-316.31\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-386\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-generic\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-generic-pae\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-ia64\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-lpia\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-powerpc\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-powerpc-smp\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-powerpc64-smp\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-preempt\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-server\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-sparc64\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-sparc64-smp\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-versatile\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-virtual\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:26:47", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1160-1", "edition": 4, "published": "2011-07-08T00:00:00", "title": "Ubuntu Update for linux USN-1160-1", "type": "openvas", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1017", "CVE-2011-0521", "CVE-2010-4529", "CVE-2011-0695", "CVE-2011-1083", "CVE-2011-1494", "CVE-2011-1012", "CVE-2010-4656", "CVE-2011-0463", "CVE-2011-0711", "CVE-2011-2022", "CVE-2011-0712", "CVE-2011-1019", "CVE-2011-1495", "CVE-2011-1169", "CVE-2011-1013", "CVE-2011-1010", "CVE-2011-1016", "CVE-2011-1593", "CVE-2011-1748", "CVE-2011-1082", "CVE-2011-0726", "CVE-2011-1745", "CVE-2011-1182", "CVE-2010-4565"], "modified": "2017-12-01T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840691", "id": "OPENVAS:840691", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1160_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux USN-1160-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Dan Rosenberg discovered that IRDA did not correctly check the size of\n buffers. On non-x86 systems, a local attacker could exploit this to read\n kernel heap memory, leading to a loss of privacy. (CVE-2010-4529)\n\n Dan Rosenburg discovered that the CAN subsystem leaked kernel addresses\n into the /proc filesystem. A local attacker could use this to increase the\n chances of a successful memory corruption exploit. (CVE-2010-4565)\n \n Kees Cook discovered that the IOWarrior USB device driver did not correctly\n check certain size fields. A local attacker with physical access could plug\n in a specially crafted USB device to crash the system or potentially gain\n root privileges. (CVE-2010-4656)\n \n Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly\n clear memory when writing certain file holes. A local attacker could\n exploit this to read uninitialized data from the disk, leading to a loss of\n privacy. (CVE-2011-0463)\n \n Dan Carpenter discovered that the TTPCI DVB driver did not check certain\n values during an ioctl. If the dvb-ttpci module was loaded, a local\n attacker could exploit this to crash the system, leading to a denial of\n service, or possibly gain root privileges. (CVE-2011-0521)\n \n Jens Kuehnel discovered that the InfiniBand driver contained a race\n condition. On systems using InfiniBand, a local attacker could send\n specially crafted requests to crash the system, leading to a denial of\n service. (CVE-2011-0695)\n \n Dan Rosenberg discovered that XFS did not correctly initialize memory. A\n local attacker could make crafted ioctl calls to leak portions of kernel\n stack memory, leading to a loss of privacy. (CVE-2011-0711)\n \n Rafael Dominguez Vega discovered that the caiaq Native Instruments USB\n driver did not correctly validate string lengths. A local attacker with\n physical access could plug in a specially crafted USB device to crash the\n system or potentially gain root privileges. (CVE-2011-0712)\n \n Kees Cook reported that /proc/pid/stat did not correctly filter certain\n memory locations. A local attacker could determine the memory layout of\n processes in an attempt to increase the chances of a successful memory\n corruption exploit. (CVE-2011-0726)\n \n Timo Warns discovered that MAC partition parsing routines did not correctly\n calculate block counts. A local attacker with physical access could plug in\n a specially crafted block device to crash the system or potentially gain\n root privileges. (CVE-2011-1010)\n \n Timo Warns discovered that LDM partition parsing routines did not correctly\n calculate block counts. A local attac ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1160-1\";\ntag_affected = \"linux on Ubuntu 10.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1160-1/\");\n script_id(840691);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-08 16:31:28 +0200 (Fri, 08 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1160-1\");\n script_cve_id(\"CVE-2010-4529\", \"CVE-2010-4565\", \"CVE-2010-4656\", \"CVE-2011-0463\", \"CVE-2011-0521\", \"CVE-2011-0695\", \"CVE-2011-0711\", \"CVE-2011-0712\", \"CVE-2011-0726\", \"CVE-2011-1010\", \"CVE-2011-1012\", \"CVE-2011-1013\", \"CVE-2011-1016\", \"CVE-2011-1017\", \"CVE-2011-1019\", \"CVE-2011-1082\", \"CVE-2011-1083\", \"CVE-2011-1169\", \"CVE-2011-1182\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1593\", \"CVE-2011-1745\", \"CVE-2011-2022\", \"CVE-2011-1748\");\n script_name(\"Ubuntu Update for linux USN-1160-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-generic\", ver:\"2.6.35-30.54\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-generic-pae\", ver:\"2.6.35-30.54\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-omap\", ver:\"2.6.35-30.54\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-powerpc\", ver:\"2.6.35-30.54\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-powerpc-smp\", ver:\"2.6.35-30.54\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-powerpc64-smp\", ver:\"2.6.35-30.54\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-server\", ver:\"2.6.35-30.54\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-versatile\", ver:\"2.6.35-30.54\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-virtual\", ver:\"2.6.35-30.54\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:46", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1160-1", "edition": 8, "published": "2011-07-08T00:00:00", "title": "Ubuntu Update for linux USN-1160-1", "type": "openvas", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1017", "CVE-2011-0521", "CVE-2010-4529", "CVE-2011-0695", "CVE-2011-1083", "CVE-2011-1494", "CVE-2011-1012", "CVE-2010-4656", "CVE-2011-0463", "CVE-2011-0711", "CVE-2011-2022", "CVE-2011-0712", "CVE-2011-1019", "CVE-2011-1495", "CVE-2011-1169", "CVE-2011-1013", "CVE-2011-1010", "CVE-2011-1016", "CVE-2011-1593", "CVE-2011-1748", "CVE-2011-1082", "CVE-2011-0726", "CVE-2011-1745", "CVE-2011-1182", "CVE-2010-4565"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840691", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840691", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1160_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux USN-1160-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1160-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840691\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-08 16:31:28 +0200 (Fri, 08 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1160-1\");\n script_cve_id(\"CVE-2010-4529\", \"CVE-2010-4565\", \"CVE-2010-4656\", \"CVE-2011-0463\", \"CVE-2011-0521\", \"CVE-2011-0695\", \"CVE-2011-0711\", \"CVE-2011-0712\", \"CVE-2011-0726\", \"CVE-2011-1010\", \"CVE-2011-1012\", \"CVE-2011-1013\", \"CVE-2011-1016\", \"CVE-2011-1017\", \"CVE-2011-1019\", \"CVE-2011-1082\", \"CVE-2011-1083\", \"CVE-2011-1169\", \"CVE-2011-1182\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1593\", \"CVE-2011-1745\", \"CVE-2011-2022\", \"CVE-2011-1748\");\n script_name(\"Ubuntu Update for linux USN-1160-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.10\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1160-1\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 10.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Dan Rosenberg discovered that IRDA did not correctly check the size of\n buffers. On non-x86 systems, a local attacker could exploit this to read\n kernel heap memory, leading to a loss of privacy. (CVE-2010-4529)\n\n Dan Rosenburg discovered that the CAN subsystem leaked kernel addresses\n into the /proc filesystem. A local attacker could use this to increase the\n chances of a successful memory corruption exploit. (CVE-2010-4565)\n\n Kees Cook discovered that the IOWarrior USB device driver did not correctly\n check certain size fields. A local attacker with physical access could plug\n in a specially crafted USB device to crash the system or potentially gain\n root privileges. (CVE-2010-4656)\n\n Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly\n clear memory when writing certain file holes. A local attacker could\n exploit this to read uninitialized data from the disk, leading to a loss of\n privacy. (CVE-2011-0463)\n\n Dan Carpenter discovered that the TTPCI DVB driver did not check certain\n values during an ioctl. If the dvb-ttpci module was loaded, a local\n attacker could exploit this to crash the system, leading to a denial of\n service, or possibly gain root privileges. (CVE-2011-0521)\n\n Jens Kuehnel discovered that the InfiniBand driver contained a race\n condition. On systems using InfiniBand, a local attacker could send\n specially crafted requests to crash the system, leading to a denial of\n service. (CVE-2011-0695)\n\n Dan Rosenberg discovered that XFS did not correctly initialize memory. A\n local attacker could make crafted ioctl calls to leak portions of kernel\n stack memory, leading to a loss of privacy. (CVE-2011-0711)\n\n Rafael Dominguez Vega discovered that the caiaq Native Instruments USB\n driver did not correctly validate string lengths. A local attacker with\n physical access could plug in a specially crafted USB device to crash the\n system or potentially gain root privileges. (CVE-2011-0712)\n\n Kees Cook reported that /proc/pid/stat did not correctly filter certain\n memory locations. A local attacker could determine the memory layout of\n processes in an attempt to increase the chances of a successful memory\n corruption exploit. (CVE-2011-0726)\n\n Timo Warns discovered that MAC partition parsing routines did not correctly\n calculate block counts. A local attacker with physical access could plug in\n a specially crafted block device to crash the system or potentially gain\n root privileges. (CVE-2011-1010)\n\n Timo Warns discovered that LDM partition parsing routines did not correctly\n calculate block counts. A local attac ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-generic\", ver:\"2.6.35-30.54\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-generic-pae\", ver:\"2.6.35-30.54\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-omap\", ver:\"2.6.35-30.54\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-powerpc\", ver:\"2.6.35-30.54\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-powerpc-smp\", ver:\"2.6.35-30.54\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-powerpc64-smp\", ver:\"2.6.35-30.54\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-server\", ver:\"2.6.35-30.54\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-versatile\", ver:\"2.6.35-30.54\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-virtual\", ver:\"2.6.35-30.54\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:26:59", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1189-1", "edition": 4, "published": "2011-08-24T00:00:00", "title": "Ubuntu Update for linux USN-1189-1", "type": "openvas", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1160", "CVE-2011-1078", "CVE-2011-2492", "CVE-2011-1180", "CVE-2011-1079", "CVE-2011-1093", "CVE-2011-1020", "CVE-2011-1493", "CVE-2011-1080"], "modified": "2017-12-01T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840725", "id": "OPENVAS:840725", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1189_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux USN-1189-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that the /proc filesystem did not correctly handle\n permission changes when programs executed. A local attacker could hold open\n files to examine details about programs running with higher privileges,\n potentially increasing the chances of exploiting additional\n vulnerabilities. (CVE-2011-1020)\n\n Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear\n memory. A local attacker could exploit this to read kernel stack memory,\n leading to a loss of privacy. (CVE-2011-1078)\n \n Vasiliy Kulikov discovered that the Bluetooth stack did not correctly check\n that device name strings were NULL terminated. A local attacker could\n exploit this to crash the system, leading to a denial of service, or leak\n contents of kernel stack memory, leading to a loss of privacy.\n (CVE-2011-1079)\n \n Vasiliy Kulikov discovered that bridge network filtering did not check that\n name fields were NULL terminated. A local attacker could exploit this to\n leak contents of kernel stack memory, leading to a loss of privacy.\n (CVE-2011-1080)\n \n Johan Hovold discovered that the DCCP network stack did not correctly\n handle certain packet combinations. A remote attacker could send specially\n crafted network traffic that would crash the system, leading to a denial of\n service. (CVE-2011-1093)\n \n Peter Huewe discovered that the TPM device did not correctly initialize\n memory. A local attacker could exploit this to read kernel heap memory\n contents, leading to a loss of privacy. (CVE-2011-1160)\n \n Dan Rosenberg discovered that the IRDA subsystem did not correctly check\n certain field sizes. If a system was using IRDA, a remote attacker could\n send specially crafted traffic to crash the system or gain root privileges.\n (CVE-2011-1180)\n \n Dan Rosenberg discovered that the X.25 Rose network stack did not correctly\n handle certain fields. If a system was running with Rose enabled, a remote\n attacker could send specially crafted traffic to gain root privileges.\n (CVE-2011-1493)\n \n It was discovered that Bluetooth l2cap and rfcomm did not correctly\n initialize structures. A local attacker could exploit this to read portions\n of the kernel stack, leading to a loss of privacy. (CVE-2011-2492)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1189-1\";\ntag_affected = \"linux on Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1189-1/\");\n script_id(840725);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-24 09:14:07 +0200 (Wed, 24 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"USN\", value: \"1189-1\");\n script_cve_id(\"CVE-2011-1020\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1160\", \"CVE-2011-1180\", \"CVE-2011-1493\", \"CVE-2011-2492\");\n script_name(\"Ubuntu Update for linux USN-1189-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-386\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-generic\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-hppa32\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-hppa64\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-itanium\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-lpia\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-lpiacompat\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-mckinley\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-openvz\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-powerpc\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-powerpc-smp\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-powerpc64-smp\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-rt\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-server\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-sparc64\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-sparc64-smp\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-virtual\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-xen\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:52", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1189-1", "edition": 7, "published": "2011-08-24T00:00:00", "title": "Ubuntu Update for linux USN-1189-1", "type": "openvas", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1160", "CVE-2011-1078", "CVE-2011-2492", "CVE-2011-1180", "CVE-2011-1079", "CVE-2011-1093", "CVE-2011-1020", "CVE-2011-1493", "CVE-2011-1080"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840725", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840725", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1189_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux USN-1189-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1189-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840725\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-24 09:14:07 +0200 (Wed, 24 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"USN\", value:\"1189-1\");\n script_cve_id(\"CVE-2011-1020\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1160\", \"CVE-2011-1180\", \"CVE-2011-1493\", \"CVE-2011-2492\");\n script_name(\"Ubuntu Update for linux USN-1189-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU8\\.04 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1189-1\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 8.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that the /proc filesystem did not correctly handle\n permission changes when programs executed. A local attacker could hold open\n files to examine details about programs running with higher privileges,\n potentially increasing the chances of exploiting additional\n vulnerabilities. (CVE-2011-1020)\n\n Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear\n memory. A local attacker could exploit this to read kernel stack memory,\n leading to a loss of privacy. (CVE-2011-1078)\n\n Vasiliy Kulikov discovered that the Bluetooth stack did not correctly check\n that device name strings were NULL terminated. A local attacker could\n exploit this to crash the system, leading to a denial of service, or leak\n contents of kernel stack memory, leading to a loss of privacy.\n (CVE-2011-1079)\n\n Vasiliy Kulikov discovered that bridge network filtering did not check that\n name fields were NULL terminated. A local attacker could exploit this to\n leak contents of kernel stack memory, leading to a loss of privacy.\n (CVE-2011-1080)\n\n Johan Hovold discovered that the DCCP network stack did not correctly\n handle certain packet combinations. A remote attacker could send specially\n crafted network traffic that would crash the system, leading to a denial of\n service. (CVE-2011-1093)\n\n Peter Huewe discovered that the TPM device did not correctly initialize\n memory. A local attacker could exploit this to read kernel heap memory\n contents, leading to a loss of privacy. (CVE-2011-1160)\n\n Dan Rosenberg discovered that the IRDA subsystem did not correctly check\n certain field sizes. If a system was using IRDA, a remote attacker could\n send specially crafted traffic to crash the system or gain root privileges.\n (CVE-2011-1180)\n\n Dan Rosenberg discovered that the X.25 Rose network stack did not correctly\n handle certain fields. If a system was running with Rose enabled, a remote\n attacker could send specially crafted traffic to gain root privileges.\n (CVE-2011-1493)\n\n It was discovered that Bluetooth l2cap and rfcomm did not correctly\n initialize structures. A local attacker could exploit this to read portions\n of the kernel stack, leading to a loss of privacy. (CVE-2011-2492)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-386\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-generic\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-hppa32\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-hppa64\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-itanium\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-lpia\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-lpiacompat\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-mckinley\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-openvz\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-powerpc\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-powerpc-smp\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-powerpc64-smp\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-rt\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-server\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-sparc64\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-sparc64-smp\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-virtual\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-xen\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:07", "description": "Oracle Linux Local Security Checks ELSA-2011-0833", "edition": 7, "published": "2015-10-06T00:00:00", "title": "Oracle Linux Local Check: ELSA-2011-0833", "type": "openvas", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1078", "CVE-2011-1494", "CVE-2011-1166", "CVE-2011-1079", "CVE-2011-1495", "CVE-2011-1163", "CVE-2011-1093", "CVE-2011-1170", "CVE-2011-1172", "CVE-2011-1171", "CVE-2011-0726", "CVE-2011-1763", "CVE-2011-1080", "CVE-2011-1577"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122155", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122155", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-0833.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122155\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:13:58 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-0833\");\n script_tag(name:\"insight\", value:\"ELSA-2011-0833 - kernel security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-0833\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-0833.html\");\n script_cve_id(\"CVE-2011-0726\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1163\", \"CVE-2011-1166\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1577\", \"CVE-2011-1763\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~238.12.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~238.12.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~238.12.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~238.12.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~238.12.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~238.12.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~238.12.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~238.12.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~238.12.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~238.12.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~238.12.1.0.1.el5~1.4.8~2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~238.12.1.0.1.el5PAE~1.4.8~2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~238.12.1.0.1.el5debug~1.4.8~2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~238.12.1.0.1.el5xen~1.4.8~2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~238.12.1.0.1.el5~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~238.12.1.0.1.el5PAE~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~238.12.1.0.1.el5debug~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~238.12.1.0.1.el5xen~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "nessus": [{"lastseen": "2020-09-14T18:22:05", "description": "Security fixes :\n\n - An integer overflow flaw in ib_uverbs_poll_cq() could\n allow a local, unprivileged user to cause a denial of\n service or escalate their privileges. (CVE-2010-4649,\n Important)\n\n - An integer signedness flaw in drm_modeset_ctl() could\n allow a local, unprivileged user to cause a denial of\n service or escalate their privileges. (CVE-2011-1013,\n Important)\n\n - The Radeon GPU drivers in the Linux kernel were missing\n sanity checks for the Anti Aliasing (AA) resolve\n register values which could allow a local, unprivileged\n user to cause a denial of service or escalate their\n privileges on systems using a graphics card from the ATI\n Radeon R300, R400, or R500 family of cards.\n (CVE-2011-1016, Important)\n\n - A flaw in dccp_rcv_state_process() could allow a remote\n attacker to cause a denial of service, even when the\n socket was already closed. (CVE-2011-1093, Important)\n\n - A flaw in the Linux kernel's Stream Control Transmission\n Protocol (SCTP) implementation could allow a remote\n attacker to cause a denial of service if the sysctl\n 'net.sctp.addip_enable' and 'auth_enable' variables were\n turned on (they are off by default). (CVE-2011-1573,\n Important)\n\n - A memory leak in the inotify_init() system call. In some\n cases, it could leak a group, which could allow a local,\n unprivileged user to eventually cause a denial of\n service. (CVE-2010-4250, Moderate)\n\n - A missing validation of a null-terminated string data\n structure element in bnep_sock_ioctl() could allow a\n local user to cause an information leak or a denial of\n service. (CVE-2011-1079, Moderate)\n\n - An information leak in bcm_connect() in the Controller\n Area Network (CAN) Broadcast Manager implementation\n could allow a local, unprivileged user to leak kernel\n mode addresses in '/proc/net/can-bcm'. (CVE-2010-4565,\n Low)\n\n - A flaw was found in the Linux kernel's Integrity\n Measurement Architecture (IMA) implementation. When\n SELinux was disabled, adding an IMA rule which was\n supposed to be processed by SELinux would cause\n ima_match_rules() to always succeed, ignoring any\n remaining rules. (CVE-2011-0006, Low)\n\n - A missing initialization flaw in the XFS file system\n implementation could lead to an information leak.\n (CVE-2011-0711, Low)\n\n - Buffer overflow flaws in snd_usb_caiaq_audio_init() and\n snd_usb_caiaq_midi_init() could allow a local,\n unprivileged user with access to a Native Instruments\n USB audio device to cause a denial of service or\n escalate their privileges. (CVE-2011-0712, Low)\n\n - The start_code and end_code values in '/proc/[pid]/stat'\n were not protected. In certain scenarios, this flaw\n could be used to defeat Address Space Layout\n Randomization (ASLR). (CVE-2011-0726, Low)\n\n - A flaw in dev_load() could allow a local user who has\n the CAP_NET_ADMIN capability to load arbitrary modules\n from '/lib/modules/', instead of only netdev modules.\n (CVE-2011-1019, Low)\n\n - A flaw in ib_uverbs_poll_cq() could allow a local,\n unprivileged user to cause an information leak.\n (CVE-2011-1044, Low)\n\n - A missing validation of a null-terminated string data\n structure element in do_replace() could allow a local\n user who has the CAP_NET_ADMIN capability to cause an\n information leak. (CVE-2011-1080, Low)\n\nThis update also fixes various bugs.\n\nThis update also adds an enhancement.\n\n - This update provides VLAN null tagging support (VLAN ID\n 0 can be used in tags).\n\nThe system must be rebooted for this update to take effect.", "edition": 20, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : kernel on SL6.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4649", "CVE-2011-1573", "CVE-2011-0006", "CVE-2011-0711", "CVE-2011-1079", "CVE-2011-1044", "CVE-2011-0712", "CVE-2011-1019", "CVE-2011-1013", "CVE-2010-4250", "CVE-2011-1093", "CVE-2011-1016", "CVE-2011-0726", "CVE-2010-4565", "CVE-2011-1080"], "modified": "2020-09-02T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110510_KERNEL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61035", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61035);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/25 13:36:19\");\n\n script_cve_id(\"CVE-2010-4250\", \"CVE-2010-4565\", \"CVE-2010-4649\", \"CVE-2011-0006\", \"CVE-2011-0711\", \"CVE-2011-0712\", \"CVE-2011-0726\", \"CVE-2011-1013\", \"CVE-2011-1016\", \"CVE-2011-1019\", \"CVE-2011-1044\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1573\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fixes :\n\n - An integer overflow flaw in ib_uverbs_poll_cq() could\n allow a local, unprivileged user to cause a denial of\n service or escalate their privileges. (CVE-2010-4649,\n Important)\n\n - An integer signedness flaw in drm_modeset_ctl() could\n allow a local, unprivileged user to cause a denial of\n service or escalate their privileges. (CVE-2011-1013,\n Important)\n\n - The Radeon GPU drivers in the Linux kernel were missing\n sanity checks for the Anti Aliasing (AA) resolve\n register values which could allow a local, unprivileged\n user to cause a denial of service or escalate their\n privileges on systems using a graphics card from the ATI\n Radeon R300, R400, or R500 family of cards.\n (CVE-2011-1016, Important)\n\n - A flaw in dccp_rcv_state_process() could allow a remote\n attacker to cause a denial of service, even when the\n socket was already closed. (CVE-2011-1093, Important)\n\n - A flaw in the Linux kernel's Stream Control Transmission\n Protocol (SCTP) implementation could allow a remote\n attacker to cause a denial of service if the sysctl\n 'net.sctp.addip_enable' and 'auth_enable' variables were\n turned on (they are off by default). (CVE-2011-1573,\n Important)\n\n - A memory leak in the inotify_init() system call. In some\n cases, it could leak a group, which could allow a local,\n unprivileged user to eventually cause a denial of\n service. (CVE-2010-4250, Moderate)\n\n - A missing validation of a null-terminated string data\n structure element in bnep_sock_ioctl() could allow a\n local user to cause an information leak or a denial of\n service. (CVE-2011-1079, Moderate)\n\n - An information leak in bcm_connect() in the Controller\n Area Network (CAN) Broadcast Manager implementation\n could allow a local, unprivileged user to leak kernel\n mode addresses in '/proc/net/can-bcm'. (CVE-2010-4565,\n Low)\n\n - A flaw was found in the Linux kernel's Integrity\n Measurement Architecture (IMA) implementation. When\n SELinux was disabled, adding an IMA rule which was\n supposed to be processed by SELinux would cause\n ima_match_rules() to always succeed, ignoring any\n remaining rules. (CVE-2011-0006, Low)\n\n - A missing initialization flaw in the XFS file system\n implementation could lead to an information leak.\n (CVE-2011-0711, Low)\n\n - Buffer overflow flaws in snd_usb_caiaq_audio_init() and\n snd_usb_caiaq_midi_init() could allow a local,\n unprivileged user with access to a Native Instruments\n USB audio device to cause a denial of service or\n escalate their privileges. (CVE-2011-0712, Low)\n\n - The start_code and end_code values in '/proc/[pid]/stat'\n were not protected. In certain scenarios, this flaw\n could be used to defeat Address Space Layout\n Randomization (ASLR). (CVE-2011-0726, Low)\n\n - A flaw in dev_load() could allow a local user who has\n the CAP_NET_ADMIN capability to load arbitrary modules\n from '/lib/modules/', instead of only netdev modules.\n (CVE-2011-1019, Low)\n\n - A flaw in ib_uverbs_poll_cq() could allow a local,\n unprivileged user to cause an information leak.\n (CVE-2011-1044, Low)\n\n - A missing validation of a null-terminated string data\n structure element in do_replace() could allow a local\n user who has the CAP_NET_ADMIN capability to cause an\n information leak. (CVE-2011-1080, Low)\n\nThis update also fixes various bugs.\n\nThis update also adds an enhancement.\n\n - This update provides VLAN null tagging support (VLAN ID\n 0 can be used in tags).\n\nThe system must be rebooted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1105&L=scientific-linux-errata&T=0&P=857\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?927fa090\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/12/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"kernel-2.6.32-71.29.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-2.6.32-71.29.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-devel-2.6.32-71.29.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-devel-2.6.32-71.29.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-doc-2.6.32-71.29.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-firmware-2.6.32-71.29.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-headers-2.6.32-71.29.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-2.6.32-71.29.1.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-09-14T17:38:24", "description": "Updated kernel packages that fix several security issues, various\nbugs, and add an enhancement are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes :\n\n* An integer overflow flaw in ib_uverbs_poll_cq() could allow a local,\nunprivileged user to cause a denial of service or escalate their\nprivileges. (CVE-2010-4649, Important)\n\n* An integer signedness flaw in drm_modeset_ctl() could allow a local,\nunprivileged user to cause a denial of service or escalate their\nprivileges. (CVE-2011-1013, Important)\n\n* The Radeon GPU drivers in the Linux kernel were missing sanity\nchecks for the Anti Aliasing (AA) resolve register values which could\nallow a local, unprivileged user to cause a denial of service or\nescalate their privileges on systems using a graphics card from the\nATI Radeon R300, R400, or R500 family of cards. (CVE-2011-1016,\nImportant)\n\n* A flaw in dccp_rcv_state_process() could allow a remote attacker to\ncause a denial of service, even when the socket was already closed.\n(CVE-2011-1093, Important)\n\n* A flaw in the Linux kernel's Stream Control Transmission Protocol\n(SCTP) implementation could allow a remote attacker to cause a denial\nof service if the sysctl 'net.sctp.addip_enable' and 'auth_enable'\nvariables were turned on (they are off by default). (CVE-2011-1573,\nImportant)\n\n* A memory leak in the inotify_init() system call. In some cases, it\ncould leak a group, which could allow a local, unprivileged user to\neventually cause a denial of service. (CVE-2010-4250, Moderate)\n\n* A missing validation of a null-terminated string data structure\nelement in bnep_sock_ioctl() could allow a local user to cause an\ninformation leak or a denial of service. (CVE-2011-1079, Moderate)\n\n* An information leak in bcm_connect() in the Controller Area Network\n(CAN) Broadcast Manager implementation could allow a local,\nunprivileged user to leak kernel mode addresses in\n'/proc/net/can-bcm'. (CVE-2010-4565, Low)\n\n* A flaw was found in the Linux kernel's Integrity Measurement\nArchitecture (IMA) implementation. When SELinux was disabled, adding\nan IMA rule which was supposed to be processed by SELinux would cause\nima_match_rules() to always succeed, ignoring any remaining rules.\n(CVE-2011-0006, Low)\n\n* A missing initialization flaw in the XFS file system implementation\ncould lead to an information leak. (CVE-2011-0711, Low)\n\n* Buffer overflow flaws in snd_usb_caiaq_audio_init() and\nsnd_usb_caiaq_midi_init() could allow a local, unprivileged user with\naccess to a Native Instruments USB audio device to cause a denial of\nservice or escalate their privileges. (CVE-2011-0712, Low)\n\n* The start_code and end_code values in '/proc/[pid]/stat' were not\nprotected. In certain scenarios, this flaw could be used to defeat\nAddress Space Layout Randomization (ASLR). (CVE-2011-0726, Low)\n\n* A flaw in dev_load() could allow a local user who has the\nCAP_NET_ADMIN capability to load arbitrary modules from\n'/lib/modules/', instead of only netdev modules. (CVE-2011-1019, Low)\n\n* A flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user\nto cause an information leak. (CVE-2011-1044, Low)\n\n* A missing validation of a null-terminated string data structure\nelement in do_replace() could allow a local user who has the\nCAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1080,\nLow)\n\nRed Hat would like to thank Vegard Nossum for reporting CVE-2010-4250;\nVasiliy Kulikov for reporting CVE-2011-1079, CVE-2011-1019, and\nCVE-2011-1080; Dan Rosenberg for reporting CVE-2010-4565 and\nCVE-2011-0711; Rafael Dominguez Vega for reporting CVE-2011-0712; and\nKees Cook for reporting CVE-2011-0726.\n\nThis update also fixes various bugs and adds an enhancement.\nDocumentation for these changes will be available shortly from the\nTechnical Notes document linked to in the References section.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to resolve these issues, and fix the bugs and add\nthe enhancement noted in the Technical Notes. The system must be\nrebooted for this update to take effect.", "edition": 23, "published": "2011-05-11T00:00:00", "title": "RHEL 6 : kernel (RHSA-2011:0498)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4649", "CVE-2011-1573", "CVE-2011-0006", "CVE-2011-0711", "CVE-2011-1079", "CVE-2011-1044", "CVE-2011-0712", "CVE-2011-1019", "CVE-2011-1013", "CVE-2010-4250", "CVE-2011-1093", "CVE-2011-1016", "CVE-2011-0726", "CVE-2010-4565", "CVE-2011-1080"], "modified": "2020-09-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686", "cpe:/o:redhat:enterprise_linux:6.0"], "id": "REDHAT-RHSA-2011-0498.NASL", "href": "https://www.tenable.com/plugins/nessus/53867", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0498. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53867);\n script_version (\"1.19\");\n script_cvs_date(\"Date: 2019/10/25 13:36:16\");\n\n script_cve_id(\"CVE-2010-4250\", \"CVE-2010-4565\", \"CVE-2010-4649\", \"CVE-2011-0006\", \"CVE-2011-0711\", \"CVE-2011-0712\", \"CVE-2011-0726\", \"CVE-2011-1013\", \"CVE-2011-1016\", \"CVE-2011-1019\", \"CVE-2011-1044\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1573\");\n script_bugtraq_id(46417, 46419, 46488, 46557, 46616, 46793, 47308, 47639, 47792);\n script_xref(name:\"RHSA\", value:\"2011:0498\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2011:0498)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix several security issues, various\nbugs, and add an enhancement are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes :\n\n* An integer overflow flaw in ib_uverbs_poll_cq() could allow a local,\nunprivileged user to cause a denial of service or escalate their\nprivileges. (CVE-2010-4649, Important)\n\n* An integer signedness flaw in drm_modeset_ctl() could allow a local,\nunprivileged user to cause a denial of service or escalate their\nprivileges. (CVE-2011-1013, Important)\n\n* The Radeon GPU drivers in the Linux kernel were missing sanity\nchecks for the Anti Aliasing (AA) resolve register values which could\nallow a local, unprivileged user to cause a denial of service or\nescalate their privileges on systems using a graphics card from the\nATI Radeon R300, R400, or R500 family of cards. (CVE-2011-1016,\nImportant)\n\n* A flaw in dccp_rcv_state_process() could allow a remote attacker to\ncause a denial of service, even when the socket was already closed.\n(CVE-2011-1093, Important)\n\n* A flaw in the Linux kernel's Stream Control Transmission Protocol\n(SCTP) implementation could allow a remote attacker to cause a denial\nof service if the sysctl 'net.sctp.addip_enable' and 'auth_enable'\nvariables were turned on (they are off by default). (CVE-2011-1573,\nImportant)\n\n* A memory leak in the inotify_init() system call. In some cases, it\ncould leak a group, which could allow a local, unprivileged user to\neventually cause a denial of service. (CVE-2010-4250, Moderate)\n\n* A missing validation of a null-terminated string data structure\nelement in bnep_sock_ioctl() could allow a local user to cause an\ninformation leak or a denial of service. (CVE-2011-1079, Moderate)\n\n* An information leak in bcm_connect() in the Controller Area Network\n(CAN) Broadcast Manager implementation could allow a local,\nunprivileged user to leak kernel mode addresses in\n'/proc/net/can-bcm'. (CVE-2010-4565, Low)\n\n* A flaw was found in the Linux kernel's Integrity Measurement\nArchitecture (IMA) implementation. When SELinux was disabled, adding\nan IMA rule which was supposed to be processed by SELinux would cause\nima_match_rules() to always succeed, ignoring any remaining rules.\n(CVE-2011-0006, Low)\n\n* A missing initialization flaw in the XFS file system implementation\ncould lead to an information leak. (CVE-2011-0711, Low)\n\n* Buffer overflow flaws in snd_usb_caiaq_audio_init() and\nsnd_usb_caiaq_midi_init() could allow a local, unprivileged user with\naccess to a Native Instruments USB audio device to cause a denial of\nservice or escalate their privileges. (CVE-2011-0712, Low)\n\n* The start_code and end_code values in '/proc/[pid]/stat' were not\nprotected. In certain scenarios, this flaw could be used to defeat\nAddress Space Layout Randomization (ASLR). (CVE-2011-0726, Low)\n\n* A flaw in dev_load() could allow a local user who has the\nCAP_NET_ADMIN capability to load arbitrary modules from\n'/lib/modules/', instead of only netdev modules. (CVE-2011-1019, Low)\n\n* A flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user\nto cause an information leak. (CVE-2011-1044, Low)\n\n* A missing validation of a null-terminated string data structure\nelement in do_replace() could allow a local user who has the\nCAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1080,\nLow)\n\nRed Hat would like to thank Vegard Nossum for reporting CVE-2010-4250;\nVasiliy Kulikov for reporting CVE-2011-1079, CVE-2011-1019, and\nCVE-2011-1080; Dan Rosenberg for reporting CVE-2010-4565 and\nCVE-2011-0711; Rafael Dominguez Vega for reporting CVE-2011-0712; and\nKees Cook for reporting CVE-2011-0726.\n\nThis update also fixes various bugs and adds an enhancement.\nDocumentation for these changes will be available shortly from the\nTechnical Notes document linked to in the References section.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to resolve these issues, and fix the bugs and add\nthe enhancement noted in the Technical Notes. The system must be\nrebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4250\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4565\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4649\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1016\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1019\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1044\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1093\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1573\"\n );\n # http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?056c0c27\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:0498\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/12/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2010-4250\", \"CVE-2010-4565\", \"CVE-2010-4649\", \"CVE-2011-0006\", \"CVE-2011-0711\", \"CVE-2011-0712\", \"CVE-2011-0726\", \"CVE-2011-1013\", \"CVE-2011-1016\", \"CVE-2011-1019\", \"CVE-2011-1044\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1573\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2011:0498\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0498\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-devel-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-devel-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-doc-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-firmware-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-headers-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-headers-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"perf-2.6.32-71.29.1.el6\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debug / kernel-debug-debuginfo / kernel-debug-devel / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-09-14T17:17:58", "description": "From Red Hat Security Advisory 2011:0498 :\n\nUpdated kernel packages that fix several security issues, various\nbugs, and add an enhancement are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes :\n\n* An integer overflow flaw in ib_uverbs_poll_cq() could allow a local,\nunprivileged user to cause a denial of service or escalate their\nprivileges. (CVE-2010-4649, Important)\n\n* An integer signedness flaw in drm_modeset_ctl() could allow a local,\nunprivileged user to cause a denial of service or escalate their\nprivileges. (CVE-2011-1013, Important)\n\n* The Radeon GPU drivers in the Linux kernel were missing sanity\nchecks for the Anti Aliasing (AA) resolve register values which could\nallow a local, unprivileged user to cause a denial of service or\nescalate their privileges on systems using a graphics card from the\nATI Radeon R300, R400, or R500 family of cards. (CVE-2011-1016,\nImportant)\n\n* A flaw in dccp_rcv_state_process() could allow a remote attacker to\ncause a denial of service, even when the socket was already closed.\n(CVE-2011-1093, Important)\n\n* A flaw in the Linux kernel's Stream Control Transmission Protocol\n(SCTP) implementation could allow a remote attacker to cause a denial\nof service if the sysctl 'net.sctp.addip_enable' and 'auth_enable'\nvariables were turned on (they are off by default). (CVE-2011-1573,\nImportant)\n\n* A memory leak in the inotify_init() system call. In some cases, it\ncould leak a group, which could allow a local, unprivileged user to\neventually cause a denial of service. (CVE-2010-4250, Moderate)\n\n* A missing validation of a null-terminated string data structure\nelement in bnep_sock_ioctl() could allow a local user to cause an\ninformation leak or a denial of service. (CVE-2011-1079, Moderate)\n\n* An information leak in bcm_connect() in the Controller Area Network\n(CAN) Broadcast Manager implementation could allow a local,\nunprivileged user to leak kernel mode addresses in\n'/proc/net/can-bcm'. (CVE-2010-4565, Low)\n\n* A flaw was found in the Linux kernel's Integrity Measurement\nArchitecture (IMA) implementation. When SELinux was disabled, adding\nan IMA rule which was supposed to be processed by SELinux would cause\nima_match_rules() to always succeed, ignoring any remaining rules.\n(CVE-2011-0006, Low)\n\n* A missing initialization flaw in the XFS file system implementation\ncould lead to an information leak. (CVE-2011-0711, Low)\n\n* Buffer overflow flaws in snd_usb_caiaq_audio_init() and\nsnd_usb_caiaq_midi_init() could allow a local, unprivileged user with\naccess to a Native Instruments USB audio device to cause a denial of\nservice or escalate their privileges. (CVE-2011-0712, Low)\n\n* The start_code and end_code values in '/proc/[pid]/stat' were not\nprotected. In certain scenarios, this flaw could be used to defeat\nAddress Space Layout Randomization (ASLR). (CVE-2011-0726, Low)\n\n* A flaw in dev_load() could allow a local user who has the\nCAP_NET_ADMIN capability to load arbitrary modules from\n'/lib/modules/', instead of only netdev modules. (CVE-2011-1019, Low)\n\n* A flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user\nto cause an information leak. (CVE-2011-1044, Low)\n\n* A missing validation of a null-terminated string data structure\nelement in do_replace() could allow a local user who has the\nCAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1080,\nLow)\n\nRed Hat would like to thank Vegard Nossum for reporting CVE-2010-4250;\nVasiliy Kulikov for reporting CVE-2011-1079, CVE-2011-1019, and\nCVE-2011-1080; Dan Rosenberg for reporting CVE-2010-4565 and\nCVE-2011-0711; Rafael Dominguez Vega for reporting CVE-2011-0712; and\nKees Cook for reporting CVE-2011-0726.\n\nThis update also fixes various bugs and adds an enhancement.\nDocumentation for these changes will be available shortly from the\nTechnical Notes document linked to in the References section.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to resolve these issues, and fix the bugs and add\nthe enhancement noted in the Technical Notes. The system must be\nrebooted for this update to take effect.", "edition": 19, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 6 : kernel (ELSA-2011-0498)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4649", "CVE-2011-1573", "CVE-2011-0006", "CVE-2011-0711", "CVE-2011-1079", "CVE-2011-1044", "CVE-2011-0712", "CVE-2011-1019", "CVE-2011-1013", "CVE-2010-4250", "CVE-2011-1093", "CVE-2011-1016", "CVE-2011-0726", "CVE-2010-4565", "CVE-2011-1080"], "modified": "2020-09-02T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-doc", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-firmware"], "id": "ORACLELINUX_ELSA-2011-0498.NASL", "href": "https://www.tenable.com/plugins/nessus/68273", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:0498 and \n# Oracle Linux Security Advisory ELSA-2011-0498 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68273);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/10/25 13:36:09\");\n\n script_cve_id(\"CVE-2010-4250\", \"CVE-2010-4565\", \"CVE-2010-4649\", \"CVE-2011-0006\", \"CVE-2011-0711\", \"CVE-2011-0712\", \"CVE-2011-0726\", \"CVE-2011-1013\", \"CVE-2011-1016\", \"CVE-2011-1019\", \"CVE-2011-1044\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1573\");\n script_bugtraq_id(46417, 46419, 46488, 46557, 46616, 46793, 47308, 47639, 47792);\n script_xref(name:\"RHSA\", value:\"2011:0498\");\n\n script_name(english:\"Oracle Linux 6 : kernel (ELSA-2011-0498)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:0498 :\n\nUpdated kernel packages that fix several security issues, various\nbugs, and add an enhancement are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes :\n\n* An integer overflow flaw in ib_uverbs_poll_cq() could allow a local,\nunprivileged user to cause a denial of service or escalate their\nprivileges. (CVE-2010-4649, Important)\n\n* An integer signedness flaw in drm_modeset_ctl() could allow a local,\nunprivileged user to cause a denial of service or escalate their\nprivileges. (CVE-2011-1013, Important)\n\n* The Radeon GPU drivers in the Linux kernel were missing sanity\nchecks for the Anti Aliasing (AA) resolve register values which could\nallow a local, unprivileged user to cause a denial of service or\nescalate their privileges on systems using a graphics card from the\nATI Radeon R300, R400, or R500 family of cards. (CVE-2011-1016,\nImportant)\n\n* A flaw in dccp_rcv_state_process() could allow a remote attacker to\ncause a denial of service, even when the socket was already closed.\n(CVE-2011-1093, Important)\n\n* A flaw in the Linux kernel's Stream Control Transmission Protocol\n(SCTP) implementation could allow a remote attacker to cause a denial\nof service if the sysctl 'net.sctp.addip_enable' and 'auth_enable'\nvariables were turned on (they are off by default). (CVE-2011-1573,\nImportant)\n\n* A memory leak in the inotify_init() system call. In some cases, it\ncould leak a group, which could allow a local, unprivileged user to\neventually cause a denial of service. (CVE-2010-4250, Moderate)\n\n* A missing validation of a null-terminated string data structure\nelement in bnep_sock_ioctl() could allow a local user to cause an\ninformation leak or a denial of service. (CVE-2011-1079, Moderate)\n\n* An information leak in bcm_connect() in the Controller Area Network\n(CAN) Broadcast Manager implementation could allow a local,\nunprivileged user to leak kernel mode addresses in\n'/proc/net/can-bcm'. (CVE-2010-4565, Low)\n\n* A flaw was found in the Linux kernel's Integrity Measurement\nArchitecture (IMA) implementation. When SELinux was disabled, adding\nan IMA rule which was supposed to be processed by SELinux would cause\nima_match_rules() to always succeed, ignoring any remaining rules.\n(CVE-2011-0006, Low)\n\n* A missing initialization flaw in the XFS file system implementation\ncould lead to an information leak. (CVE-2011-0711, Low)\n\n* Buffer overflow flaws in snd_usb_caiaq_audio_init() and\nsnd_usb_caiaq_midi_init() could allow a local, unprivileged user with\naccess to a Native Instruments USB audio device to cause a denial of\nservice or escalate their privileges. (CVE-2011-0712, Low)\n\n* The start_code and end_code values in '/proc/[pid]/stat' were not\nprotected. In certain scenarios, this flaw could be used to defeat\nAddress Space Layout Randomization (ASLR). (CVE-2011-0726, Low)\n\n* A flaw in dev_load() could allow a local user who has the\nCAP_NET_ADMIN capability to load arbitrary modules from\n'/lib/modules/', instead of only netdev modules. (CVE-2011-1019, Low)\n\n* A flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user\nto cause an information leak. (CVE-2011-1044, Low)\n\n* A missing validation of a null-terminated string data structure\nelement in do_replace() could allow a local user who has the\nCAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1080,\nLow)\n\nRed Hat would like to thank Vegard Nossum for reporting CVE-2010-4250;\nVasiliy Kulikov for reporting CVE-2011-1079, CVE-2011-1019, and\nCVE-2011-1080; Dan Rosenberg for reporting CVE-2010-4565 and\nCVE-2011-0711; Rafael Dominguez Vega for reporting CVE-2011-0712; and\nKees Cook for reporting CVE-2011-0726.\n\nThis update also fixes various bugs and adds an enhancement.\nDocumentation for these changes will be available shortly from the\nTechnical Notes document linked to in the References section.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to resolve these issues, and fix the bugs and add\nthe enhancement noted in the Technical Notes. The system must be\nrebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-May/002136.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/12/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2010-4250\", \"CVE-2010-4565\", \"CVE-2010-4649\", \"CVE-2011-0006\", \"CVE-2011-0711\", \"CVE-2011-0712\", \"CVE-2011-0726\", \"CVE-2011-1013\", \"CVE-2011-1016\", \"CVE-2011-1019\", \"CVE-2011-1044\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1573\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2011-0498\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-2.6.32-71.29.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-debug-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-debug-2.6.32-71.29.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-debug-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-debug-devel-2.6.32-71.29.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-devel-2.6.32-71.29.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-doc-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-doc-2.6.32-71.29.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-firmware-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-firmware-2.6.32-71.29.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-headers-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-headers-2.6.32-71.29.1.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-09-14T17:18:09", "description": "Description of changes:\n\n[2.6.32-100.28.15.el6]\n- sctp: fix to calc the INIT/INIT-ACK chunk length correctly is set \n{CVE-2011-1573}\n- dccp: fix oops on Reset after close {CVE-2011-1093}\n- bridge: netfilter: fix information leak {CVE-2011-1080}\n- Bluetooth: bnep: fix buffer overflow \n- net: don't allow CAP_NET_ADMIN to load non-netdev kernel modules \n{CVE-2011-1019}\n- ipip: add module alias for tunl0 tunnel device\n- gre: add module alias for gre0 tunnel device\n- drm/radeon/kms: check AA resolve registers on r300 {CVE-2011-1016}\n- drm/radeon: fix regression with AA resolve checking {CVE-2011-1016}\n- drm: fix unsigned vs signed comparison issue in modeset ctl ioctl \n{CVE-2011-1013}\n- proc: protect mm start_code/end_code in /proc/pid/stat {CVE-2011-0726}\n- ALSA: caiaq - Fix possible string-buffer overflow {CVE-2011-0712}\n- xfs: zero proper structure size for geometry calls {CVE-2011-0711}\n- xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1 \n{CVE-2011-0711}\n- ima: fix add LSM rule bug {CVE-2011-0006}\n- IB/uverbs: Handle large number of entries in poll CQ {CVE-2010-4649, \nCVE-2011-1044}\n- CAN: Use inode instead of kernel address for /proc file {CVE-2010-4565}\n\n[2.6.32-100.28.14.el6]\n- IB/qib: fix qib compile warning.\n- IB/core: Allow device-specific per-port sysfs files.\n- dm crypt: add plain64 iv.\n- firmware: add firmware for qib.\n- Infiniband: Add QLogic PCIe QLE InfiniBand host channel adapters support.", "edition": 19, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2011-2015)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4649", "CVE-2011-1573", "CVE-2011-0006", "CVE-2011-0711", "CVE-2011-1044", "CVE-2011-0712", "CVE-2011-1019", "CVE-2011-1013", "CVE-2011-1093", "CVE-2011-1016", "CVE-2011-0726", "CVE-2010-4565", "CVE-2011-1080"], "modified": "2020-09-02T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:ofa-2.6.32-100.28.15.el5debug", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:ofa-2.6.32-100.28.15.el5", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-headers", "p-cpe:/a:oracle:linux:kernel-uek-debug"], "id": "ORACLELINUX_ELSA-2011-2015.NASL", "href": "https://www.tenable.com/plugins/nessus/68416", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2011-2015.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68416);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/10/25 13:36:09\");\n\n script_cve_id(\"CVE-2010-4565\", \"CVE-2010-4649\", \"CVE-2011-0006\", \"CVE-2011-0711\", \"CVE-2011-0712\", \"CVE-2011-0726\", \"CVE-2011-1013\", \"CVE-2011-1016\", \"CVE-2011-1019\", \"CVE-2011-1044\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1573\");\n\n script_name(english:\"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2011-2015)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[2.6.32-100.28.15.el6]\n- sctp: fix to calc the INIT/INIT-ACK chunk length correctly is set \n{CVE-2011-1573}\n- dccp: fix oops on Reset after close {CVE-2011-1093}\n- bridge: netfilter: fix information leak {CVE-2011-1080}\n- Bluetooth: bnep: fix buffer overflow \n- net: don't allow CAP_NET_ADMIN to load non-netdev kernel modules \n{CVE-2011-1019}\n- ipip: add module alias for tunl0 tunnel device\n- gre: add module alias for gre0 tunnel device\n- drm/radeon/kms: check AA resolve registers on r300 {CVE-2011-1016}\n- drm/radeon: fix regression with AA resolve checking {CVE-2011-1016}\n- drm: fix unsigned vs signed comparison issue in modeset ctl ioctl \n{CVE-2011-1013}\n- proc: protect mm start_code/end_code in /proc/pid/stat {CVE-2011-0726}\n- ALSA: caiaq - Fix possible string-buffer overflow {CVE-2011-0712}\n- xfs: zero proper structure size for geometry calls {CVE-2011-0711}\n- xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1 \n{CVE-2011-0711}\n- ima: fix add LSM rule bug {CVE-2011-0006}\n- IB/uverbs: Handle large number of entries in poll CQ {CVE-2010-4649, \nCVE-2011-1044}\n- CAN: Use inode instead of kernel address for /proc file {CVE-2010-4565}\n\n[2.6.32-100.28.14.el6]\n- IB/qib: fix qib compile warning.\n- IB/core: Allow device-specific per-port sysfs files.\n- dm crypt: add plain64 iv.\n- firmware: add firmware for qib.\n- Infiniband: Add QLogic PCIe QLE InfiniBand host channel adapters support.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-May/002134.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-May/002135.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-100.28.15.el5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-100.28.15.el5debug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/12/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2010-4565\", \"CVE-2010-4649\", \"CVE-2011-0006\", \"CVE-2011-0711\", \"CVE-2011-0712\", \"CVE-2011-0726\", \"CVE-2011-1013\", \"CVE-2011-1016\", \"CVE-2011-1019\", \"CVE-2011-1044\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1573\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2011-2015\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-2.6.32\") && rpm_check(release:\"EL5\", cpu:\"x86_64\", reference:\"kernel-uek-2.6.32-100.28.15.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-2.6.32\") && rpm_check(release:\"EL5\", cpu:\"x86_64\", reference:\"kernel-uek-debug-2.6.32-100.28.15.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-devel-2.6.32\") && rpm_check(release:\"EL5\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-2.6.32-100.28.15.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-devel-2.6.32\") && rpm_check(release:\"EL5\", cpu:\"x86_64\", reference:\"kernel-uek-devel-2.6.32-100.28.15.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-doc-2.6.32\") && rpm_check(release:\"EL5\", cpu:\"x86_64\", reference:\"kernel-uek-doc-2.6.32-100.28.15.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-firmware-2.6.32\") && rpm_check(release:\"EL5\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-2.6.32-100.28.15.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-headers-2.6.32\") && rpm_check(release:\"EL5\", cpu:\"x86_64\", reference:\"kernel-uek-headers-2.6.32-100.28.15.el5\")) flag++;\nif (rpm_check(release:\"EL5\", cpu:\"x86_64\", reference:\"ofa-2.6.32-100.28.15.el5-1.5.1-4.0.28\")) flag++;\nif (rpm_check(release:\"EL5\", cpu:\"x86_64\", reference:\"ofa-2.6.32-100.28.15.el5debug-1.5.1-4.0.28\")) flag++;\n\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-2.6.32\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-2.6.32-100.28.15.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-2.6.32\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-2.6.32-100.28.15.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-2.6.32\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-2.6.32-100.28.15.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-2.6.32\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-devel-2.6.32-100.28.15.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-2.6.32\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-doc-2.6.32-100.28.15.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-2.6.32\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-2.6.32-100.28.15.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-headers-2.6.32\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-headers-2.6.32-100.28.15.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-09-14T19:09:56", "description": "Brad Spengler discovered that the kernel did not correctly account for\nuserspace memory allocations during exec() calls. A local attacker\ncould exploit this to consume all system memory, leading to a denial\nof service. (CVE-2010-4243)\n\nAlexander Duyck discovered that the Intel Gigabit Ethernet driver did\nnot correctly handle certain configurations. If such a device was\nconfigured without VLANs, a remote attacker could crash the system,\nleading to a denial of service. (CVE-2010-4263)\n\nNelson Elhage discovered that Econet did not correctly handle AUN\npackets over UDP. A local attacker could send specially crafted\ntraffic to crash the system, leading to a denial of service.\n(CVE-2010-4342)\n\nDan Rosenberg discovered that IRDA did not correctly check the size of\nbuffers. On non-x86 systems, a local attacker could exploit this to\nread kernel heap memory, leading to a loss of privacy. (CVE-2010-4529)\n\nDan Rosenburg discovered that the CAN subsystem leaked kernel\naddresses into the /proc filesystem. A local attacker could use this\nto increase the chances of a successful memory corruption exploit.\n(CVE-2010-4565)\n\nKees Cook discovered that the IOWarrior USB device driver did not\ncorrectly check certain size fields. A local attacker with physical\naccess could plug in a specially crafted USB device to crash the\nsystem or potentially gain root privileges. (CVE-2010-4656)\n\nGoldwyn Rodrigues discovered that the OCFS2 filesystem did not\ncorrectly clear memory when writing certain file holes. A local\nattacker could exploit this to read uninitialized data from the disk,\nleading to a loss of privacy. (CVE-2011-0463)\n\nDan Carpenter discovered that the TTPCI DVB driver did not check\ncertain values during an ioctl. If the dvb-ttpci module was loaded, a\nlocal attacker could exploit this to crash the system, leading to a\ndenial of service, or possibly gain root privileges. (CVE-2011-0521)\n\nJens Kuehnel discovered that the InfiniBand driver contained a race\ncondition. On systems using InfiniBand, a local attacker could send\nspecially crafted requests to crash the system, leading to a denial of\nservice. (CVE-2011-0695)\n\nDan Rosenberg discovered that XFS did not correctly initialize memory.\nA local attacker could make crafted ioctl calls to leak portions of\nkernel stack memory, leading to a loss of privacy. (CVE-2011-0711)\n\nRafael Dominguez Vega discovered that the caiaq Native Instruments USB\ndriver did not correctly validate string lengths. A local attacker\nwith physical access could plug in a specially crafted USB device to\ncrash the system or potentially gain root privileges. (CVE-2011-0712)\n\nKees Cook reported that /proc/pid/stat did not correctly filter\ncertain memory locations. A local attacker could determine the memory\nlayout of processes in an attempt to increase the chances of a\nsuccessful memory corruption exploit. (CVE-2011-0726)\n\nTimo Warns discovered that MAC partition parsing routines did not\ncorrectly calculate block counts. A local attacker with physical\naccess could plug in a specially crafted block device to crash the\nsystem or potentially gain root privileges. (CVE-2011-1010)\n\nTimo Warns discovered that LDM partition parsing routines did not\ncorrectly calculate block counts. A local attacker with physical\naccess could plug in a specially crafted block device to crash the\nsystem, leading to a denial of service. (CVE-2011-1012)\n\nMatthiew Herrb discovered that the drm modeset interface did not\ncorrectly handle a signed comparison. A local attacker could exploit\nthis to crash the system or possibly gain root privileges.\n(CVE-2011-1013)\n\nMarek Olsak discovered that the Radeon GPU drivers did not correctly\nvalidate certain registers. On systems with specific hardware, a local\nattacker could exploit this to write to arbitrary video memory.\n(CVE-2011-1016)\n\nVasiliy Kulikov discovered that the CAP_SYS_MODULE capability was not\nneeded to load kernel modules. A local attacker with the CAP_NET_ADMIN\ncapability could load existing kernel modules, possibly increasing the\nattack surface available on the system. (CVE-2011-1019)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly\nclear memory. A local attacker could exploit this to read kernel stack\nmemory, leading to a loss of privacy. (CVE-2011-1078)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly\ncheck that device name strings were NULL terminated. A local attacker\ncould exploit this to crash the system, leading to a denial of\nservice, or leak contents of kernel stack memory, leading to a loss of\nprivacy. (CVE-2011-1079)\n\nVasiliy Kulikov discovered that bridge network filtering did not check\nthat name fields were NULL terminated. A local attacker could exploit\nthis to leak contents of kernel stack memory, leading to a loss of\nprivacy. (CVE-2011-1080)\n\nNelson Elhage discovered that the epoll subsystem did not correctly\nhandle certain structures. A local attacker could create malicious\nrequests that would hang the system, leading to a denial of service.\n(CVE-2011-1082)\n\nJohan Hovold discovered that the DCCP network stack did not correctly\nhandle certain packet combinations. A remote attacker could send\nspecially crafted network traffic that would crash the system, leading\nto a denial of service. (CVE-2011-1093)\n\nPeter Huewe discovered that the TPM device did not correctly\ninitialize memory. A local attacker could exploit this to read kernel\nheap memory contents, leading to a loss of privacy. (CVE-2011-1160)\n\nVasiliy Kulikov discovered that the netfilter code did not check\ncertain strings copied from userspace. A local attacker with netfilter\naccess could exploit this to read kernel memory or crash the system,\nleading to a denial of service. (CVE-2011-1170, CVE-2011-1171,\nCVE-2011-1172, CVE-2011-2534)\n\nVasiliy Kulikov discovered that the Acorn Universal Networking driver\ndid not correctly initialize memory. A remote attacker could send\nspecially crafted traffic to read kernel stack memory, leading to a\nloss of privacy. (CVE-2011-1173)\n\nDan Rosenberg discovered that the IRDA subsystem did not correctly\ncheck certain field sizes. If a system was using IRDA, a remote\nattacker could send specially crafted traffic to crash the system or\ngain root privileges. (CVE-2011-1180)\n\nJulien Tinnes discovered that the kernel did not correctly validate\nthe signal structure from tkill(). A local attacker could exploit this\nto send signals to arbitrary threads, possibly bypassing expected\nrestrictions. (CVE-2011-1182)\n\nDan Rosenberg reported errors in the OSS (Open Sound System) MIDI\ninterface. A local attacker on non-x86 systems might be able to cause\na denial of service. (CVE-2011-1476)\n\nDan Rosenberg reported errors in the kernel's OSS (Open Sound System)\ndriver for Yamaha FM synthesizer chips. A local user can exploit this\nto cause memory corruption, causing a denial of service or privilege\nescalation. (CVE-2011-1477)\n\nRyan Sweat discovered that the GRO code did not correctly validate\nmemory. In some configurations on systems using VLANs, a remote\nattacker could send specially crafted traffic to crash the system,\nleading to a denial of service. (CVE-2011-1478)\n\nIt was discovered that the Stream Control Transmission Protocol (SCTP)\nimplementation incorrectly calculated lengths. If the\nnet.sctp.addip_enable variable was turned on, a remote attacker could\nsend specially crafted traffic to crash the system. (CVE-2011-1573)\n\nA flaw was found in the b43 driver in the Linux kernel. An attacker\ncould use this flaw to cause a denial of service if the system has an\nactive wireless interface using the b43 driver. (CVE-2011-3359)\n\nMaynard Johnson discovered that on POWER7, certain speculative events\nmay raise a performance monitor exception. A local attacker could\nexploit this to crash the system, leading to a denial of service.\n(CVE-2011-4611)\n\nDan Rosenberg discovered flaws in the linux Rose (X.25 PLP) layer used\nby amateur radio. A local user or a remote user on an X.25 network\ncould exploit these flaws to execute arbitrary code as root.\n(CVE-2011-4913).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 22, "published": "2011-06-13T00:00:00", "title": "Ubuntu 10.04 LTS : linux, linux-ec2 vulnerabilities (USN-1141-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0521", "CVE-2010-4529", "CVE-2011-1476", "CVE-2011-0695", "CVE-2011-1160", "CVE-2011-1078", "CVE-2011-1083", "CVE-2011-1478", "CVE-2011-1012", "CVE-2011-1573", "CVE-2011-1173", "CVE-2010-4656", "CVE-2011-0463", "CVE-2011-4611", "CVE-2011-0711", "CVE-2010-4263", "CVE-2011-1180", "CVE-2011-3359", "CVE-2011-1079", "CVE-2011-0712", "CVE-2011-1019", "CVE-2010-4243", "CVE-2011-4913", "CVE-2011-1013", "CVE-2010-4342", "CVE-2011-1093", "CVE-2011-1010", "CVE-2011-1016", "CVE-2011-1170", "CVE-2011-1172", "CVE-2011-1171", "CVE-2011-1082", "CVE-2011-1477", "CVE-2011-2534", "CVE-2011-0726", "CVE-2011-1182", "CVE-2010-4565", "CVE-2011-1080"], "modified": "2020-09-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ec2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-preempt", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia"], "id": "UBUNTU_USN-1141-1.NASL", "href": "https://www.tenable.com/plugins/nessus/55104", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1141-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55104);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2010-4243\", \"CVE-2010-4263\", \"CVE-2010-4342\", \"CVE-2010-4529\", \"CVE-2010-4565\", \"CVE-2010-4656\", \"CVE-2011-0463\", \"CVE-2011-0521\", \"CVE-2011-0695\", \"CVE-2011-0711\", \"CVE-2011-0712\", \"CVE-2011-0726\", \"CVE-2011-1010\", \"CVE-2011-1012\", \"CVE-2011-1013\", \"CVE-2011-1016\", \"CVE-2011-1019\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1082\", \"CVE-2011-1083\", \"CVE-2011-1093\", \"CVE-2011-1160\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-1173\", \"CVE-2011-1180\", \"CVE-2011-1182\", \"CVE-2011-1476\", \"CVE-2011-1477\", \"CVE-2011-1478\", \"CVE-2011-1573\", \"CVE-2011-2534\", \"CVE-2011-3359\", \"CVE-2011-4611\", \"CVE-2011-4913\");\n script_bugtraq_id(44661, 45004, 45208, 45321, 45556, 45986, 46069, 46419, 46492, 46512, 46557, 46630, 46839, 47003, 47116, 47639, 47791, 47792);\n script_xref(name:\"USN\", value:\"1141-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux, linux-ec2 vulnerabilities (USN-1141-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Brad Spengler discovered that the kernel did not correctly account for\nuserspace memory allocations during exec() calls. A local attacker\ncould exploit this to consume all system memory, leading to a denial\nof service. (CVE-2010-4243)\n\nAlexander Duyck discovered that the Intel Gigabit Ethernet driver did\nnot correctly handle certain configurations. If such a device was\nconfigured without VLANs, a remote attacker could crash the system,\nleading to a denial of service. (CVE-2010-4263)\n\nNelson Elhage discovered that Econet did not correctly handle AUN\npackets over UDP. A local attacker could send specially crafted\ntraffic to crash the system, leading to a denial of service.\n(CVE-2010-4342)\n\nDan Rosenberg discovered that IRDA did not correctly check the size of\nbuffers. On non-x86 systems, a local attacker could exploit this to\nread kernel heap memory, leading to a loss of privacy. (CVE-2010-4529)\n\nDan Rosenburg discovered that the CAN subsystem leaked kernel\naddresses into the /proc filesystem. A local attacker could use this\nto increase the chances of a successful memory corruption exploit.\n(CVE-2010-4565)\n\nKees Cook discovered that the IOWarrior USB device driver did not\ncorrectly check certain size fields. A local attacker with physical\naccess could plug in a specially crafted USB device to crash the\nsystem or potentially gain root privileges. (CVE-2010-4656)\n\nGoldwyn Rodrigues discovered that the OCFS2 filesystem did not\ncorrectly clear memory when writing certain file holes. A local\nattacker could exploit this to read uninitialized data from the disk,\nleading to a loss of privacy. (CVE-2011-0463)\n\nDan Carpenter discovered that the TTPCI DVB driver did not check\ncertain values during an ioctl. If the dvb-ttpci module was loaded, a\nlocal attacker could exploit this to crash the system, leading to a\ndenial of service, or possibly gain root privileges. (CVE-2011-0521)\n\nJens Kuehnel discovered that the InfiniBand driver contained a race\ncondition. On systems using InfiniBand, a local attacker could send\nspecially crafted requests to crash the system, leading to a denial of\nservice. (CVE-2011-0695)\n\nDan Rosenberg discovered that XFS did not correctly initialize memory.\nA local attacker could make crafted ioctl calls to leak portions of\nkernel stack memory, leading to a loss of privacy. (CVE-2011-0711)\n\nRafael Dominguez Vega discovered that the caiaq Native Instruments USB\ndriver did not correctly validate string lengths. A local attacker\nwith physical access could plug in a specially crafted USB device to\ncrash the system or potentially gain root privileges. (CVE-2011-0712)\n\nKees Cook reported that /proc/pid/stat did not correctly filter\ncertain memory locations. A local attacker could determine the memory\nlayout of processes in an attempt to increase the chances of a\nsuccessful memory corruption exploit. (CVE-2011-0726)\n\nTimo Warns discovered that MAC partition parsing routines did not\ncorrectly calculate block counts. A local attacker with physical\naccess could plug in a specially crafted block device to crash the\nsystem or potentially gain root privileges. (CVE-2011-1010)\n\nTimo Warns discovered that LDM partition parsing routines did not\ncorrectly calculate block counts. A local attacker with physical\naccess could plug in a specially crafted block device to crash the\nsystem, leading to a denial of service. (CVE-2011-1012)\n\nMatthiew Herrb discovered that the drm modeset interface did not\ncorrectly handle a signed comparison. A local attacker could exploit\nthis to crash the system or possibly gain root privileges.\n(CVE-2011-1013)\n\nMarek Olsak discovered that the Radeon GPU drivers did not correctly\nvalidate certain registers. On systems with specific hardware, a local\nattacker could exploit this to write to arbitrary video memory.\n(CVE-2011-1016)\n\nVasiliy Kulikov discovered that the CAP_SYS_MODULE capability was not\nneeded to load kernel modules. A local attacker with the CAP_NET_ADMIN\ncapability could load existing kernel modules, possibly increasing the\nattack surface available on the system. (CVE-2011-1019)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly\nclear memory. A local attacker could exploit this to read kernel stack\nmemory, leading to a loss of privacy. (CVE-2011-1078)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly\ncheck that device name strings were NULL terminated. A local attacker\ncould exploit this to crash the system, leading to a denial of\nservice, or leak contents of kernel stack memory, leading to a loss of\nprivacy. (CVE-2011-1079)\n\nVasiliy Kulikov discovered that bridge network filtering did not check\nthat name fields were NULL terminated. A local attacker could exploit\nthis to leak contents of kernel stack memory, leading to a loss of\nprivacy. (CVE-2011-1080)\n\nNelson Elhage discovered that the epoll subsystem did not correctly\nhandle certain structures. A local attacker could create malicious\nrequests that would hang the system, leading to a denial of service.\n(CVE-2011-1082)\n\nJohan Hovold discovered that the DCCP network stack did not correctly\nhandle certain packet combinations. A remote attacker could send\nspecially crafted network traffic that would crash the system, leading\nto a denial of service. (CVE-2011-1093)\n\nPeter Huewe discovered that the TPM device did not correctly\ninitialize memory. A local attacker could exploit this to read kernel\nheap memory contents, leading to a loss of privacy. (CVE-2011-1160)\n\nVasiliy Kulikov discovered that the netfilter code did not check\ncertain strings copied from userspace. A local attacker with netfilter\naccess could exploit this to read kernel memory or crash the system,\nleading to a denial of service. (CVE-2011-1170, CVE-2011-1171,\nCVE-2011-1172, CVE-2011-2534)\n\nVasiliy Kulikov discovered that the Acorn Universal Networking driver\ndid not correctly initialize memory. A remote attacker could send\nspecially crafted traffic to read kernel stack memory, leading to a\nloss of privacy. (CVE-2011-1173)\n\nDan Rosenberg discovered that the IRDA subsystem did not correctly\ncheck certain field sizes. If a system was using IRDA, a remote\nattacker could send specially crafted traffic to crash the system or\ngain root privileges. (CVE-2011-1180)\n\nJulien Tinnes discovered that the kernel did not correctly validate\nthe signal structure from tkill(). A local attacker could exploit this\nto send signals to arbitrary threads, possibly bypassing expected\nrestrictions. (CVE-2011-1182)\n\nDan Rosenberg reported errors in the OSS (Open Sound System) MIDI\ninterface. A local attacker on non-x86 systems might be able to cause\na denial of service. (CVE-2011-1476)\n\nDan Rosenberg reported errors in the kernel's OSS (Open Sound System)\ndriver for Yamaha FM synthesizer chips. A local user can exploit this\nto cause memory corruption, causing a denial of service or privilege\nescalation. (CVE-2011-1477)\n\nRyan Sweat discovered that the GRO code did not correctly validate\nmemory. In some configurations on systems using VLANs, a remote\nattacker could send specially crafted traffic to crash the system,\nleading to a denial of service. (CVE-2011-1478)\n\nIt was discovered that the Stream Control Transmission Protocol (SCTP)\nimplementation incorrectly calculated lengths. If the\nnet.sctp.addip_enable variable was turned on, a remote attacker could\nsend specially crafted traffic to crash the system. (CVE-2011-1573)\n\nA flaw was found in the b43 driver in the Linux kernel. An attacker\ncould use this flaw to cause a denial of service if the system has an\nactive wireless interface using the b43 driver. (CVE-2011-3359)\n\nMaynard Johnson discovered that on POWER7, certain speculative events\nmay raise a performance monitor exception. A local attacker could\nexploit this to crash the system, leading to a denial of service.\n(CVE-2011-4611)\n\nDan Rosenberg discovered flaws in the linux Rose (X.25 PLP) layer used\nby amateur radio. A local user or a remote user on an X.25 network\ncould exploit these flaws to execute arbitrary code as root.\n(CVE-2011-4913).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1141-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/12/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2010-4243\", \"CVE-2010-4263\", \"CVE-2010-4342\", \"CVE-2010-4529\", \"CVE-2010-4565\", \"CVE-2010-4656\", \"CVE-2011-0463\", \"CVE-2011-0521\", \"CVE-2011-0695\", \"CVE-2011-0711\", \"CVE-2011-0712\", \"CVE-2011-0726\", \"CVE-2011-1010\", \"CVE-2011-1012\", \"CVE-2011-1013\", \"CVE-2011-1016\", \"CVE-2011-1019\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1082\", \"CVE-2011-1083\", \"CVE-2011-1093\", \"CVE-2011-1160\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-1173\", \"CVE-2011-1180\", \"CVE-2011-1182\", \"CVE-2011-1476\", \"CVE-2011-1477\", \"CVE-2011-1478\", \"CVE-2011-1573\", \"CVE-2011-2534\", \"CVE-2011-3359\", \"CVE-2011-4611\", \"CVE-2011-4913\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1141-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-316-ec2\", pkgver:\"2.6.32-316.31\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-32-386\", pkgver:\"2.6.32-32.62\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-32-generic\", pkgver:\"2.6.32-32.62\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-32-generic-pae\", pkgver:\"2.6.32-32.62\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-32-lpia\", pkgver:\"2.6.32-32.62\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-32-preempt\", pkgver:\"2.6.32-32.62\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-32-server\", pkgver:\"2.6.32-32.62\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-32-versatile\", pkgver:\"2.6.32-32.62\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-32-virtual\", pkgver:\"2.6.32-32.62\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-386 / linux-image-2.6-ec2 / linux-image-2.6-generic / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-09-14T19:09:58", "description": "Dan Rosenberg discovered that IRDA did not correctly check the size of\nbuffers. On non-x86 systems, a local attacker could exploit this to\nread kernel heap memory, leading to a loss of privacy. (CVE-2010-4529)\n\nDan Rosenburg discovered that the CAN subsystem leaked kernel\naddresses into the /proc filesystem. A local attacker could use this\nto increase the chances of a successful memory corruption exploit.\n(CVE-2010-4565)\n\nKees Cook discovered that the IOWarrior USB device driver did not\ncorrectly check certain size fields. A local attacker with physical\naccess could plug in a specially crafted USB device to crash the\nsystem or potentially gain root privileges. (CVE-2010-4656)\n\nGoldwyn Rodrigues discovered that the OCFS2 filesystem did not\ncorrectly clear memory when writing certain file holes. A local\nattacker could exploit this to read uninitialized data from the disk,\nleading to a loss of privacy. (CVE-2011-0463)\n\nDan Carpenter discovered that the TTPCI DVB driver did not check\ncertain values during an ioctl. If the dvb-ttpci module was loaded, a\nlocal attacker could exploit this to crash the system, leading to a\ndenial of service, or possibly gain root privileges. (CVE-2011-0521)\n\nJens Kuehnel discovered that the InfiniBand driver contained a race\ncondition. On systems using InfiniBand, a local attacker could send\nspecially crafted requests to crash the system, leading to a denial of\nservice. (CVE-2011-0695)\n\nDan Rosenberg discovered that XFS did not correctly initialize memory.\nA local attacker could make crafted ioctl calls to leak portions of\nkernel stack memory, leading to a loss of privacy. (CVE-2011-0711)\n\nRafael Dominguez Vega discovered that the caiaq Native Instruments USB\ndriver did not correctly validate string lengths. A local attacker\nwith physical access could plug in a specially crafted USB device to\ncrash the system or potentially gain root privileges. (CVE-2011-0712)\n\nKees Cook reported that /proc/pid/stat did not correctly filter\ncertain memory locations. A local attacker could determine the memory\nlayout of processes in an attempt to increase the chances of a\nsuccessful memory corruption exploit. (CVE-2011-0726)\n\nTimo Warns discovered that MAC partition parsing routines did not\ncorrectly calculate block counts. A local attacker with physical\naccess could plug in a specially crafted block device to crash the\nsystem or potentially gain root privileges. (CVE-2011-1010)\n\nTimo Warns discovered that LDM partition parsing routines did not\ncorrectly calculate block counts. A local attacker with physical\naccess could plug in a specially crafted block device to crash the\nsystem, leading to a denial of service. (CVE-2011-1012)\n\nMatthiew Herrb discovered that the drm modeset interface did not\ncorrectly handle a signed comparison. A local attacker could exploit\nthis to crash the system or possibly gain root privileges.\n(CVE-2011-1013)\n\nMarek Olsak discovered that the Radeon GPU drivers did not correctly\nvalidate certain registers. On systems with specific hardware, a local\nattacker could exploit this to write to arbitrary video memory.\n(CVE-2011-1016)\n\nTimo Warns discovered that the LDM disk partition handling code did\nnot correctly handle certain values. By inserting a specially crafted\ndisk device, a local attacker could exploit this to gain root\nprivileges. (CVE-2011-1017)\n\nVasiliy Kulikov discovered that the CAP_SYS_MODULE capability was not\nneeded to load kernel modules. A local attacker with the CAP_NET_ADMIN\ncapability could load existing kernel modules, possibly increasing the\nattack surface available on the system. (CVE-2011-1019)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly\nclear memory. A local attacker could exploit this to read kernel stack\nmemory, leading to a loss of privacy. (CVE-2011-1078)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly\ncheck that device name strings were NULL terminated. A local attacker\ncould exploit this to crash the system, leading to a denial of\nservice, or leak contents of kernel stack memory, leading to a loss of\nprivacy. (CVE-2011-1079)\n\nVasiliy Kulikov discovered that bridge network filtering did not check\nthat name fields were NULL terminated. A local attacker could exploit\nthis to leak contents of kernel stack memory, leading to a loss of\nprivacy. (CVE-2011-1080)\n\nNelson Elhage discovered that the epoll subsystem did not correctly\nhandle certain structures. A local attacker could create malicious\nrequests that would hang the system, leading to a denial of service.\n(CVE-2011-1082)\n\nJohan Hovold discovered that the DCCP network stack did not correctly\nhandle certain packet combinations. A remote attacker could send\nspecially crafted network traffic that would crash the system, leading\nto a denial of service. (CVE-2011-1093)\n\nPeter Huewe discovered that the TPM device did not correctly\ninitialize memory. A local attacker could exploit this to read kernel\nheap memory contents, leading to a loss of privacy. (CVE-2011-1160)\n\nDan Rosenberg discovered that some ALSA drivers did not correctly\ncheck the adapter index during ioctl calls. If this driver was loaded,\na local attacker could make a specially crafted ioctl call to gain\nroot privileges. (CVE-2011-1169)\n\nVasiliy Kulikov discovered that the netfilter code did not check\ncertain strings copied from userspace. A local attacker with netfilter\naccess could exploit this to read kernel memory or crash the system,\nleading to a denial of service. (CVE-2011-1170, CVE-2011-1171,\nCVE-2011-1172, CVE-2011-2534)\n\nVasiliy Kulikov discovered that the Acorn Universal Networking driver\ndid not correctly initialize memory. A remote attacker could send\nspecially crafted traffic to read kernel stack memory, leading to a\nloss of privacy. (CVE-2011-1173)\n\nDan Rosenberg discovered that the IRDA subsystem did not correctly\ncheck certain field sizes. If a system was using IRDA, a remote\nattacker could send specially crafted traffic to crash the system or\ngain root privileges. (CVE-2011-1180)\n\nJulien Tinnes discovered that the kernel did not correctly validate\nthe signal structure from tkill(). A local attacker could exploit this\nto send signals to arbitrary threads, possibly bypassing expected\nrestrictions. (CVE-2011-1182)\n\nDan Rosenberg reported errors in the OSS (Open Sound System) MIDI\ninterface. A local attacker on non-x86 systems might be able to cause\na denial of service. (CVE-2011-1476)\n\nDan Rosenberg reported errors in the kernel's OSS (Open Sound System)\ndriver for Yamaha FM synthesizer chips. A local user can exploit this\nto cause memory corruption, causing a denial of service or privilege\nescalation. (CVE-2011-1477)\n\nRyan Sweat discovered that the GRO code did not correctly validate\nmemory. In some configurations on systems using VLANs, a remote\nattacker could send specially crafted traffic to crash the system,\nleading to a denial of service. (CVE-2011-1478)\n\nDan Rosenberg discovered that MPT devices did not correctly validate\ncertain values in ioctl calls. If these drivers were loaded, a local\nattacker could exploit this to read arbitrary kernel memory, leading\nto a loss of privacy. (CVE-2011-1494, CVE-2011-1495)\n\nTavis Ormandy discovered that the pidmap function did not correctly\nhandle large requests. A local attacker could exploit this to crash\nthe system, leading to a denial of service. (CVE-2011-1593)\n\nVasiliy Kulikov discovered that the AGP driver did not check certain\nioctl values. A local attacker with access to the video subsystem\ncould exploit this to crash the system, leading to a denial of\nservice, or possibly gain root privileges. (CVE-2011-1745,\nCVE-2011-2022)\n\nOliver Hartkopp and Dave Jones discovered that the CAN network driver\ndid not correctly validate certain socket structures. If this driver\nwas loaded, a local attacker could crash the system, leading to a\ndenial of service. (CVE-2011-1748)\n\nA flaw was found in the b43 driver in the Linux kernel. An attacker\ncould use this flaw to cause a denial of service if the system has an\nactive wireless interface using the b43 driver. (CVE-2011-3359)\n\nMaynard Johnson discovered that on POWER7, certain speculative events\nmay raise a performance monitor exception. A local attacker could\nexploit this to crash the system, leading to a denial of service.\n(CVE-2011-4611)\n\nDan Rosenberg discovered flaws in the linux Rose (X.25 PLP) layer used\nby amateur radio. A local user or a remote user on an X.25 network\ncould exploit these flaws to execute arbitrary code as root.\n(CVE-2011-4913).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 21, "published": "2011-06-29T00:00:00", "title": "Ubuntu 10.10 : linux vulnerabilities (USN-1160-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1017", "CVE-2011-0521", "CVE-2010-4529", "CVE-2011-1476", "CVE-2011-0695", "CVE-2011-1160", "CVE-2011-1078", "CVE-2011-1083", "CVE-2011-1494", "CVE-2011-1478", "CVE-2011-1012", "CVE-2011-1173", "CVE-2010-4656", "CVE-2011-0463", "CVE-2011-4611", "CVE-2011-0711", "CVE-2011-2022", "CVE-2011-1180", "CVE-2011-3359", "CVE-2011-1079", "CVE-2011-0712", "CVE-2011-1019", "CVE-2011-1495", "CVE-2011-1169", "CVE-2011-4913", "CVE-2011-1013", "CVE-2011-1093", "CVE-2011-1010", "CVE-2011-1016", "CVE-2011-1593", "CVE-2011-1170", "CVE-2011-1172", "CVE-2011-1748", "CVE-2011-1171", "CVE-2011-1082", "CVE-2011-1477", "CVE-2011-2534", "CVE-2011-0726", "CVE-2011-1745", "CVE-2011-1182", "CVE-2010-4565", "CVE-2011-1080"], "modified": "2020-09-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "cpe:/o:canonical:ubuntu_linux:10.10", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual"], "id": "UBUNTU_USN-1160-1.NASL", "href": "https://www.tenable.com/plugins/nessus/55454", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1160-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55454);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2010-4529\", \"CVE-2010-4565\", \"CVE-2010-4656\", \"CVE-2011-0463\", \"CVE-2011-0521\", \"CVE-2011-0695\", \"CVE-2011-0711\", \"CVE-2011-0712\", \"CVE-2011-0726\", \"CVE-2011-1010\", \"CVE-2011-1012\", \"CVE-2011-1013\", \"CVE-2011-1016\", \"CVE-2011-1017\", \"CVE-2011-1019\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1082\", \"CVE-2011-1083\", \"CVE-2011-1093\", \"CVE-2011-1160\", \"CVE-2011-1169\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-1173\", \"CVE-2011-1180\", \"CVE-2011-1182\", \"CVE-2011-1476\", \"CVE-2011-1477\", \"CVE-2011-1478\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1593\", \"CVE-2011-1745\", \"CVE-2011-1748\", \"CVE-2011-2022\", \"CVE-2011-2534\", \"CVE-2011-3359\", \"CVE-2011-4611\", \"CVE-2011-4913\");\n script_bugtraq_id(44661, 45556, 45986, 46069, 46417, 46419, 46492, 46512, 46839, 47116, 47791);\n script_xref(name:\"USN\", value:\"1160-1\");\n\n script_name(english:\"Ubuntu 10.10 : linux vulnerabilities (USN-1160-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Dan Rosenberg discovered that IRDA did not correctly check the size of\nbuffers. On non-x86 systems, a local attacker could exploit this to\nread kernel heap memory, leading to a loss of privacy. (CVE-2010-4529)\n\nDan Rosenburg discovered that the CAN subsystem leaked kernel\naddresses into the /proc filesystem. A local attacker could use this\nto increase the chances of a successful memory corruption exploit.\n(CVE-2010-4565)\n\nKees Cook discovered that the IOWarrior USB device driver did not\ncorrectly check certain size fields. A local attacker with physical\naccess could plug in a specially crafted USB device to crash the\nsystem or potentially gain root privileges. (CVE-2010-4656)\n\nGoldwyn Rodrigues discovered that the OCFS2 filesystem did not\ncorrectly clear memory when writing certain file holes. A local\nattacker could exploit this to read uninitialized data from the disk,\nleading to a loss of privacy. (CVE-2011-0463)\n\nDan Carpenter discovered that the TTPCI DVB driver did not check\ncertain values during an ioctl. If the dvb-ttpci module was loaded, a\nlocal attacker could exploit this to crash the system, leading to a\ndenial of service, or possibly gain root privileges. (CVE-2011-0521)\n\nJens Kuehnel discovered that the InfiniBand driver contained a race\ncondition. On systems using InfiniBand, a local attacker could send\nspecially crafted requests to crash the system, leading to a denial of\nservice. (CVE-2011-0695)\n\nDan Rosenberg discovered that XFS did not correctly initialize memory.\nA local attacker could make crafted ioctl calls to leak portions of\nkernel stack memory, leading to a loss of privacy. (CVE-2011-0711)\n\nRafael Dominguez Vega discovered that the caiaq Native Instruments USB\ndriver did not correctly validate string lengths. A local attacker\nwith physical access could plug in a specially crafted USB device to\ncrash the system or potentially gain root privileges. (CVE-2011-0712)\n\nKees Cook reported that /proc/pid/stat did not correctly filter\ncertain memory locations. A local attacker could determine the memory\nlayout of processes in an attempt to increase the chances of a\nsuccessful memory corruption exploit. (CVE-2011-0726)\n\nTimo Warns discovered that MAC partition parsing routines did not\ncorrectly calculate block counts. A local attacker with physical\naccess could plug in a specially crafted block device to crash the\nsystem or potentially gain root privileges. (CVE-2011-1010)\n\nTimo Warns discovered that LDM partition parsing routines did not\ncorrectly calculate block counts. A local attacker with physical\naccess could plug in a specially crafted block device to crash the\nsystem, leading to a denial of service. (CVE-2011-1012)\n\nMatthiew Herrb discovered that the drm modeset interface did not\ncorrectly handle a signed comparison. A local attacker could exploit\nthis to crash the system or possibly gain root privileges.\n(CVE-2011-1013)\n\nMarek Olsak discovered that the Radeon GPU drivers did not correctly\nvalidate certain registers. On systems with specific hardware, a local\nattacker could exploit this to write to arbitrary video memory.\n(CVE-2011-1016)\n\nTimo Warns discovered that the LDM disk partition handling code did\nnot correctly handle certain values. By inserting a specially crafted\ndisk device, a local attacker could exploit this to gain root\nprivileges. (CVE-2011-1017)\n\nVasiliy Kulikov discovered that the CAP_SYS_MODULE capability was not\nneeded to load kernel modules. A local attacker with the CAP_NET_ADMIN\ncapability could load existing kernel modules, possibly increasing the\nattack surface available on the system. (CVE-2011-1019)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly\nclear memory. A local attacker could exploit this to read kernel stack\nmemory, leading to a loss of privacy. (CVE-2011-1078)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly\ncheck that device name strings were NULL terminated. A local attacker\ncould exploit this to crash the system, leading to a denial of\nservice, or leak contents of kernel stack memory, leading to a loss of\nprivacy. (CVE-2011-1079)\n\nVasiliy Kulikov discovered that bridge network filtering did not check\nthat name fields were NULL terminated. A local attacker could exploit\nthis to leak contents of kernel stack memory, leading to a loss of\nprivacy. (CVE-2011-1080)\n\nNelson Elhage discovered that the epoll subsystem did not correctly\nhandle certain structures. A local attacker could create malicious\nrequests that would hang the system, leading to a denial of service.\n(CVE-2011-1082)\n\nJohan Hovold discovered that the DCCP network stack did not correctly\nhandle certain packet combinations. A remote attacker could send\nspecially crafted network traffic that would crash the system, leading\nto a denial of service. (CVE-2011-1093)\n\nPeter Huewe discovered that the TPM device did not correctly\ninitialize memory. A local attacker could exploit this to read kernel\nheap memory contents, leading to a loss of privacy. (CVE-2011-1160)\n\nDan Rosenberg discovered that some ALSA drivers did not correctly\ncheck the adapter index during ioctl calls. If this driver was loaded,\na local attacker could make a specially crafted ioctl call to gain\nroot privileges. (CVE-2011-1169)\n\nVasiliy Kulikov discovered that the netfilter code did not check\ncertain strings copied from userspace. A local attacker with netfilter\naccess could exploit this to read kernel memory or crash the system,\nleading to a denial of service. (CVE-2011-1170, CVE-2011-1171,\nCVE-2011-1172, CVE-2011-2534)\n\nVasiliy Kulikov discovered that the Acorn Universal Networking driver\ndid not correctly initialize memory. A remote attacker could send\nspecially crafted traffic to read kernel stack memory, leading to a\nloss of privacy. (CVE-2011-1173)\n\nDan Rosenberg discovered that the IRDA subsystem did not correctly\ncheck certain field sizes. If a system was using IRDA, a remote\nattacker could send specially crafted traffic to crash the system or\ngain root privileges. (CVE-2011-1180)\n\nJulien Tinnes discovered that the kernel did not correctly validate\nthe signal structure from tkill(). A local attacker could exploit this\nto send signals to arbitrary threads, possibly bypassing expected\nrestrictions. (CVE-2011-1182)\n\nDan Rosenberg reported errors in the OSS (Open Sound System) MIDI\ninterface. A local attacker on non-x86 systems might be able to cause\na denial of service. (CVE-2011-1476)\n\nDan Rosenberg reported errors in the kernel's OSS (Open Sound System)\ndriver for Yamaha FM synthesizer chips. A local user can exploit this\nto cause memory corruption, causing a denial of service or privilege\nescalation. (CVE-2011-1477)\n\nRyan Sweat discovered that the GRO code did not correctly validate\nmemory. In some configurations on systems using VLANs, a remote\nattacker could send specially crafted traffic to crash the system,\nleading to a denial of service. (CVE-2011-1478)\n\nDan Rosenberg discovered that MPT devices did not correctly validate\ncertain values in ioctl calls. If these drivers were loaded, a local\nattacker could exploit this to read arbitrary kernel memory, leading\nto a loss of privacy. (CVE-2011-1494, CVE-2011-1495)\n\nTavis Ormandy discovered that the pidmap function did not correctly\nhandle large requests. A local attacker could exploit this to crash\nthe system, leading to a denial of service. (CVE-2011-1593)\n\nVasiliy Kulikov discovered that the AGP driver did not check certain\nioctl values. A local attacker with access to the video subsystem\ncould exploit this to crash the system, leading to a denial of\nservice, or possibly gain root privileges. (CVE-2011-1745,\nCVE-2011-2022)\n\nOliver Hartkopp and Dave Jones discovered that the CAN network driver\ndid not correctly validate certain socket structures. If this driver\nwas loaded, a local attacker could crash the system, leading to a\ndenial of service. (CVE-2011-1748)\n\nA flaw was found in the b43 driver in the Linux kernel. An attacker\ncould use this flaw to cause a denial of service if the system has an\nactive wireless interface using the b43 driver. (CVE-2011-3359)\n\nMaynard Johnson discovered that on POWER7, certain speculative events\nmay raise a performance monitor exception. A local attacker could\nexploit this to crash the system, leading to a denial of service.\n(CVE-2011-4611)\n\nDan Rosenberg discovered flaws in the linux Rose (X.25 PLP) layer used\nby amateur radio. A local user or a remote user on an X.25 network\ncould exploit these flaws to execute arbitrary code as root.\n(CVE-2011-4913).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1160-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/12/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2010-4529\", \"CVE-2010-4565\", \"CVE-2010-4656\", \"CVE-2011-0463\", \"CVE-2011-0521\", \"CVE-2011-0695\", \"CVE-2011-0711\", \"CVE-2011-0712\", \"CVE-2011-0726\", \"CVE-2011-1010\", \"CVE-2011-1012\", \"CVE-2011-1013\", \"CVE-2011-1016\", \"CVE-2011-1017\", \"CVE-2011-1019\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1082\", \"CVE-2011-1083\", \"CVE-2011-1093\", \"CVE-2011-1160\", \"CVE-2011-1169\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-1173\", \"CVE-2011-1180\", \"CVE-2011-1182\", \"CVE-2011-1476\", \"CVE-2011-1477\", \"CVE-2011-1478\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1593\", \"CVE-2011-1745\", \"CVE-2011-1748\", \"CVE-2011-2022\", \"CVE-2011-2534\", \"CVE-2011-3359\", \"CVE-2011-4611\", \"CVE-2011-4913\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1160-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.35-30-generic\", pkgver:\"2.6.35-30.54\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.35-30-generic-pae\", pkgver:\"2.6.35-30.54\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.35-30-server\", pkgver:\"2.6.35-30.54\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.35-30-versatile\", pkgver:\"2.6.35-30.54\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.35-30-virtual\", pkgver:\"2.6.35-30.54\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-generic / linux-image-2.6-generic-pae / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-09-14T13:17:00", "description": "Updated kernel packages that fix multiple security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* A flaw in the dccp_rcv_state_process() function could allow a remote\nattacker to cause a denial of service, even when the socket was\nalready closed. (CVE-2011-1093, Important)\n\n* Multiple buffer overflow flaws were found in the Linux kernel's\nManagement Module Support for Message Passing Technology (MPT) based\ncontrollers. A local, unprivileged user could use these flaws to cause\na denial of service, an information leak, or escalate their\nprivileges. (CVE-2011-1494, CVE-2011-1495, Important)\n\n* A missing validation of a null-terminated string data structure\nelement in the bnep_sock_ioctl() function could allow a local user to\ncause an information leak or a denial of service. (CVE-2011-1079,\nModerate)\n\n* Missing error checking in the way page tables were handled in the\nXen hypervisor implementation could allow a privileged guest user to\ncause the host, and the guests, to lock up. (CVE-2011-1166, Moderate)\n\n* A flaw was found in the way the Xen hypervisor implementation\nchecked for the upper boundary when getting a new event channel port.\nA privileged guest user could use this flaw to cause a denial of\nservice or escalate their privileges. (CVE-2011-1763, Moderate)\n\n* The start_code and end_code values in '/proc/[pid]/stat' were not\nprotected. In certain scenarios, this flaw could be used to defeat\nAddress Space Layout Randomization (ASLR). (CVE-2011-0726, Low)\n\n* A missing initialization flaw in the sco_sock_getsockopt() function\ncould allow a local, unprivileged user to cause an information leak.\n(CVE-2011-1078, Low)\n\n* A missing validation of a null-terminated string data structure\nelement in the do_replace() function could allow a local user who has\nthe CAP_NET_ADMIN capability to cause an information leak.\n(CVE-2011-1080, Low)\n\n* A buffer overflow flaw in the DEC Alpha OSF partition implementation\nin the Linux kernel could allow a local attacker to cause an\ninformation leak by mounting a disk that contains specially crafted\npartition tables. (CVE-2011-1163, Low)\n\n* Missing validations of null-terminated string data structure\nelements in the do_replace(), compat_do_replace(), do_ipt_get_ctl(),\ndo_ip6t_get_ctl(), and do_arpt_get_ctl() functions could allow a local\nuser who has the CAP_NET_ADMIN capability to cause an information\nleak. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, Low)\n\n* A heap overflow flaw in the Linux kernel's EFI GUID Partition Table\n(GPT) implementation could allow a local attacker to cause a denial of\nservice by mounting a disk that contains specially crafted partition\ntables. (CVE-2011-1577, Low)\n\nRed Hat would like to thank Dan Rosenberg for reporting CVE-2011-1494\nand CVE-2011-1495; Vasiliy Kulikov for reporting CVE-2011-1079,\nCVE-2011-1078, CVE-2011-1080, CVE-2011-1170, CVE-2011-1171, and\nCVE-2011-1172; Kees Cook for reporting CVE-2011-0726; and Timo Warns\nfor reporting CVE-2011-1163 and CVE-2011-1577.\n\nThis update also fixes several bugs. Documentation for these bug fixes\nwill be available shortly from the Technical Notes document linked to\nin the References section.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues, and fix the bugs noted in\nthe Technical Notes. The system must be rebooted for this update to\ntake effect.", "edition": 23, "published": "2013-06-29T00:00:00", "title": "CentOS 5 : kernel (CESA-2011:0833)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1078", "CVE-2011-1494", "CVE-2011-1166", "CVE-2011-1079", "CVE-2011-1495", "CVE-2011-1163", "CVE-2011-1093", "CVE-2011-1170", "CVE-2011-1172", "CVE-2011-1171", "CVE-2011-0726", "CVE-2011-1763", "CVE-2011-1080", "CVE-2011-1577"], "modified": "2020-09-02T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel-PAE-devel", "p-cpe:/a:centos:centos:kernel-xen-devel", "p-cpe:/a:centos:centos:kernel-xen", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-headers", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:kernel-PAE", "p-cpe:/a:centos:centos:kernel-debug-devel"], "id": "CENTOS_RHSA-2011-0833.NASL", "href": "https://www.tenable.com/plugins/nessus/67081", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0833 and \n# CentOS Errata and Security Advisory 2011:0833 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67081);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/10/25 13:36:06\");\n\n script_cve_id(\"CVE-2011-0726\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1163\", \"CVE-2011-1166\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1577\", \"CVE-2011-1763\");\n script_bugtraq_id(46616, 46793, 46878, 46919, 47185, 47343, 47791, 48048);\n script_xref(name:\"RHSA\", value:\"2011:0833\");\n\n script_name(english:\"CentOS 5 : kernel (CESA-2011:0833)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix multiple security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* A flaw in the dccp_rcv_state_process() function could allow a remote\nattacker to cause a denial of service, even when the socket was\nalready closed. (CVE-2011-1093, Important)\n\n* Multiple buffer overflow flaws were found in the Linux kernel's\nManagement Module Support for Message Passing Technology (MPT) based\ncontrollers. A local, unprivileged user could use these flaws to cause\na denial of service, an information leak, or escalate their\nprivileges. (CVE-2011-1494, CVE-2011-1495, Important)\n\n* A missing validation of a null-terminated string data structure\nelement in the bnep_sock_ioctl() function could allow a local user to\ncause an information leak or a denial of service. (CVE-2011-1079,\nModerate)\n\n* Missing error checking in the way page tables were handled in the\nXen hypervisor implementation could allow a privileged guest user to\ncause the host, and the guests, to lock up. (CVE-2011-1166, Moderate)\n\n* A flaw was found in the way the Xen hypervisor implementation\nchecked for the upper boundary when getting a new event channel port.\nA privileged guest user could use this flaw to cause a denial of\nservice or escalate their privileges. (CVE-2011-1763, Moderate)\n\n* The start_code and end_code values in '/proc/[pid]/stat' were not\nprotected. In certain scenarios, this flaw could be used to defeat\nAddress Space Layout Randomization (ASLR). (CVE-2011-0726, Low)\n\n* A missing initialization flaw in the sco_sock_getsockopt() function\ncould allow a local, unprivileged user to cause an information leak.\n(CVE-2011-1078, Low)\n\n* A missing validation of a null-terminated string data structure\nelement in the do_replace() function could allow a local user who has\nthe CAP_NET_ADMIN capability to cause an information leak.\n(CVE-2011-1080, Low)\n\n* A buffer overflow flaw in the DEC Alpha OSF partition implementation\nin the Linux kernel could allow a local attacker to cause an\ninformation leak by mounting a disk that contains specially crafted\npartition tables. (CVE-2011-1163, Low)\n\n* Missing validations of null-terminated string data structure\nelements in the do_replace(), compat_do_replace(), do_ipt_get_ctl(),\ndo_ip6t_get_ctl(), and do_arpt_get_ctl() functions could allow a local\nuser who has the CAP_NET_ADMIN capability to cause an information\nleak. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, Low)\n\n* A heap overflow flaw in the Linux kernel's EFI GUID Partition Table\n(GPT) implementation could allow a local attacker to cause a denial of\nservice by mounting a disk that contains specially crafted partition\ntables. (CVE-2011-1577, Low)\n\nRed Hat would like to thank Dan Rosenberg for reporting CVE-2011-1494\nand CVE-2011-1495; Vasiliy Kulikov for reporting CVE-2011-1079,\nCVE-2011-1078, CVE-2011-1080, CVE-2011-1170, CVE-2011-1171, and\nCVE-2011-1172; Kees Cook for reporting CVE-2011-0726; and Timo Warns\nfor reporting CVE-2011-1163 and CVE-2011-1577.\n\nThis update also fixes several bugs. Documentation for these bug fixes\nwill be available shortly from the Technical Notes document linked to\nin the References section.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues, and fix the bugs noted in\nthe Technical Notes. The system must be rebooted for this update to\ntake effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-May/017609.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2ad5c8d8\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-May/017610.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d109830b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-2.6.18-238.12.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-238.12.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-238.12.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-debug-2.6.18-238.12.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-debug-devel-2.6.18-238.12.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-devel-2.6.18-238.12.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-doc-2.6.18-238.12.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-headers-2.6.18-238.12.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-xen-2.6.18-238.12.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-xen-devel-2.6.18-238.12.1.el5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-09-14T17:17:59", "description": "From Red Hat Security Advisory 2011:0833 :\n\nUpdated kernel packages that fix multiple security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* A flaw in the dccp_rcv_state_process() function could allow a remote\nattacker to cause a denial of service, even when the socket was\nalready closed. (CVE-2011-1093, Important)\n\n* Multiple buffer overflow flaws were found in the Linux kernel's\nManagement Module Support for Message Passing Technology (MPT) based\ncontrollers. A local, unprivileged user could use these flaws to cause\na denial of service, an information leak, or escalate their\nprivileges. (CVE-2011-1494, CVE-2011-1495, Important)\n\n* A missing validation of a null-terminated string data structure\nelement in the bnep_sock_ioctl() function could allow a local user to\ncause an information leak or a denial of service. (CVE-2011-1079,\nModerate)\n\n* Missing error checking in the way page tables were handled in the\nXen hypervisor implementation could allow a privileged guest user to\ncause the host, and the guests, to lock up. (CVE-2011-1166, Moderate)\n\n* A flaw was found in the way the Xen hypervisor implementation\nchecked for the upper boundary when getting a new event channel port.\nA privileged guest user could use this flaw to cause a denial of\nservice or escalate their privileges. (CVE-2011-1763, Moderate)\n\n* The start_code and end_code values in '/proc/[pid]/stat' were not\nprotected. In certain scenarios, this flaw could be used to defeat\nAddress Space Layout Randomization (ASLR). (CVE-2011-0726, Low)\n\n* A missing initialization flaw in the sco_sock_getsockopt() function\ncould allow a local, unprivileged user to cause an information leak.\n(CVE-2011-1078, Low)\n\n* A missing validation of a null-terminated string data structure\nelement in the do_replace() function could allow a local user who has\nthe CAP_NET_ADMIN capability to cause an information leak.\n(CVE-2011-1080, Low)\n\n* A buffer overflow flaw in the DEC Alpha OSF partition implementation\nin the Linux kernel could allow a local attacker to cause an\ninformation leak by mounting a disk that contains specially crafted\npartition tables. (CVE-2011-1163, Low)\n\n* Missing validations of null-terminated string data structure\nelements in the do_replace(), compat_do_replace(), do_ipt_get_ctl(),\ndo_ip6t_get_ctl(), and do_arpt_get_ctl() functions could allow a local\nuser who has the CAP_NET_ADMIN capability to cause an information\nleak. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, Low)\n\n* A heap overflow flaw in the Linux kernel's EFI GUID Partition Table\n(GPT) implementation could allow a local attacker to cause a denial of\nservice by mounting a disk that contains specially crafted partition\ntables. (CVE-2011-1577, Low)\n\nRed Hat would like to thank Dan Rosenberg for reporting CVE-2011-1494\nand CVE-2011-1495; Vasiliy Kulikov for reporting CVE-2011-1079,\nCVE-2011-1078, CVE-2011-1080, CVE-2011-1170, CVE-2011-1171, and\nCVE-2011-1172; Kees Cook for reporting CVE-2011-0726; and Timo Warns\nfor reporting CVE-2011-1163 and CVE-2011-1577.\n\nThis update also fixes several bugs. Documentation for these bug fixes\nwill be available shortly from the Technical Notes document linked to\nin the References section.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues, and fix the bugs noted in\nthe Technical Notes. The system must be rebooted for this update to\ntake effect.", "edition": 21, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 : kernel (ELSA-2011-0833)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1078", "CVE-2011-1494", "CVE-2011-1166", "CVE-2011-1079", "CVE-2011-1495", "CVE-2011-1163", "CVE-2011-1093", "CVE-2011-1170", "CVE-2011-1172", "CVE-2011-1171", "CVE-2011-0726", "CVE-2011-1763", "CVE-2011-1080", "CVE-2011-1577"], "modified": "2020-09-02T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-doc", "p-cpe:/a:oracle:linux:kernel-PAE", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:kernel-xen-devel", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-PAE-devel", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-xen"], "id": "ORACLELINUX_ELSA-2011-0833.NASL", "href": "https://www.tenable.com/plugins/nessus/68276", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:0833 and \n# Oracle Linux Security Advisory ELSA-2011-0833 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68276);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2019/10/25 13:36:09\");\n\n script_cve_id(\"CVE-2011-0726\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1163\", \"CVE-2011-1166\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1577\", \"CVE-2011-1763\");\n script_bugtraq_id(46616, 46793, 46878, 46919, 47185, 47343, 47791, 48048);\n script_xref(name:\"RHSA\", value:\"2011:0833\");\n\n script_name(english:\"Oracle Linux 5 : kernel (ELSA-2011-0833)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:0833 :\n\nUpdated kernel packages that fix multiple security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* A flaw in the dccp_rcv_state_process() function could allow a remote\nattacker to cause a denial of service, even when the socket was\nalready closed. (CVE-2011-1093, Important)\n\n* Multiple buffer overflow flaws were found in the Linux kernel's\nManagement Module Support for Message Passing Technology (MPT) based\ncontrollers. A local, unprivileged user could use these flaws to cause\na denial of service, an information leak, or escalate their\nprivileges. (CVE-2011-1494, CVE-2011-1495, Important)\n\n* A missing validation of a null-terminated string data structure\nelement in the bnep_sock_ioctl() function could allow a local user to\ncause an information leak or a denial of service. (CVE-2011-1079,\nModerate)\n\n* Missing error checking in the way page tables were handled in the\nXen hypervisor implementation could allow a privileged guest user to\ncause the host, and the guests, to lock up. (CVE-2011-1166, Moderate)\n\n* A flaw was found in the way the Xen hypervisor implementation\nchecked for the upper boundary when getting a new event channel port.\nA privileged guest user could use this flaw to cause a denial of\nservice or escalate their privileges. (CVE-2011-1763, Moderate)\n\n* The start_code and end_code values in '/proc/[pid]/stat' were not\nprotected. In certain scenarios, this flaw could be used to defeat\nAddress Space Layout Randomization (ASLR). (CVE-2011-0726, Low)\n\n* A missing initialization flaw in the sco_sock_getsockopt() function\ncould allow a local, unprivileged user to cause an information leak.\n(CVE-2011-1078, Low)\n\n* A missing validation of a null-terminated string data structure\nelement in the do_replace() function could allow a local user who has\nthe CAP_NET_ADMIN capability to cause an information leak.\n(CVE-2011-1080, Low)\n\n* A buffer overflow flaw in the DEC Alpha OSF partition implementation\nin the Linux kernel could allow a local attacker to cause an\ninformation leak by mounting a disk that contains specially crafted\npartition tables. (CVE-2011-1163, Low)\n\n* Missing validations of null-terminated string data structure\nelements in the do_replace(), compat_do_replace(), do_ipt_get_ctl(),\ndo_ip6t_get_ctl(), and do_arpt_get_ctl() functions could allow a local\nuser who has the CAP_NET_ADMIN capability to cause an information\nleak. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, Low)\n\n* A heap overflow flaw in the Linux kernel's EFI GUID Partition Table\n(GPT) implementation could allow a local attacker to cause a denial of\nservice by mounting a disk that contains specially crafted partition\ntables. (CVE-2011-1577, Low)\n\nRed Hat would like to thank Dan Rosenberg for reporting CVE-2011-1494\nand CVE-2011-1495; Vasiliy Kulikov for reporting CVE-2011-1079,\nCVE-2011-1078, CVE-2011-1080, CVE-2011-1170, CVE-2011-1171, and\nCVE-2011-1172; Kees Cook for reporting CVE-2011-0726; and Timo Warns\nfor reporting CVE-2011-1163 and CVE-2011-1577.\n\nThis update also fixes several bugs. Documentation for these bug fixes\nwill be available shortly from the Technical Notes document linked to\nin the References section.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues, and fix the bugs noted in\nthe Technical Notes. The system must be rebooted for this update to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-June/002158.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-0726\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1163\", \"CVE-2011-1166\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1577\", \"CVE-2011-1763\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2011-0833\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-2.6.18-238.12.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-PAE-2.6.18\") && rpm_check(release:\"EL5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-238.12.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-PAE-devel-2.6.18\") && rpm_check(release:\"EL5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-238.12.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-debug-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-debug-2.6.18-238.12.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-debug-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-debug-devel-2.6.18-238.12.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-devel-2.6.18-238.12.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-doc-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-doc-2.6.18-238.12.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-headers-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-headers-2.6.18-238.12.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-xen-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-xen-2.6.18-238.12.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-xen-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-xen-devel-2.6.18-238.12.1.0.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-09-14T18:22:07", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n - A flaw in the dccp_rcv_state_process() function could\n allow a remote attacker to cause a denial of service,\n even when the socket was already closed. (CVE-2011-1093,\n Important)\n\n - Multiple buffer overflow flaws were found in the Linux\n kernel's Management Module Support for Message Passing\n Technology (MPT) based controllers. A local,\n unprivileged user could use these flaws to cause a\n denial of service, an information leak, or escalate\n their privileges. (CVE-2011-1494, CVE-2011-1495,\n Important)\n\n - A missing validation of a null-terminated string data\n structure element in the bnep_sock_ioctl() function\n could allow a local user to cause an information leak or\n a denial of service. (CVE-2011-1079, Moderate)\n\n - Missing error checking in the way page tables were\n handled in the Xen hypervisor implementation could allow\n a privileged guest user to cause the host, and the\n guests, to lock up. (CVE-2011-1166, Moderate)\n\n - A flaw was found in the way the Xen hypervisor\n implementation checked for the upper boundary when\n getting a new event channel port. A privileged guest\n user could use this flaw to cause a denial of service or\n escalate their privileges. (CVE-2011-1763, Moderate)\n\n - The start_code and end_code values in '/proc/[pid]/stat'\n were not protected. In certain scenarios, this flaw\n could be used to defeat Address Space Layout\n Randomization (ASLR). (CVE-2011-0726, Low)\n\n - A missing initialization flaw in the\n sco_sock_getsockopt() function could allow a local,\n unprivileged user to cause an information leak.\n (CVE-2011-1078, Low)\n\n - A missing validation of a null-terminated string data\n structure element in the do_replace() function could\n allow a local user who has the CAP_NET_ADMIN capability\n to cause an information leak. (CVE-2011-1080, Low)\n\n - A buffer overflow flaw in the DEC Alpha OSF partition\n implementation in the Linux kernel could allow a local\n attacker to cause an information leak by mounting a disk\n that contains specially crafted partition tables.\n (CVE-2011-1163, Low)\n\n - Missing validations of null-terminated string data\n structure elements in the do_replace(),\n compat_do_replace(), do_ipt_get_ctl(),\n do_ip6t_get_ctl(), and do_arpt_get_ctl() functions could\n allow a local user who has the CAP_NET_ADMIN capability\n to cause an information leak. (CVE-2011-1170,\n CVE-2011-1171, CVE-2011-1172, Low)\n\n - A heap overflow flaw in the Linux kernel's EFI GUID\n Partition Table (GPT) implementation could allow a local\n attacker to cause a denial of service by mounting a disk\n that contains specially crafted partition tables.\n (CVE-2011-1577, Low)\n\nThis update also fixes several bugs.\n\nThe system must be rebooted for this update to take effect.", "edition": 20, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : kernel on SL5.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1078", "CVE-2011-1494", "CVE-2011-1166", "CVE-2011-1079", "CVE-2011-1495", "CVE-2011-1163", "CVE-2011-1093", "CVE-2011-1170", "CVE-2011-1172", "CVE-2011-1171", "CVE-2011-0726", "CVE-2011-1763", "CVE-2011-1080", "CVE-2011-1577"], "modified": "2020-09-02T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110531_KERNEL_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61059", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61059);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/10/25 13:36:19\");\n\n script_cve_id(\"CVE-2011-0726\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1163\", \"CVE-2011-1166\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-1494\", \"CVE-2011-1577\", \"CVE-2011-1763\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n - A flaw in the dccp_rcv_state_process() function could\n allow a remote attacker to cause a denial of service,\n even when the socket was already closed. (CVE-2011-1093,\n Important)\n\n - Multiple buffer overflow flaws were found in the Linux\n kernel's Management Module Support for Message Passing\n Technology (MPT) based controllers. A local,\n unprivileged user could use these flaws to cause a\n denial of service, an information leak, or escalate\n their privileges. (CVE-2011-1494, CVE-2011-1495,\n Important)\n\n - A missing validation of a null-terminated string data\n structure element in the bnep_sock_ioctl() function\n could allow a local user to cause an information leak or\n a denial of service. (CVE-2011-1079, Moderate)\n\n - Missing error checking in the way page tables were\n handled in the Xen hypervisor implementation could allow\n a privileged guest user to cause the host, and the\n guests, to lock up. (CVE-2011-1166, Moderate)\n\n - A flaw was found in the way the Xen hypervisor\n implementation checked for the upper boundary when\n getting a new event channel port. A privileged guest\n user could use this flaw to cause a denial of service or\n escalate their privileges. (CVE-2011-1763, Moderate)\n\n - The start_code and end_code values in '/proc/[pid]/stat'\n were not protected. In certain scenarios, this flaw\n could be used to defeat Address Space Layout\n Randomization (ASLR). (CVE-2011-0726, Low)\n\n - A missing initialization flaw in the\n sco_sock_getsockopt() function could allow a local,\n unprivileged user to cause an information leak.\n (CVE-2011-1078, Low)\n\n - A missing validation of a null-terminated string data\n structure element in the do_replace() function could\n allow a local user who has the CAP_NET_ADMIN capability\n to cause an information leak. (CVE-2011-1080, Low)\n\n - A buffer overflow flaw in the DEC Alpha OSF partition\n implementation in the Linux kernel could allow a local\n attacker to cause an information leak by mounting a disk\n that contains specially crafted partition tables.\n (CVE-2011-1163, Low)\n\n - Missing validations of null-terminated string data\n structure elements in the do_replace(),\n compat_do_replace(), do_ipt_get_ctl(),\n do_ip6t_get_ctl(), and do_arpt_get_ctl() functions could\n allow a local user who has the CAP_NET_ADMIN capability\n to cause an information leak. (CVE-2011-1170,\n CVE-2011-1171, CVE-2011-1172, Low)\n\n - A heap overflow flaw in the Linux kernel's EFI GUID\n Partition Table (GPT) implementation could allow a local\n attacker to cause a denial of service by mounting a disk\n that contains specially crafted partition tables.\n (CVE-2011-1577, Low)\n\nThis update also fixes several bugs.\n\nThe system must be rebooted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1106&L=scientific-linux-errata&T=0&P=1636\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f3b8fdda\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"kernel-2.6.18-238.12.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-238.12.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-PAE-debuginfo-2.6.18-238.12.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-238.12.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debug-2.6.18-238.12.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debug-debuginfo-2.6.18-238.12.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debug-devel-2.6.18-238.12.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debuginfo-2.6.18-238.12.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debuginfo-common-2.6.18-238.12.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-devel-2.6.18-238.12.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-headers-2.6.18-238.12.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-xen-2.6.18-238.12.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-xen-debuginfo-2.6.18-238.12.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-xen-devel-2.6.18-238.12.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-09-14T17:38:29", "description": "Updated kernel packages that fix multiple security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* An integer overflow flaw in ib_uverbs_poll_cq() could allow a local,\nunprivileged user to cause a denial of service or escalate their\nprivileges. (CVE-2010-4649, Important)\n\n* A race condition in the way new InfiniBand connections were set up\ncould allow a remote user to cause a denial of service.\n(CVE-2011-0695, Important)\n\n* A flaw in the Stream Control Transmission Protocol (SCTP)\nimplementation could allow a remote attacker to cause a denial of\nservice if the sysctl 'net.sctp.addip_enable' variable was turned on\n(it is off by default). (CVE-2011-1573, Important)\n\n* Flaws in the AGPGART driver implementation when handling certain\nIOCTL commands could allow a local, unprivileged user to cause a\ndenial of service or escalate their privileges. (CVE-2011-1745,\nCVE-2011-2022, Important)\n\n* An integer overflow flaw in agp_allocate_memory() could allow a\nlocal, unprivileged user to cause a denial of service or escalate\ntheir privileges. (CVE-2011-1746, Important)\n\n* A flaw allowed napi_reuse_skb() to be called on VLAN (virtual LAN)\npackets. An attacker on the local network could trigger this flaw by\nsending specially crafted packets to a target system, possibly causing\na denial of service. (CVE-2011-1576, Moderate)\n\n* An integer signedness error in next_pidmap() could allow a local,\nunprivileged user to cause a denial of service. (CVE-2011-1593,\nModerate)\n\n* A flaw in the way the Xen hypervisor implementation handled CPUID\ninstruction emulation during virtual machine exits could allow an\nunprivileged guest user to crash a guest. This only affects systems\nthat have an Intel x86 processor with the Intel VT-x extension\nenabled. (CVE-2011-1936, Moderate)\n\n* A flaw in inet_diag_bc_audit() could allow a local, unprivileged\nuser to cause a denial of service (infinite loop). (CVE-2011-2213,\nModerate)\n\n* A missing initialization flaw in the XFS file system implementation\ncould lead to an information leak. (CVE-2011-0711, Low)\n\n* A flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user\nto cause an information leak. (CVE-2011-1044, Low)\n\n* A missing validation check was found in the signals implementation.\nA local, unprivileged user could use this flaw to send signals via the\nsigqueueinfo system call, with the si_code set to SI_TKILL and with\nspoofed process and user IDs, to other processes. Note: This flaw does\nnot allow existing permission checks to be bypassed; signals can only\nbe sent if your privileges allow you to already do so. (CVE-2011-1182,\nLow)\n\n* A heap overflow flaw in the EFI GUID Partition Table (GPT)\nimplementation could allow a local attacker to cause a denial of\nservice by mounting a disk containing specially crafted partition\ntables. (CVE-2011-1776, Low)\n\n* Structure padding in two structures in the Bluetooth implementation\nwas not initialized properly before being copied to user-space,\npossibly allowing local, unprivileged users to leak kernel stack\nmemory to user-space. (CVE-2011-2492, Low)\n\nRed Hat would like to thank Jens Kuehnel for reporting CVE-2011-0695;\nVasiliy Kulikov for reporting CVE-2011-1745, CVE-2011-2022, and\nCVE-2011-1746; Ryan Sweat for reporting CVE-2011-1576; Robert Swiecki\nfor reporting CVE-2011-1593; Dan Rosenberg for reporting CVE-2011-2213\nand CVE-2011-0711; Julien Tinnes of the Google Security Team for\nreporting CVE-2011-1182; Timo Warns for reporting CVE-2011-1776; and\nMarek Kroemeke and Filip Palian for reporting CVE-2011-2492.\n\nBug fix documentation will be available shortly from the Technical\nNotes document linked to in the References.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues, and fix the bugs noted in\nthe Technical Notes. The system must be rebooted for this update to\ntake effect.", "edition": 24, "published": "2011-07-15T00:00:00", "title": "RHEL 5 : kernel (RHSA-2011:0927)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1746", "CVE-2011-0695", "CVE-2010-4649", "CVE-2011-1776", "CVE-2011-1576", "CVE-2011-1573", "CVE-2011-2492", "CVE-2011-0711", "CVE-2011-2022", "CVE-2011-1044", "CVE-2011-1593", "CVE-2011-1936", "CVE-2011-2213", "CVE-2011-1745", "CVE-2011-1182"], "modified": "2020-09-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "cpe:/o:redhat:enterprise_linux:5.6", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-xen", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE", "p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc"], "id": "REDHAT-RHSA-2011-0927.NASL", "href": "https://www.tenable.com/plugins/nessus/55597", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0927. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55597);\n script_version (\"1.27\");\n script_cvs_date(\"Date: 2019/10/25 13:36:16\");\n\n script_cve_id(\"CVE-2010-4649\", \"CVE-2011-0695\", \"CVE-2011-0711\", \"CVE-2011-1044\", \"CVE-2011-1182\", \"CVE-2011-1573\", \"CVE-2011-1576\", \"CVE-2011-1593\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1776\", \"CVE-2011-1936\", \"CVE-2011-2022\", \"CVE-2011-2213\", \"CVE-2011-2492\");\n script_bugtraq_id(46073, 46417, 46488, 46839, 47003, 47308, 47497, 47534, 47535, 47796, 47843, 48333, 48441, 48610);\n script_xref(name:\"RHSA\", value:\"2011:0927\");\n\n script_name(english:\"RHEL 5 : kernel (RHSA-2011:0927)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix multiple security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* An integer overflow flaw in ib_uverbs_poll_cq() could allow a local,\nunprivileged user to cause a denial of service or escalate their\nprivileges. (CVE-2010-4649, Important)\n\n* A race condition in the way new InfiniBand connections were set up\ncould allow a remote user to cause a denial of service.\n(CVE-2011-0695, Important)\n\n* A flaw in the Stream Control Transmission Protocol (SCTP)\nimplementation could allow a remote attacker to cause a denial of\nservice if the sysctl 'net.sctp.addip_enable' variable was turned on\n(it is off by default). (CVE-2011-1573, Important)\n\n* Flaws in the AGPGART driver implementation when handling certain\nIOCTL commands could allow a local, unprivileged user to cause a\ndenial of service or escalate their privileges. (CVE-2011-1745,\nCVE-2011-2022, Important)\n\n* An integer overflow flaw in agp_allocate_memory() could allow a\nlocal, unprivileged user to cause a denial of service or escalate\ntheir privileges. (CVE-2011-1746, Important)\n\n* A flaw allowed napi_reuse_skb() to be called on VLAN (virtual LAN)\npackets. An attacker on the local network could trigger this flaw by\nsending specially crafted packets to a target system, possibly causing\na denial of service. (CVE-2011-1576, Moderate)\n\n* An integer signedness error in next_pidmap() could allow a local,\nunprivileged user to cause a denial of service. (CVE-2011-1593,\nModerate)\n\n* A flaw in the way the Xen hypervisor implementation handled CPUID\ninstruction emulation during virtual machine exits could allow an\nunprivileged guest user to crash a guest. This only affects systems\nthat have an Intel x86 processor with the Intel VT-x extension\nenabled. (CVE-2011-1936, Moderate)\n\n* A flaw in inet_diag_bc_audit() could allow a local, unprivileged\nuser to cause a denial of service (infinite loop). (CVE-2011-2213,\nModerate)\n\n* A missing initialization flaw in the XFS file system implementation\ncould lead to an information leak. (CVE-2011-0711, Low)\n\n* A flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user\nto cause an information leak. (CVE-2011-1044, Low)\n\n* A missing validation check was found in the signals implementation.\nA local, unprivileged user could use this flaw to send signals via the\nsigqueueinfo system call, with the si_code set to SI_TKILL and with\nspoofed process and user IDs, to other processes. Note: This flaw does\nnot allow existing permission checks to be bypassed; signals can only\nbe sent if your privileges allow you to already do so. (CVE-2011-1182,\nLow)\n\n* A heap overflow flaw in the EFI GUID Partition Table (GPT)\nimplementation could allow a local attacker to cause a denial of\nservice by mounting a disk containing specially crafted partition\ntables. (CVE-2011-1776, Low)\n\n* Structure padding in two structures in the Bluetooth implementation\nwas not initialized properly before being copied to user-space,\npossibly allowing local, unprivileged users to leak kernel stack\nmemory to user-space. (CVE-2011-2492, Low)\n\nRed Hat would like to thank Jens Kuehnel for reporting CVE-2011-0695;\nVasiliy Kulikov for reporting CVE-2011-1745, CVE-2011-2022, and\nCVE-2011-1746; Ryan Sweat for reporting CVE-2011-1576; Robert Swiecki\nfor reporting CVE-2011-1593; Dan Rosenberg for reporting CVE-2011-2213\nand CVE-2011-0711; Julien Tinnes of the Google Security Team for\nreporting CVE-2011-1182; Timo Warns for reporting CVE-2011-1776; and\nMarek Kroemeke and Filip Palian for reporting CVE-2011-2492.\n\nBug fix documentation will be available shortly from the Technical\nNotes document linked to in the References.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues, and fix the bugs noted in\nthe Technical Notes. The system must be rebooted for this update to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4649\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1044\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1745\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1776\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1936\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2492\"\n );\n # https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?056c0c27\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:0927\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2010-4649\", \"CVE-2011-0695\", \"CVE-2011-0711\", \"CVE-2011-1044\", \"CVE-2011-1182\", \"CVE-2011-1573\", \"CVE-2011-1576\", \"CVE-2011-1593\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1776\", \"CVE-2011-1936\", \"CVE-2011-2022\", \"CVE-2011-2213\", \"CVE-2011-2492\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2011:0927\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0927\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-devel-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-devel-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-devel-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"kernel-doc-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"kernel-headers-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-headers-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-devel-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.18-238.19.1.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:40", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4649", "CVE-2011-1573", "CVE-2011-0006", "CVE-2011-0711", "CVE-2011-1079", "CVE-2011-1044", "CVE-2011-0712", "CVE-2011-1019", "CVE-2011-1013", "CVE-2011-1093", "CVE-2011-1016", "CVE-2011-0726", "CVE-2010-4565", "CVE-2011-1080"], "description": "[2.6.32-100.28.15.el6]\n- sctp: fix to calc the INIT/INIT-ACK chunk length correctly is set {CVE-2011-1573}\n- dccp: fix oops on Reset after close {CVE-2011-1093}\n- bridge: netfilter: fix information leak {CVE-2011-1080}\n- Bluetooth: bnep: fix buffer overflow {CVE-2011-1079}\n- net: don't allow CAP_NET_ADMIN to load non-netdev kernel modules {CVE-2011-1019}\n- ipip: add module alias for tunl0 tunnel device\n- gre: add module alias for gre0 tunnel device\n- drm/radeon/kms: check AA resolve registers on r300 {CVE-2011-1016}\n- drm/radeon: fix regression with AA resolve checking {CVE-2011-1016}\n- drm: fix unsigned vs signed comparison issue in modeset ctl ioctl {CVE-2011-1013}\n- proc: protect mm start_code/end_code in /proc/pid/stat {CVE-2011-0726}\n- ALSA: caiaq - Fix possible string-buffer overflow {CVE-2011-0712}\n- xfs: zero proper structure size for geometry calls {CVE-2011-0711}\n- xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1 {CVE-2011-0711}\n- ima: fix add LSM rule bug {CVE-2011-0006}\n- IB/uverbs: Handle large number of entries in poll CQ {CVE-2010-4649, CVE-2011-1044}\n- CAN: Use inode instead of kernel address for /proc file {CVE-2010-4565}\n[2.6.32-100.28.14.el6]\n- IB/qib: fix qib compile warning.\n- IB/core: Allow device-specific per-port sysfs files.\n- dm crypt: add plain64 iv.\n- firmware: add firmware for qib.\n- Infiniband: Add QLogic PCIe QLE InfiniBand host channel adapters support.", "edition": 4, "modified": "2011-05-11T00:00:00", "published": "2011-05-11T00:00:00", "id": "ELSA-2011-2015", "href": "http://linux.oracle.com/errata/ELSA-2011-2015.html", "title": "Oracle Linux 6 Unbreakable Enterprise kernel security fix update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:08", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4649", "CVE-2011-1573", "CVE-2011-0006", "CVE-2011-0711", "CVE-2010-4258", "CVE-2011-1079", "CVE-2011-1044", "CVE-2011-0712", "CVE-2011-1019", "CVE-2011-1013", "CVE-2010-4250", "CVE-2011-1093", "CVE-2011-1016", "CVE-2011-0726", "CVE-2010-4565", "CVE-2011-1080"], "description": "[2.6.32-71.29.1.el6]\n- [mm] Revert '[mm] pdpte registers are not flushed when PGD entry is changed in x86 PAE mode' (Larry Woodman) [695256 691310]\n[2.6.32-71.28.1.el6]\n- [net] bonding: fix jiffy comparison issues (Andy Gospodarek) [698109 696337]\n- [drm] radeon/kms: check AA resolve registers on r300 + regression fix (Dave Airlie) [680001 680002] {CVE-2011-1016}\n- [infiniband] uverbs: Handle large number of entries in poll CQ (Eugene Teo) [688429 696137] {CVE-2011-1044 CVE-2010-4649}\n- [net] sctp: fix the INIT/INIT-ACK chunk length calculation (Thomas Graf) [695386 690743] {CVE-2011-1573}\n- [net] CAN: Use inode instead of kernel address for /proc file (Danny Feng) [664560 664561] {CVE-2010-4565}\n- [fs] inotify: fix double free/corruption of stuct user (Eric Paris) [656831 656832] {CVE-2010-4250}\n- [net] netfilter: ipt_CLUSTERIP: fix buffer overflow (Jiri Pirko) [689341 689342]\n- [net] bonding: change test for presence of VLANs (Jiri Pirko) [696487 683496]\n- [scsi] scsi_dh: fix reference counting in scsi_dh_activate error path (Mike Snitzer) [696889 680140]\n- [net] enable VLAN NULL tagging (Neil Horman) [683810 633571]\n- [scsi] scsi_dh: propagate SCSI device deletion (Mike Snitzer) [698114 669411]\n- [fs] inotify: stop kernel memory leak on file creation failure (Eric Paris) [656831 656832] {CVE-2010-4250}\n[2.6.32-71.27.1.el6]\n- [scsi] megaraid: give FW more time to recover from reset (Tomas Henzl) [695322 692673]\n- [netdrv] ixgbe: fix for 82599 erratum on Header Splitting (Andy Gospodarek) [683820 669231]\n- [sound] ALSA: hda - nvhdmi: Add missing codec IDs, unify names (Jaroslav Kysela) [683817 636922]\n- [mm] pdpte registers are not flushed when PGD entry is changed in x86 PAE mode (Larry Woodman) [695256 691310]\n- [net] fix ebtables stack infoleak (Eugene Teo) [681322 681323] {CVE-2011-1080}\n- [drm] fix unsigned vs signed comparison issue in modeset ctl ioctl (Don Howard) [679927 679928] {CVE-2011-1013}\n- [pci] Enable ASPM state clearing regardless of policy (Alex Williamson) [694073 681017]\n- [pci] Disable ASPM if BIOS asks us to (Alex Williamson) [694073 681017]\n- [mm] do not keep kswapd awake for an unreclaimable zone (Johannes Weiner) [694186 633825]\n[2.6.32-71.26.1.el6]\n- [net] bnep: fix buffer overflow (Don Howard) [681315 681316] {CVE-2011-1079}\n- [scsi] aic94xx: world-writable sysfs update_bios file (Don Howard) [679306 679307]\n- [x86] tc1100-wmi: world-writable sysfs wireless and jogdial files (Don Howard) [679306 679307]\n- [x86] acer-wmi: world-writable sysfs threeg file (Don Howard) [679306 679307]\n- [mfd] ab3100: world-writable debugfs *_priv files (Don Howard) [679306 679307]\n- [v4l] sn9c102: world-wirtable sysfs files (Don Howard) [679306 679307]\n- [x86] Fix EFI pagetable to map whole memory (Takao Indoh) [670850 664364]\n- [kernel] CAP_SYS_MODULE bypass via CAP_NET_ADMIN (Phillip Lougher) [681772 681773] {CVE-2011-1019}\n- [kernel] failure to revert address limit override in OOPS error path (Dave Anderson) [659572 659573] {CVE-2010-4258}\n- [fs] xfs: zero proper structure size for geometry calls (Phillip Lougher) [677267 677268] {CVE-2011-0711}\n- [fs] xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1 (Phillip Lougher) [677267 677268] {CVE-2011-0711}\n- [tty] tty_audit: fix tty_audit_add_data live lock on audit disabled (Danny Feng) [684275 680126]\n- [kernel] proc: protect mm start_code/end_code in /proc/pid/stat (Eugene Teo) [684572 684573] {CVE-2011-0726}\n- [net] dccp oops (Eugene Teo) [682957 682958] {CVE-2011-1093}\n- [firmware] dcdbas: force SMI to happen when expected (Shyam Iyer) [683440 664832]\n- [security] ima: fix add LSM rule bug (Eric Paris) [667914 667915] {CVE-2011-0006}\n- [sound] caiaq: Fix possible string buffer overflow (Jaroslav Kysela) [678475 678476] {CVE-2011-0712}\n- [net] ixgbe: add option to control interrupt mode (Andy Gospodarek) [670114 670110 622640 637332]\n[2.6.32-71.25.1.el6]\n- [net] bridge: do not learn from exact matches (Jiri Pirko) [691777 623199]", "edition": 4, "modified": "2011-05-10T00:00:00", "published": "2011-05-10T00:00:00", "id": "ELSA-2011-0498", "href": "http://linux.oracle.com/errata/ELSA-2011-0498.html", "title": "kernel security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:38:45", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3881", "CVE-2011-1494", "CVE-2011-1573", "CVE-2010-4251", "CVE-2011-1023", "CVE-2011-1581", "CVE-2010-4805", "CVE-2011-1495", "CVE-2011-1163", "CVE-2011-1013", "CVE-2010-4250", "CVE-2011-0999", "CVE-2011-1010", "CVE-2011-1016", "CVE-2011-1170", "CVE-2011-1172", "CVE-2011-1171", "CVE-2011-1082", "CVE-2011-1090", "CVE-2010-3079", "CVE-2010-4565", "CVE-2011-1080"], "description": "[2.6.32-131.0.15.el6]\n- [build] disable Werr for external modules (Aristeu Rozanski) [703504]\n[2.6.32-131.0.14.el6]\n- [scsi] hpsa: fix reading a write only register causes a hang (Rob Evers) [703262]\n- [scsi] mpt2sas: remove the use of writeq, since writeq is not atomic (Tomas Henzl) [701947]\n[2.6.32-131.0.13.el6]\n- [scsi] hpsa: fix lost command problem (Tomas Henzl) [700430]\n- [scsi] cciss: fix lost command problem (Tomas Henzl) [700430]\n- [scsi] ibft: fix oops during boot (Mike Christie) [698737]\n[2.6.32-131.0.12.el6]\n- [scsi] beiscsi: update version (Mike Christie) [674340]\n- [scsi] be2iscsi: fix chip cleanup (Mike Christie) [674340]\n- [scsi] be2iscsi: fix boot hang due to interrupts not getting rearmed (Mike Christie) [674340]\n- [scsi] bnx2fc: fix regression due to incorrect setup of em for npiv port (Mike Christie) [700672]\n- [ppc] pseries: Use a kmem cache for DTL buffers (Steve Best) [695678]\n[2.6.32-131.0.11.el6]\n- [kdump] revert commit 8f4ec27fc to keep crashkernel=auto (Amerigo Wang) [605786]\n[2.6.32-131.0.10.el6]\n- [netdrv] cnic: fix hang due to rtnl_lock (Mike Christie) [694874]\n- [netdrv] firmware: re-add the recently deleted bnx2x fw 6.2.5.0 (Michal Schmidt) [690470]\n- [netdrv] firmware/bnx2x: add 6.2.9.0 fw, remove unused fw (Michal Schmidt) [690470]\n- [netdrv] bnx2x, cnic: Disable iSCSI if DCBX negotiation is successful (Michal Schmidt) [690470]\n- [netdrv] bnx2x: don't write dcb/llfc fields in STORM memory (Michal Schmidt) [690470]\n- [netdrv] bnx2x: Update firmware to 6.2.9 (Michal Schmidt) [690470]\n[2.6.32-131.0.9.el6]\n- [net] limit socket backlog add operation to prevent possible DoS (Jiri Pirko) [694396] {CVE-2010-4251}\n- [scsi] mpt2sas: prevent heap overflows and unchecked (Tomas Henzl) [694023] {CVE-2011-1494 CVE-2011-1495}\n- [fs] epoll: prevent creating circular epoll structures (Don Howard) [681683] {CVE-2011-1082}\n- [mm] Prevent page_fault at do_mm_track_pte+0xc when Stratus dirty page tracking is active (Larry Woodman) [693786]\n- [fs] GFS2 causes kernel panic in spectator mode (Steven Whitehouse) [696535]\n- [net] bonding: interface doesn't issue IGMP report on slave interface during failover (Flavio Leitner) [640690]\n- [scsi] isci: validate oem parameters early, and fallback (David Milburn) [698016]\n- [scsi] isci: fix oem parameter header definition (David Milburn) [698016]\n[2.6.32-131.0.8.el6]\n- [scsi] mark bfa fc adapters tech preview (Rob Evers) [698384]\n- [virt] Revert pdpte registers are not flushed when PGD entry is changed in x86 PAE mode (Aristeu Rozanski) [691310]\n- [i686] nmi watchdog: Enable panic on hardlockup (Don Zickus) [677532]\n- [netdrv] Adding Chelsio Firmware for cxgb4 (Neil Horman) [691929]\n[2.6.32-131.0.7.el6]\n- [virt] x86: better fix for race between nmi injection and enabling nmi window (Aristeu Rozanski)\n- [virt] x86: revert 'fix race between nmi injection and enabling nmi window' (Aristeu Rozanski)\n[2.6.32-131.0.6.el6]\n- [net] bonding: fix jiffy comparison issues (Andy Gospodarek) [696337]\n[2.6.32-131.0.5.el6]\n- [kernel] perf: add script command help (Jiri Olsa) [693050]\n- [drm] radeon/kms: make radeon i2c put/get bytes less noisy (Frank Arnold) [693829]\n- [drm] radeon/kms: fix hardcoded EDID handling (Frank Arnold) [693829]\n- [x86] Revert '[x86] perf: P4 PMU - Fix unflagged overflows handling' (Don Zickus) [688547]\n- [x86] perf: let everyone share counters on a P4 machine (Don Zickus) [688547]\n- [fs] nfs: Ensure that NFS4 acl requests don't use slab in skb fraglist (Neil Horman) [682645] {CVE-2011-1090}\n- [fs] partitions: Validate map_count in Mac partition tables (Danny Feng) [679286] {CVE-2011-1010}\n[2.6.32-131.0.4.el6]\n- [scsi] ibft: search for broadcom specific ibft sign (Mike Christie) [696275]\n- [fs] Fix corrupted OSF partition table parsing (Danny Feng) [688025] {CVE-2011-1163}\n- [netdrv] ixgbe: DCB, X540 devices do not respond to pause frames (Andy Gospodarek) [694930]\n- [netdrv] ixgbe: DCB, misallocated packet buffer size with X540 device (Andy Gospodarek) [694930]\n- [netdrv] ixgbe: refactor common start_hw code for 82599 and x54 (Andy Gospodarek) [694930]\n- [netdrv] ixgbe: balance free_irq calls with request_irq calls (Andy Gospodarek) [692988]\n[2.6.32-131.0.3.el6]\n- [net] sctp: fix the INIT/INIT-ACK chunk length calculation (Thomas Graf) [690743] {CVE-2011-1573}\n- [kernel] sched: Fix granularity of task_u/stime() (Jerome Marchand) [690998]\n- [pci] Call PCIe _OSC methods earlier (Matthew Garrett) [693974]\n- [fs] nfs: use unstable writes for groups of small DIO writes (Jeff Layton) [694309]\n- [net] CAN: Use inode instead of kernel address for /proc file (Danny Feng) [664561] {CVE-2010-4565}\n- [x86] mce: reject CEs on Westmere EX MCE bank 6 (Prarit Bhargava) [694891]\n- [scsi] libfcoe: Incorrect CVL handling for NPIV ports (Mike Christie) [694906]\n- [x86] perf: Complain louder about BIOSen corrupting CPU/PMU state and continue (Don Zickus) [694913]\n- [fs] inotify: fix double free/corruption of stuct user (Eric Paris) [656832] {CVE-2010-4250}\n- [netdrv] netxen: limit skb frags for non tso packet (Chad Dupuis) [695478]\n- [fs] nfsd4: fix oops on lock failure (J. Bruce Fields) [696376]\n- [netdrv] Return bnx2 firmware files to Makefile (John Feeney) [696365]\n- [scsi] be2iscsi: fix be2iscsi rmmod (Mike Christie) [695585]\n- [netdrv] qlcnic: limit skb frags for non tso packet (Bob Picco) [695488]\n- [md] Cleanup after raid45->raid0 takeover (Dean Nelson) [694106]\n- [md] revert 'Cleanup after raid45->raid0 takeover patch' (Dean Nelson) [694106]\n- [net] bonding: fix incorrect tx queue offset (Andy Gospodarek) [695548] {CVE-2011-1581}\n- [netdrv] igb: for 82576 EEPROMs reporting invalid size default to 16kB (Stefan Assmann) [695751]\n- [pci] return correct value when writing to the 'reset' attribute (Alex Williamson) [690291]\n- [kernel] Initalize call_single_queue during boot to handle left over ipi (Neil Horman) [680478]\n[2.6.32-131.0.2.el6]\n- [virt] x86: better fix for race between nmi injection and enabling nmi window (Marcelo Tosatti) [684719]\n- [virt] x86: revert 'fix race between nmi injection and enabling nmi window' (Marcelo Tosatti) [684719]\n[2.6.32-131.0.1.el6]\n- [mm] pdpte registers are not flushed when PGD entry is changed in x86 PAE mode (Larry Woodman) [691310]\n- [drm] i915: backports from stable to fix some regressions (Dave Airlie) [690865]\n- [fs] svcrpc: complete svsk processing on cb receive failure (J. Bruce Fields) [629030]\n- [ppc] pseries: fix hang caused by missing spin_unlock in dtl_disable (Steve Best) [694327]\n- [ppc] pseries: Disable VPNH feature (Steve Best) [694266]\n- [netdrv] bna: Avoid kernel panic in case of FW heartbeat failure (Ivan Vecera) [694115]\n- [input] wacom: Move the cintiq initialization down (Peter Hutterer) [693573]\n- [input] wacom: specify Cinitq supported tools (Peter Hutterer) [693573]\n- [input] wacom: fix pressure in Cintiq 21UX2 (Peter Hutterer) [693573]\n- [input] wacom: fix serial number handling on Cintiq 21UX2 (Peter Hutterer) [693573]\n- [input] wacom: add Cintiq 21UX2 and Intuos4 WL (Peter Hutterer) [693573]\n- [kernel] spec: strip note and comment from ppc64's vmlinux before checksum is calculated (Aristeu Rozanski) [692515]\n- [scsi] fcoe: have fcoe log off and lport destroy before ndo_fcoe_disable (Mike Christie) [691611]\n- [scsi] libfc: rec tov value and REC_TOV_CONST units usages is incorrect (Mike Christie) [691611]\n- [scsi] libfcoe: fix wrong comment in fcoe_transport_detach (Mike Christie) [691611]\n- [scsi] libfcoe: clean up netdev mapping properly when the transport goes away (Mike Christie) [691611]\n- [scsi] fcoe: remove unnecessary module state check (Mike Christie) [691611]\n- [scsi] fcoe: Remove mutex_trylock/restart_syscall checks (Mike Christie) [691611]\n- [scsi] libfcoe: Remove mutex_trylock/restart_syscall checks (Mike Christie) [691611]\n- [scsi] fcoe: correct checking for bonding (Mike Christie) [691611]\n- [scsi] fcoe: fix broken fcoe interface reset (Mike Christie) [691611]\n- [scsi] fcoe: precedence bug in fcoe_filter_frames() (Mike Christie) [691611]\n- [scsi] libfcoe: Move FCOE_MTU definition from fcoe.h to libfcoe.h (Mike Christie) [691611]\n- [scsi] libfc: remove duplicate ema_list init (Mike Christie) [691611]\n- [scsi] fcoe, libfc: initialize EM anchors list and then update npiv EMs (Mike Christie) [691611]\n- [scsi] libfc: Fixing a memory leak when destroying an interface (Mike Christie) [691611]\n- [scsi] fc: Add GSPN_ID request to header file (Mike Christie) [691611]\n- [scsi] hpsa: fix pci_device_id table (Tomas Henzl) [684997]\n- [netdrv] ixgbe: only enable WoL for magic packet by default (Andy Gospodarek) [632598]\n- [mm] zram: disable zram on ppc64 (Jerome Marchand) [661293]\n- [mm] zram: update config file (Jerome Marchand) [661293]\n- [mm] zram: initialize device on first read (Jerome Marchand) [661293]\n- [mm] zram: fix data corruption issue (Jerome Marchand) [661293]\n- [mm] zram: xvmalloc: combine duplicate block delete code (Jerome Marchand) [661293]\n- [mm] zram: Return zero'd pages on new reads (Jerome Marchand) [661293]\n- [mm] zram: xvmalloc: Close 32byte hole on 64bit CPUs (Jerome Marchand) [661293]\n- [mm] zram: xvmalloc: create CONFIG_ZRAM_DEBUG for debug code (Jerome Marchand) [661293]\n- [mm] zram: xvmalloc: free bit block insertion optimization (Jerome Marchand) [661293]\n- [mm] zram: Prevent overflow in logical block size (Jerome Marchand) [661293]\n- [mm] zram: vmalloc: Correct tunings to enable use with 64K pages (Jerome Marchand) [661293]\n- [mm] zram: xvmalloc.c: Fix a typo (Jerome Marchand) [661293]\n- [mm] zram: Fix sparse warning 'Using plain integer as NULL pointer' (Jerome Marchand) [661293]\n[2.6.32-131.el6]\n- [tracing] t_start: reset FTRACE_ITER_HASH in case of seek/pread (Jiri Olsa) [631626] {CVE-2010-3079}\n- [scsi] scsi_dh_rdac: fix for lun_table update for rdac (Rob Evers) [687878]\n- [usb] EHCI: unlink unused QHs when the controller is stopped (Don Zickus) [680987]\n- [fs] Revert '[fs] sunrpc: Use static const char arrays' (Steve Dickson) [690754]\n- [fs] sunrpc: Propagate errors from xs_bind() through xs_create_sock() (Steve Dickson) [689777]\n- [net] netfilter: ipt_CLUSTERIP: fix buffer overflow (Jiri Pirko) [689342]\n- [net] ipv6: netfilter: ip6_tables: fix infoleak to userspace (Jiri Pirko) [689351] {CVE-2011-1172}\n- [net] netfilter: ip_tables: fix infoleak to userspace (Jiri Pirko) [689334] {CVE-2011-1171}\n- [net] netfilter: arp_tables: fix infoleak to userspace (Jiri Pirko) [689325] {CVE-2011-1170}\n- [kernel] remove kernel-debuginfo-common requires from perf-debuginfo (Jason Baron) [682012]\n- [drm] radeon/kms: check AA resolve registers on r300 + regression fix (Dave Airlie) [680002] {CVE-2011-1016}\n- [net] fix ebtables stack infoleak (Eugene Teo) [681323] {CVE-2011-1080}\n- [drm] fix unsigned vs signed comparison issue in modeset ctl ioctl (Don Howard) [679928] {CVE-2011-1013}\n- [fs] svcrpc: take advantage of tcp autotuning (J. Bruce Fields) [629030]\n- [fs] SUNRPC: Don't wait for full record to receive tcp data (J. Bruce Fields) [629030]\n- [net] svcrpc: copy cb reply instead of pages (J. Bruce Fields) [629030]\n- [fs] svcrpc: close connection if client sends short packet (J. Bruce Fields) [629030]\n- [fs] svcrpc: note network-order types in svc_process_calldir (J. Bruce Fields) [629030]\n- [fs] SUNRPC: svc_tcp_recvfrom cleanup (J. Bruce Fields) [629030]\n- [fs] SUNRPC: requeue tcp socket less frequently (J. Bruce Fields) [629030]\n- [fs] rpc: move sk_bc_xprt to svc_xprt (J. Bruce Fields) [629030]\n- [acpi] ACPICA: Truncate I/O addresses to 16 bits for Windows compatibility (Frank Arnold) [593766]\n[2.6.32-130.el6]\n- [kernel] kcore: restrict access to the whole memory (Amerigo Wang) [663864]\n- [scsi] libsas: flush initial device discovery before completing ->scan_finished (David Milburn) [682265]\n- [md] Cleanup after raid45->raid0 takeover (Doug Ledford) [688725]\n- [md] partition detection when array becomes active (Doug Ledford) [688725]\n- [md] avoid spinlock problem in blk_throtl_exit (Doug Ledford) [679096 688725]\n- [md] correctly handle probe of an 'mdp' device (Doug Ledford) [688725]\n- [md] don't set_capacity before array is active (Doug Ledford) [688725]\n- [md] Fix raid1->raid0 takeover (Doug Ledford) [688725]\n- [md] process hangs at wait_barrier after 0->10 takeover (Doug Ledford) [688725]\n- [md] md_make_request: don't touch the bio after calling make_request (Doug Ledford) [688725]\n- [md] Don't allow slot_store while resync/recovery is happening (Doug Ledford) [688725]\n- [md] don't clear curr_resync_completed at end of resync (Doug Ledford) [688725]\n- [md] Don't use remove_and_add_spares to remove failed devices from a read-only array (Doug Ledford) [688725]\n- [md] Add raid1->raid0 takeover support (Doug Ledford) [688725]\n- [md] Remove the AllReserved flag for component devices (Doug Ledford) [688725]\n- [md] don't abort checking spares as soon as one cannot be added (Doug Ledford) [688725]\n- [md] fix the test for finding spares in raid5_start_reshape (Doug Ledford) [688725]\n- [md] simplify some 'if' conditionals in raid5_start_reshape (Doug Ledford) [688725]\n- [md] revert change to raid_disks on failure (Doug Ledford) [688725]\n- [md] Fix removal of extra drives when converting RAID6 to RAID5 (Doug Ledford) [688725]\n- [md] range check slot number when manually adding a spare (Doug Ledford) [688725]\n- [md] raid5: handle manually-added spares in start_reshape (Doug Ledford) [688725]\n- [md] fix sync_completed reporting for very large drives (>2TB) (Doug Ledford) [688725]\n- [md] allow suspend_lo and suspend_hi to decrease as well as increase (Doug Ledford) [688725]\n- [md] Don't let implementation detail of curr_resync leak out through sysfs (Doug Ledford) [688725]\n- [md] separate meta and data devs (Doug Ledford) [688725]\n- [md] add new param to_sync_page_io() (Doug Ledford) [688725]\n- [md] new param to calc_dev_sboffset (Doug Ledford) [688725]\n- [md] Be more careful about clearing flags bit in ->recovery (Doug Ledford) [688725]\n- [md] md_stop_writes requires mddev_lock (Doug Ledford) [688725]\n- [md] raid5: use sysfs_notify_dirent_safe to avoid NULL pointer (Doug Ledford) [688725]\n- [md] Ensure no IO request to get md device before it is properly initialised (Doug Ledford) [688725]\n- [md] Fix single printks with multiple KERN_\ns (Doug Ledford) [688725]\n- [md] fix regression resulting in delays in clearing bits in a bitmap (Doug Ledford) [688725]\n- [md] fix regression with re-adding devices to arrays with no metadata (Doug Ledford) [688725]\n- [md] pick some changes from commits to match upstream (Doug Ledford) [688725]\n- [md] raid1: add takeover support for raid5->raid1 (Doug Ledford) [688725]\n- [md] pick up some percpu annotations that upstream has (Doug Ledford) [688725]\n- [md] update includes to match upstream (Doug Ledford) [688725]\n- [scsi] isci: fix fragile/conditional isci_host lookups (David Milburn) [691591]\n- [scsi] isci: cleanup isci_remote_device[_not]_ready interface (David Milburn) [691591]\n- [scsi] isci: Qualify when the host lock is managed for STP/SATA callbacks (David Milburn) [691591]\n- [scsi] isci: Fix use of SATA soft reset state machine (David Milburn) [691591]\n- [scsi] isci: Free host lock for SATA/STP abort escalation at submission time (David Milburn) [691591]\n- [scsi] isci: Properly handle requests in the 'aborting' state (David Milburn) [691591]\n- [scsi] isci: Remove 'screaming' data types (David Milburn) [691591]\n- [scsi] isci: remove unused 'remote_device_started' (David Milburn) [691591]\n- [scsi] isci: namespacecheck cleanups (David Milburn) [691591]\n- [scsi] isci: kill some long macros (David Milburn) [691591]\n- [scsi] isci: reorder init to cleanup unneeded declarations (David Milburn) [691591]\n- [scsi] isci: Remove event_* calls as they are just wrappers (David Milburn) [691591]\n- [netdrv] iwlagn: Support new 5000 microcode (Stanislaw Gruszka) [682742]\n- [netdrv] iwlwifi: fix dma mappings and skbs leak (Stanislaw Gruszka) [682726]\n- [netdrv] iwl3945: remove plcp check (Stanislaw Gruszka) [679002]\n- [netdrv] iwlwifi: add {ack,plpc}_check module parameters (Stanislaw Gruszka) [620501]\n- [fs] ext4: Fix ext4_quota_write cross block boundary behaviour (Lukas Czerner) [680105]\n- [fs] quota: Don't write quota info in dquot_commit() (Lukas Czerner) [680105]\n- [netdrv] be2net: Change f/w command versions for Lancer (Ivan Vecera) [685027]\n- [netdrv] be2net: Remove ERR compl workaround for Lancer (Ivan Vecera) [685027]\n- [netdrv] be2net: fix to ignore transparent vlan ids wrongly indicated by NIC (Ivan Vecera) [685027]\n- [netdrv] be2net: pass proper hdr_size while flashing redboot (Ivan Vecera) [685027]\n- [netdrv] be2net: Allow VFs to call be_cmd_reset_function (Ivan Vecera) [685027]\n- [netdrv] be2net: pass domain numbers for pmac_add/del functions (Ivan Vecera) [685027]\n- [netdrv] be2net: Initialize and cleanup sriov resources only if pci_enable_sriov has succeeded (Ivan Vecera) [685027]\n- [netdrv] be2net: Use domain id when be_cmd_if_destroy is called (Ivan Vecera) [685027]\n- [netdrv] be2net: While configuring QOS for VF, pass proper domain id (Ivan Vecera) [685027]\n- [netdrv] benet: Avoid potential null deref in be_cmd_get_seeprom_data() (Ivan Vecera) [685027]\n- [netdrv] benet: fix be_cmd_multicast_set() memcpy bug (Ivan Vecera) [685027]\n- [ppc] kdump: Override crash_free_reserved_phys_range to avoid freeing RTAS (Steve Best) [672983]\n- [kernel] kdump: Allow shrinking of kdump region to be overridden (Steve Best) [672983]\n- [scsi] bnx2fc: Bumped version to 1.0.2 (Mike Christie) [683153]\n- [scsi] bnx2fc: Fix kernel panic when deleting NPIV ports (Mike Christie) [683153]\n- [scsi] bnx2fc: scsi_dma_unmap() not invoked on IO completions (Mike Christie) [683153]\n- [scsi] bnx2fc: host stats show the link speed 'unknown' on NIC partitioned interfaces (Mike Christie) [683153]\n- [scsi] bnx2fc: IO completion not processed due to missed wakeup (Mike Christie) [683153]\n- [scsi] bnx2fc: Bump version to 1.0.1 (Mike Christie) [683153]\n- [scsi] bnx2fc: Remove unnecessary module state checks (Mike Christie) [683153]\n- [scsi] bnx2fc: Fix MTU issue by using static MTU (Mike Christie) [683153]\n- [scsi] bnx2fc: Remove network bonding checking (Mike Christie) [683153]\n- [scsi] bnx2fc: Call bnx2fc_return_rqe and bnx2fc_get_next_rqe with tgt lock held (Mike Christie) [683153]\n- [scsi] bnx2fc: common free list for cleanup commands (Mike Christie) [683153]\n- [scsi] bnx2fc: Remove rtnl_trylock/restart_syscall checks (Mike Christie) [683153]\n- [netdrv] cnic: Fix lost interrupt on bnx2x (Mike Christie) [683153]\n- [netdrv] cnic: Prevent status block race conditions with hardware (Mike Christie) [683153]\n- [kernel] ring-buffer: Use sync sched protection on ring buffer resizing (Jiri Olsa) [676583]\n- [kernel] tracing: avoid soft lockup in trace_pipe (Jiri Olsa) [676583]\n- [kernel] tracing: Fix a race in function profile (Jiri Olsa) [676583]\n- [block] cfq-iosched: Don't update group weights when on service tree (Vivek Goyal) [689551]\n- [block] cfq-iosched: Get rid of on_st flag (Vivek Goyal) [689551]\n- [net] tcp_cubic: fix low utilization of CUBIC with HyStart (Thomas Graf) [616985]\n- [net] tcp_cubic: make the delay threshold of HyStart less sensitive (Thomas Graf) [616985]\n- [net] tcp_cubic: enable high resolution ack time if needed (Thomas Graf) [616985]\n- [net] tcp_cubic: fix clock dependency (Thomas Graf) [616985]\n- [net] tcp_cubic: make ack train delta value a parameter (Thomas Graf) [616985]\n- [net] tcp_cubic: fix comparison of jiffies (Thomas Graf) [616985]\n- [net] tcp: fix RTT for quick packets in congestion control (Thomas Graf) [616985]\n- [fs] fix GFS2 filesystem hang caused by incorrect lock order (Robert S Peterson) [651584]\n- [fs] btrfs: bring us up to date with .38 (Josef Bacik) [684667]\n- [ppc] add dynamic dma window support minor updates (Steve Best) [691952]\n- [ppc] ptrace: Remove BUG_ON when full register set not available (Steve Best) [678099]\n- [ppc] pseries: Disable MSI using new interface if possible (Steve Best) [684961]\n- [ppc] kexec: Fix orphaned offline CPUs across kexec (Steve Best) [682875]\n- [net] ipsec: Disable granular bundles (Herbert Xu) [631833]\n- [scsi] libsas: fix runaway error handler problem (David Milburn) [691527]\n- [scsi] mpt2sas: Added customer specific display support (Tomas Henzl) [684841]\n- [scsi] Add next gen Dell Powervault controller MD36xxf into RDAC device list (Shyam Iyer) [688979]\n- [kernel] perf: Fix task context scheduling (Jiri Olsa) [688065]\n- [drm] nouveau: disable acceleration on NVA3/NVA5/NVA8/NVAF by default (Ben Skeggs) [684816]\n- [kernel] radix: don't tag the root if we didn't tag within our range (Josef Bacik) [681439]\n- [block] blk-throttle: Do not use kblockd workqueue for throtl work (Vivek Goyal) [681360]\n- [sound] ALSA: HDA hdmi related fixes (Jaroslav Kysela) [671501]\n- [pci] Preserve Existing pci sort whitelists for Dell systems (Shyam Iyer) [688954]\n- [x86] perf: Add support for AMD family 15h core counters family 15h core counters (Robert Richter) [635671]\n- [x86] hpwdt: fix section mismatch warning (Prarit Bhargava) [689837]\n- [x86] UV: Correct kABI from upstream (George Beshers) [684957]\n- [x86] When cleaning MTRRs, do not fold WP into UC (Prarit Bhargava) [682758]\n- [virt] xen-blkfront: handle Xen major numbers other than XENVBD (Andrew Jones) [691339]\n- [virt] Fix regression with SMP guests (Zachary Amsden) [681133]\n- [netdrv] enic: update to version 2.1.1.13 (Andy Gospodarek) [684865]\n- [netdrv] igb: full support for i350 devices (Stefan Assmann) [687932]\n- [fs] NFS: Fix a hang/infinite loop in nfs_wb_page() (Steve Dickson) [672305]\n- [fs] nfsd: fix auth_domain reference leak on nlm operations (J. Bruce Fields) [690900]\n- [fs] svcrpc: ensure cache_check caller sees updated entry (J. Bruce Fields) [690900]\n- [fs] svcrpc: take lock on turning entry NEGATIVE in cache_check (J. Bruce Fields) [690900]\n- [fs] svcrpc: modifying valid sunrpc cache entries is racy (J. Bruce Fields) [690900]\n- [fs] sunrpc: extract some common sunrpc_cache code from nfsd (Steve Dickson) [690900]\n- [infiniband] RDMA/cxgb4: Initialization errors can cause crash (Steve Best) [647013]\n- [infiniband] RDMA/cxgb4: Don't change QP state outside EP lock (Steve Best) [647013]\n- [infiniband] RDMA/cxgb4: Remove db_drop_task (Steve Best) [647013]\n- [infiniband] RDMA/cxgb4: Do CIDX_INC updates every 1/16 CQ depth CQE reaps (Steve Best) [647013]\n- [infiniband] RDMA/cxgb4: Dispatch FATAL event on EEH errors (Steve Best) [647013]\n- [infiniband] RDMA/cxgb4: Set the correct device physical function for iwarp connections (Steve Best) [647013]\n- [infiniband] RDMA/cxgb4: limit MAXBURST EQ context field to 256B (Steve Best) [647013]\n- [infiniband] RDMA/cxgb4: Don't re-init wait object in init/fini paths (Steve Best) [647013]\n- [infiniband] RMDA/cxgb4 kfifo changes (Steve Best) [647013]\n- [netdrv] cxgb4 driver update (Neil Horman) [647006]\n- [tracing] Add unstable sched clock note to the warning (Jiri Olsa) [666264]\n- [x86] Reevaluate T-states on CPU hot-add (Matthew Garrett) [673442]\n- [scsi] libsas: fix/amend device gone notification in sas_deform_port (David Milburn) [682315]\n- [kdump] kexec: move the crashkernel=auto logic into kernel spec file (Amerigo Wang) [605786]", "edition": 72, "modified": "2011-05-28T00:00:00", "published": "2011-05-28T00:00:00", "id": "ELSA-2011-0542", "href": "http://linux.oracle.com/errata/ELSA-2011-0542.html", "title": "Oracle Linux 6.1 kernel security, bug fix and enhancement update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:03", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1078", "CVE-2011-1494", "CVE-2011-1166", "CVE-2011-1079", "CVE-2011-1495", "CVE-2011-1163", "CVE-2011-1093", "CVE-2011-1170", "CVE-2011-1172", "CVE-2011-1171", "CVE-2011-0726", "CVE-2011-1763", "CVE-2011-1080", "CVE-2011-1577"], "description": "[2.6.18-238.12.1.0.1.el5]\n- [scsi] fix scsi hotplug and rescan race [orabug 10260172]\n- fix filp_close() race (Joe Jin) [orabug 10335998]\n- fix missing aio_complete() in end_io (Joel Becker) [orabug 10365195]\n- make xenkbd.abs_pointer=1 by default [orabug 67188919]\n- [xen] check to see if hypervisor supports memory reservation change\n (Chuck Anderson) [orabug 7556514]\n- [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki)\n [orabug 10315433]\n- [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258]\n- [mm] shrink_zone patch (John Sobecki,Chris Mason) [orabug 6086839]\n- fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042]\n- [rds] Patch rds to 1.4.2-20 (Andy Grover) [orabug 9471572, 9344105]\n RDS: Fix BUG_ONs to not fire when in a tasklet\n ipoib: Fix lockup of the tx queue\n RDS: Do not call set_page_dirty() with irqs off (Sherman Pun)\n RDS: Properly unmap when getting a remote access error (Tina Yang)\n RDS: Fix locking in rds_send_drop_to()\n- [qla] fix qla not to query hccr (Guru Anbalagane) [Orabug 8746702]\n- [nfs] too many getattr and access calls after direct I/O [orabug 9348191]\n- [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson)\n [orabug 9107465]\n- [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson)\n [orabug 9764220]\n- Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615]\n- fix overcommit memory to use percpu_counter for el5 (KOSAKI Motohiro,\n Guru Anbalagane) [orabug 6124033]\n- [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208]\n- [ib] fix memory corruption (Andy Grover) [orabug 9972346]\n- [aio] patch removes limit on number of retries (Srinivas Eeda) [orabug 10044782]\n- [loop] Do not call loop_unplug for not configured loop device (orabug 10314497)\n[2.6.18-238.12.1.el5]\n- [x86_64] Ignore spurious IPIs left over from crash kernel (Myron Stowe) [699610 692921]\n- [i386] Ignore spurious IPIs left over from crash kernel (Myron Stowe) [699610 692921]\n- [xen] fix MAX_EVTCHNS definition (Laszlo Ersek) [701242 701240]\n- [net] ixgbe: fix for link failure on SFP+ DA cables (Don Howard) [696181 653236]\n- [net] netxen: limit skb frags for non tso packet (Phillip Lougher) [699609 672368]\n- [block] cciss: fix lost command problem (Phillip Lougher) [696503 696153]\n- [fs] gfs2: fix filesystem hang caused by incorrect lock order (Robert S Peterson) [688855 656032]\n- [fs] gfs2: restructure reclaim of unlinked dinodes (Phillip Lougher) [688855 656032]\n- [fs] gfs2: unlock on gfs2_trans_begin error (Robert S Peterson) [688855 656032]\n- [scsi] mpt2sas: prevent heap overflows and unchecked access (Tomas Henzl) [694526 694527] {CVE-2011-1495 CVE-2011-1494}\n- [net] bridge/netfilter: fix ebtables information leak (Don Howard) [681325 681326] {CVE-2011-1080}\n- [net] bluetooth: fix sco information leak to userspace (Don Howard) [681310 681311] {CVE-2011-1078}\n- [fs] fix corrupted GUID partition table kernel oops (Jerome Marchand) [695979 695980] {CVE-2011-1577}\n- [xen] x86/domain: fix error checks in arch_set_info_guest (Laszlo Ersek) [688581 688582] {CVE-2011-1166}\n- [net] bridge: fix initial packet flood if !STP (Jiri Pirko) [701222 695369]\n- [fs] nfsd: fix auth_domain reference leak on nlm operations (J. Bruce Fields) [697448 589512]\n- [scsi] qla2xxx: no reset/fw-dump on CT/ELS pt req timeout (Chad Dupuis) [689700 660386]\n- [mm] set barrier and send tlb flush to all affected cpus (Prarit Bhargava) [696908 675793]\n[2.6.18-238.11.1.el5]\n- [s390] dasd: fix race between open and offline (Hendrik Brueckner) [699808 695357]\n[2.6.18-238.10.1.el5]\n- [fs] gfs2: creating large files suddenly slow to a crawl (Robert S Peterson) [690239 683155]\n- [virt] hypervisor: Overflow fix for clocks > 4GHz (Zachary Amsden) [690134 673242]\n- [usb] fix usbfs isochronous data transfer regression (Don Zickus) [696136 688926]\n- [fs] partitions: Fix corrupted OSF partition table parsing (Danny Feng) [688022 688023] {CVE-2011-1163}\n- [misc] pm: add comment explaining is_registered kabi work-around (Don Zickus) [689699 637930]\n- [media] sn9c102: fix world-wirtable sysfs files (Don Howard) [679304 679305]\n- [scsi] scsi_dh_rdac: Add two new IBM devices to rdac_dev_list (Rob Evers) [692370 691460]\n- [fs] block: fix submit_bh discarding barrier flag on sync write (Lukas Czerner) [690795 667673]\n- [net] netfilter/ipt_CLUSTERIP: fix buffer overflow (Jiri Pirko) [689339 689340]\n- [net] netfilter: ip6_tables: fix infoleak to userspace (Jiri Pirko) [689348 689349] {CVE-2011-1172}\n- [net] netfilter/ip_tables: fix infoleak to userspace (Jiri Pirko) [689331 689332] {CVE-2011-1171}\n- [net] netfilter/arp_tables: fix infoleak to userspace (Jiri Pirko) [689322 689323] {CVE-2011-1170}\n- [base] Fix potential deadlock in driver core (Don Zickus) [689699 637930]\n- [net] forcedeth/r8169: call netif_carrier_off at end of probe (Ivan Vecera) [689808 689805 664705 664707]\n- [net] ixgbe: fix for 82599 erratum on Header Splitting (Andy Gospodarek) [693751 680531]\n- [net] ixgbe: limit VF access to network traffic (Andy Gospodarek) [693751 680531]\n- [fs] lockd: make lockd_down wait for lockd to come down (Jeff Layton) [688156 653286]\n- [fs] proc: protect mm start_/end_code in /proc/pid/stat (Eugene Teo) [684570 684571] {CVE-2011-0726}\n- [net] dccp: fix oops in dccp_rcv_state_process (Eugene Teo) [682955 682956] {CVE-2011-1093}\n- [net] bluetooth: fix bnep buffer overflow (Don Howard) [681318 681319] {CVE-2011-1079}\n- [fs] nfs: break nfsd v4 lease on unlink, link, and rename (J. Bruce Fields) [693755 610093]\n- [fs] nfs: break lease on nfsd v4 setattr (J. Bruce Fields) [693755 610093]", "edition": 4, "modified": "2011-05-31T00:00:00", "published": "2011-05-31T00:00:00", "id": "ELSA-2011-0833", "href": "http://linux.oracle.com/errata/ELSA-2011-0833.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:39:19", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1746", "CVE-2011-0695", "CVE-2010-4649", "CVE-2011-1776", "CVE-2011-1576", "CVE-2011-1573", "CVE-2011-2492", "CVE-2011-1780", "CVE-2011-0711", "CVE-2011-2022", "CVE-2011-1044", "CVE-2011-1593", "CVE-2011-1936", "CVE-2011-2213", "CVE-2011-1745", "CVE-2011-1182"], "description": "[2.6.18-238.19.1.0.1.el5]\n- [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason)\n [orabug 12342275]\n- [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346]\n- [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566]\n- bonding: reread information about speed and duplex when interface goes up (John Haxby) [orabug 11890822]\n- [scsi] fix scsi hotplug and rescan race [orabug 10260172]\n- fix filp_close() race (Joe Jin) [orabug 10335998]\n- fix missing aio_complete() in end_io (Joel Becker) [orabug 10365195]\n- make xenkbd.abs_pointer=1 by default [orabug 67188919]\n- [xen] check to see if hypervisor supports memory reservation change\n (Chuck Anderson) [orabug 7556514]\n- [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki)\n [orabug 10315433]\n- [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258]\n- [mm] shrink_zone patch (John Sobecki,Chris Mason) [orabug 6086839]\n- fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042]\n- [rds] Patch rds to 1.4.2-20 (Andy Grover) [orabug 9471572, 9344105]\n RDS: Fix BUG_ONs to not fire when in a tasklet\n ipoib: Fix lockup of the tx queue\n RDS: Do not call set_page_dirty() with irqs off (Sherman Pun)\n RDS: Properly unmap when getting a remote access error (Tina Yang)\n RDS: Fix locking in rds_send_drop_to()\n- [qla] fix qla not to query hccr (Guru Anbalagane) [Orabug 8746702]\n- [nfs] too many getattr and access calls after direct I/O [orabug 9348191]\n- [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson)\n [orabug 9107465]\n- [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson)\n [orabug 9764220]\n- Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615]\n- fix overcommit memory to use percpu_counter for el5 (KOSAKI Motohiro,\n Guru Anbalagane) [orabug 6124033]\n- [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208]\n- [ib] fix memory corruption (Andy Grover) [orabug 9972346]\n- [aio] patch removes limit on number of retries (Srinivas Eeda) [orabug 10044782]\n- [loop] Do not call loop_unplug for not configured loop device (orabug 10314497)\n[2.6.18-238.19.1.el5]\n- Revert: [xen] hvm: svm support cleanups (Andrew Jones) [703715 702657] {CVE-2011-1780}\n- Revert: [xen] hvm: secure svm_cr_access (Andrew Jones) [703715 702657] {CVE-2011-1780}\n- Revert: [xen] let __get_instruction_length always read into own buffer (Paolo Bonzini) [719066 717742]\n- Revert: [xen] remove unused argument to __get_instruction_length (Phillip Lougher) [719066 717742]\n- Revert: [xen] prep __get_instruction_length_from_list for partial buffers (Paolo Bonzini) [719066 717742]\n- Revert: [xen] disregard trailing bytes in an invalid page (Paolo Bonzini) [719066 717742]\n[2.6.18-238.18.1.el5]\n- [xen] disregard trailing bytes in an invalid page (Paolo Bonzini) [719066 717742]\n- [xen] prep __get_instruction_length_from_list for partial buffers (Paolo Bonzini) [719066 717742]\n- [xen] remove unused argument to __get_instruction_length (Phillip Lougher) [719066 717742]\n- [xen] let __get_instruction_length always read into own buffer (Paolo Bonzini) [719066 717742]\n[2.6.18-238.17.1.el5]\n- [net] bluetooth: l2cap and rfcomm: fix info leak to userspace (Thomas Graf) [703020 703021] {CVE-2011-2492}\n- [net] inet_diag: fix inet_diag_bc_audit data validation (Thomas Graf) [714538 714539] {CVE-2011-2213}\n- [misc] signal: fix kill signal spoofing issue (Oleg Nesterov) [690030 690031] {CVE-2011-1182}\n- [fs] proc: fix signedness issue in next_pidmap (Oleg Nesterov) [697826 697827] {CVE-2011-1593}\n- [char] agp: fix OOM and buffer overflow (Jerome Marchand) [699009 699010] {CVE-2011-1746}\n- [char] agp: fix arbitrary kernel memory writes (Jerome Marchand) [699005 699006] {CVE-2011-2022 CVE-2011-1745}\n- [infiniband] core: Handle large number of entries in poll CQ (Jay Fenlason) [668370 668371] {CVE-2011-1044 CVE-2010-4649}\n- [infiniband] core: fix panic in ib_cm:cm_work_handler (Jay Fenlason) [679995 679996] {CVE-2011-0695}\n- [fs] validate size of EFI GUID partition entries (Anton Arapov) [703027 703028] {CVE-2011-1776}\n[2.6.18-238.16.1.el5]\n- [xen] hvm: secure vmx cpuid (Andrew Jones) [706324 706323] {CVE-2011-1936}\n- [xen] hvm: secure svm_cr_access (Andrew Jones) [703715 702657] {CVE-2011-1780}\n- [xen] hvm: svm support cleanups (Andrew Jones) [703715 702657] {CVE-2011-1780}\n[2.6.18-238.15.1.el5]\n- [block] cciss: reading a write only register causes a hang (Phillip Lougher) [713948 696153]\n- [fs] gfs2: fix resource group bitmap corruption (Robert S Peterson) [711519 690555]\n- [net] sctp: fix calc of INIT/INIT-ACK chunk length to set (Thomas Graf) [695384 695385] {CVE-2011-1573}\n- [fs] xfs: prevent leaking uninit stack memory in FSGEOMETRY_V1 p2 (Phillip Lougher) [677265 677266] {CVE-2011-0711}\n- [fs] xfs: prevent leaking uninit stack memory in FSGEOMETRY_V1 (Phillip Lougher) [677265 677266] {CVE-2011-0711}\n- [net] core: Fix memory leak/corruption on VLAN GRO_DROP (Herbert Xu) [695174 691565] {CVE-2011-1576}\n- [pci] SRIOV: release VF BAR resources when device is hot unplug (Don Dutile) [707899 698879]\n- [scsi] iscsi_tcp: fix iscsi's sk_user_data access (Mike Christie) [703056 677703]\n- [message] mptfusion: add ioc_reset_in_progress reset in SoftReset (Tomas Henzl) [712034 662160]\n[2.6.18-238.14.1.el5]\n- [input] evdev: implement proper locking (Marc Milgram) [710426 680561]\n- [input] evdev: rename list to client in handlers (Marc Milgram) [710426 680561]\n[2.6.18-238.13.1.el5]\n- [fs] gfs2: fix processes waiting on already-available inode glock (Phillip Lougher) [709767 694669]", "edition": 4, "modified": "2011-07-18T00:00:00", "published": "2011-07-18T00:00:00", "id": "ELSA-2011-0927", "href": "http://linux.oracle.com/errata/ELSA-2011-0927.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:18", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0521", "CVE-2010-4346", "CVE-2011-1746", "CVE-2011-0695", "CVE-2011-1078", "CVE-2011-1494", "CVE-2010-4649", "CVE-2011-1776", "CVE-2011-1576", "CVE-2011-1573", "CVE-2010-4251", "CVE-2011-1780", "CVE-2010-4526", "CVE-2011-1166", "CVE-2011-0711", "CVE-2011-0710", "CVE-2011-2022", "CVE-2011-1079", "CVE-2011-1044", "CVE-2011-1495", "CVE-2010-4249", "CVE-2011-1093", "CVE-2011-1010", "CVE-2011-1593", "CVE-2011-1170", "CVE-2011-1936", "CVE-2011-1172", "CVE-2011-1171", "CVE-2011-2213", "CVE-2011-2689", "CVE-2011-0726", "CVE-2011-1745", "CVE-2011-1182", "CVE-2011-1090", "CVE-2011-1763", "CVE-2011-2525", "CVE-2011-1080", "CVE-2010-4655", "CVE-2011-1577"], "description": "[2.6.18-274.el5]\n- [xen] svm: fix invlpg emulator regression (Paolo Bonzini) [719894]\n[2.6.18-273.el5]\n- Revert: [fs] proc: Fix rmmod/read/write races in /proc entries (Jarod Wilson) [717068]\n- [xen] disregard trailing bytes in an invalid page (Paolo Bonzini) [717742]\n- [xen] prep __get_instruction_length_from_list for partial buffers (Paolo Bonzini) [717742]\n- [xen] remove unused argument to __get_instruction_length (Paolo Bonzini) [717742]\n- [xen] let __get_instruction_length always read into own buffer (Paolo Bonzini) [717742]\n[2.6.18-272.el5]\n- [xen] x86: spinlock support for up to 255 CPUs (Laszlo Ersek) [713123]\n- [xen] remove block scope mtrr identifiers shadowing file scope (Laszlo Ersek) [713123]\n- [xen] Actually hold back MTRR init while booting secondary CPUs (Laszlo Ersek) [713123]\n- [xen] remove unused mtrr_bp_restore (Laszlo Ersek) [713123]\n- [xen] x86: Fix crash on amd iommu systems (Igor Mammedov) [714275]\n[2.6.18-271.el5]\n- [net] igmp: ip_mc_clear_src only when we no users of ip_mc_list (Veaceslav Falico) [707179]\n- [scsi] cxgb3i: fix programing of dma page sizes (Neil Horman) [710498]\n- [xen] hvm: secure vmx cpuid (Andrew Jones) [706325] {CVE-2011-1936}\n- [xen] hvm: secure svm_cr_access (Andrew Jones) [703716] {CVE-2011-1780}\n- [xen] hvm: svm support cleanups (Andrew Jones) [703716] {CVE-2011-1780}\n[2.6.18-270.el5]\n- [fs] proc: fix compile warning in pdeaux addition (Jarod Wilson) [675781]\n- [net] bluetooth: l2cap and rfcomm: fix info leak to userspace (Thomas Graf) [703021]\n- [net] inet_diag: fix inet_diag_bc_audit data validation (Thomas Graf) [714539] {CVE-2011-2213}\n- [misc] signal: fix kill signal spoofing issue (Oleg Nesterov) [690031] {CVE-2011-1182}\n- [fs] proc: fix signedness issue in next_pidmap (Oleg Nesterov) [697827] {CVE-2011-1593}\n- [char] agp: fix OOM and buffer overflow (Jerome Marchand) [699010] {CVE-2011-1746}\n- [char] agp: fix arbitrary kernel memory writes (Jerome Marchand) [699006] {CVE-2011-1745 CVE-2011-2022}\n- [net] be2net: fix queue creation order and pci error recovery (Ivan Vecera) [711653]\n- [infiniband] core: Handle large number of entries in poll CQ (Jay Fenlason) [668371] {CVE-2010-4649 CVE-2011-1044}\n- [infiniband] core: fix panic in ib_cm:cm_work_handler (Jay Fenlason) [679996] {CVE-2011-0695}\n- [fs] validate size of EFI GUID partition entries (Anton Arapov) [703026] {CVE-2011-1776}\n[2.6.18-269.el5]\n- [mm] only throttle page dirtying for specially marked BDIs (Jeff Layton) [711450]\n- Revert: [base] Fix potential deadlock in driver core (Don Zickus) [703084]\n- [fs] proc: Fix rmmod/read/write races in /proc entries (David Howells) [675781]\n- [scsi] qla4xxx: Update driver version to V5.02.04.01.05.07-d0 (Chad Dupuis) [704153]\n- [scsi] qla4xxx: clear SCSI COMPLETION INTR bit during F/W init (Chad Dupuis) [704153]\n- [usb] wacom: add support for DTU-2231 (Aristeu Rozanski) [683549]\n- [xen] fix MAX_EVTCHNS definition (Laszlo Ersek) [701243] {CVE-2011-1763}\n[2.6.18-268.el5]\n- [net] sctp: fix calc of INIT/INIT-ACK chunk length to set (Thomas Graf) [695385] {CVE-2011-1573}\n- [scsi] ibmvfc: Fix Virtual I/O failover hang (Steve Best) [710477]\n- [kernel] irq: Note and disable spurious interrupts on kexec (Prarit Bhargava) [611407]\n- [net] bnx2x: Update firmware to 6.2.9 (Michal Schmidt) [711079]\n- [net] bnx2x: Update bnx2x_firmware.h to version 6.2.9 (Michal Schmidt) [711079]\n- [net] xt_hashlimit: fix race between htable_destroy and htable_gc (Jiri Pirko) [705905]\n- [fs] cifs: clear write bits if ATTR_READONLY is set (Justin Payne) [700263]\n- [net] bna: clear some statistics before filling them (Ivan Vecera) [711990]\n- [net] ixgbe: Disable RSC by default (Herbert Xu) [703416]\n- [scsi] isci: fix scattergather list handling for smp commands (David Milburn) [710584]\n- [net] netconsole: prevent setup netconsole on a slave device (Amerigo Wang) [698873]\n[2.6.18-267.el5]\n- [fs] xfs: prevent leaking uninit stack memory in FSGEOMETRY_V1 p2 (Phillip Lougher) [677266] {CVE-2011-0711}\n- [fs] xfs: prevent leaking uninit stack memory in FSGEOMETRY_V1 (Phillip Lougher) [677266] {CVE-2011-0711}\n- [net] core: Fix memory leak/corruption on VLAN GRO_DROP (Herbert Xu) [691565] {CVE-2011-1576}\n[2.6.18-266.el5]\n- [scsi] megaraid: update to driver version 5.38-rh1 (Tomas Henzl) [706244]\n- [block] cciss: fix mapping of config table (Tomas Henzl) [695493]\n- [block] cciss: fix dev_info null pointer deref after freeing h (Tomas Henzl) [695493]\n- [block] cciss: do not call request_irq with spinlocks held (Tomas Henzl) [695493]\n- [block] cciss: prototype cciss_sent_reset to fix error (Tomas Henzl) [695493]\n- [block] cciss: mark functions as dev_init to clean up warnings (Tomas Henzl) [695493]\n- [block] cciss: timeout if soft reset fails (Tomas Henzl) [695493]\n- [block] cciss: use cmd_alloc for kdump (Tomas Henzl) [695493]\n- [block] cciss: Use cciss not hpsa in init_driver_version (Tomas Henzl) [695493]\n- [block] cciss: reduce stack usage a reset verifying code (Tomas Henzl) [695493]\n- [block] cciss: do not store pci state on stack (Tomas Henzl) [695493]\n- [block] cciss: no PCI power management reset method if known bad (Tomas Henzl) [695493]\n- [block] cciss: increase timeouts for post-reset no-ops (Tomas Henzl) [695493]\n- [block] cciss: remove superfluous sleeps around reset code (Tomas Henzl) [695493]\n- [block] cciss: do soft reset if hard reset is broken (Tomas Henzl) [695493]\n- [block] cciss: flush writes in interrupt mask setting code (Tomas Henzl) [695493]\n- [block] cciss: clarify messages around reset behavior (Tomas Henzl) [695493]\n- [block] cciss: increase time to wait for board reset to start (Tomas Henzl) [695493]\n- [block] cciss: get rid of message related magic numbers (Tomas Henzl) [695493]\n- [block] cciss: factor out irq request code (Tomas Henzl) [695493]\n- [block] cciss: factor out scatterlist allocation functions (Tomas Henzl) [695493]\n- [block] cciss: factor out command pool allocation functions (Tomas Henzl) [695493]\n- [block] cciss: Define print_cmd even without tape support (Tomas Henzl) [695493]\n- [block] cciss: do not use bit 2 doorbell reset (Tomas Henzl) [695493]\n- [block] cciss: use new doorbell-bit-5 reset method (Tomas Henzl) [695493]\n- [block] cciss: improve controller reset failure detection (Tomas Henzl) [695493]\n- [block] cciss: wait longer after resetting controller (Tomas Henzl) [695493]\n- [infiniband] cxgb4: Use completion objects for event blocking (Steve Best) [708081]\n- [fs] ext4: fix quota deadlock (Eric Sandeen) [702197]\n- [fs] ext3, ext4: update ctime when changing permission by setfacl (Eric Sandeen) [709224]\n- [scsi] bfa: properly reinitialize adapter during kdump (Rob Evers) [710300]\n- [scsi] lpfc: Update for 8.2.0.96.2p release (Rob Evers) [707336]\n- [scsi] lpfc: Fix back to back Flogis sent without logo (Rob Evers) [707336]\n- [scsi] lpfc: Fix not updating wwnn and wwpn after name change (Rob Evers) [707336]\n- [scsi] lpfc: Fix CT command never completing on Big Endian host (Rob Evers) [707336]\n- [scsi] lpfc: Revert fix that introduced a race condition (Rob Evers) [707336]\n- [scsi] lpfc: Fix crash in rpi clean when driver load fails (Rob Evers) [707336]\n- [scsi] lpfc: fix limiting RPI Count to a minimum of 64 (Rob Evers) [707336]\n- [scsi] lpfc: fix overriding CT field for SLI4 IF type 2 (Rob Evers) [707336]\n- [scsi] lpfc: force retry in queuecommand when port transitioning (Rob Evers) [707336]\n- [scsi] lpfc: Update version for 8.2.0.96.1p release (Rob Evers) [698432]\n- [scsi] lpfc: Fix double byte swap on received RRQ (Rob Evers) [698432]\n- [scsi] lpfc: Fix Vports not sending FDISC after lips (Rob Evers) [698432]\n- [scsi] lpfc: Fix system crash during driver unload (Rob Evers) [698432]\n- [scsi] lpfc: Fix FCFI incorrect on received unsolicited frames (Rob Evers) [698432]\n- [scsi] lpfc: Fix driver sending FLOGI to a disconnected FCF (Rob Evers) [698432]\n- [scsi] lpfc: Fix bug with incorrect BLS Response to BLS Abort (Rob Evers) [698432]\n- [scsi] lpfc: Fix adapter on Powerpc unable to login into Fabric (Rob Evers) [698432]\n- [pci] export msi_desc struct and msi_desc array (Prarit Bhargava) [697666]\n- [net] bonding: prevent deadlock on slave store with alb mode (Neil Horman) [706414]\n- [net] mlx4: Fix dropped promiscuity flag (Michael S. Tsirkin) [592370]\n- [edac] amd64_edac: Fix NULL pointer on Interlagos (Mauro Carvalho Chehab) [705040 709529]\n- [scsi] ses: fix ses_set_fault() to set the fault LED function (James Takahashi) [682351]\n- [redhat] configs: config file changes for SES Enablement (James Takahashi) [682351]\n- [misc] enclosure: return ERR_PTR() on error (James Takahashi) [682351]\n- [misc] enclosure: fix oops while iterating enclosure_status array (James Takahashi) [682351]\n- [scsi] ses: fix VPD inquiry overrun (James Takahashi) [682351]\n- [scsi] ses: Fix timeout (James Takahashi) [682351]\n- [scsi] ses: fix data corruption (James Takahashi) [682351]\n- [scsi] ses: fix memory leaks (James Takahashi) [682351]\n- [scsi] ses: add new Enclosure ULD (James Takahashi) [682351]\n- [misc] enclosure: add support for enclosure services (James Takahashi) [682351]\n- [net] tg3: Include support for Broadcom 5719/5720 (John Feeney) [654956 696182 707299]\n- [misc] module: remove over-zealous check in __module_get() (Jon Masters) [616125]\n- [redhat] kabi: Add pci_ioremap_bar and pci_reset_function to kABI (Jon Masters) [677683]\n- [redhat] kabi: Add dm_put to kABI (Jon Masters) [707003]\n- [redhat] kabi: Add compat_alloc_user_space to kABI (Jon Masters) [703167]\n- [redhat] kabi: Add random32 and srandom32 to kABI (Jon Masters) [668815]\n- [redhat] kabi: Add cancel_work_sync to kABI (Jon Masters) [664991]\n- [net] bna: add r suffix to the driver version (Ivan Vecera) [709951]\n- [net] bna: fix for clean fw re-initialization (Ivan Vecera) [709951]\n- [net] bna: fix memory leak during RX path cleanup (Ivan Vecera) [709951]\n- [net] bridge: Disable multicast snooping by default (Herbert Xu) [506630]\n- [net] bonding: fix block_netpoll_tx imbalance (Andy Gospodarek) [704426]\n- [scsi] qla2xxx: Fix virtual port login failure after chip reset (Chad Dupuis) [703879]\n- [scsi] qla2xxx: fix dsd_list_len for dsd_chaining in cmd type 6 (Chad Dupuis) [703879]\n- [net] force new skbs to allocate a minimum of 16 frags (Amerigo Wang) [694308]\n- [pci] intel-iommu: Flush unmaps at domain_exit (Alex Williamson) [705455]\n- [pci] intel-iommu: Only unlink device domains from iommu (Alex Williamson) [705455]\n[2.6.18-265.el5]\n- [scsi] be2iscsi: Fix MSIX interrupt names (Prarit Bhargava) [704735]\n- [misc] signal: fix SIGPROF keeps large task from completing fork (Oleg Nesterov) [645528]\n- [fs] gfs2: fix processes waiting on already-available inode glock (Robert S Peterson) [694669]\n- Revert: [pci] msi: remove infiniband compat code (Prarit Bhargava) [636260]\n- Revert: [pci] msi: use msi_desc save areas in drivers/pci code (Prarit Bhargava) [636260]\n- Revert: [pci] msi: use msi_desc save areas in msi state functions (Prarit Bhargava) [636260]\n- Revert: [pci] msi: remove pci_save_msi|x_state() functions (Prarit Bhargava) [636260]\n- [s390] mm: diagnose 10 does not release memory above 2GB (Hendrik Brueckner) [701275]\n- [input] evdev: implement proper locking (Marc Milgram) [680561]\n- [input] evdev: rename list to client in handlers (Marc Milgram) [680561]\n- [net] netpoll: disable netpoll when enslave a device (Amerigo Wang) [698873]\n- [net] disable lro on phys device when dev is a vlan (Neil Horman) [696374]\n- [scsi] qla2xxx: Update version number to 8.03.07.03.05.07-k (Chad Dupuis) [686462]\n- [scsi] qla2xxx: Free firmware PCB on logout request (Chad Dupuis) [686462]\n- [scsi] qla2xxx: dump registers for more info about ISP82xx errors (Chad Dupuis) [686462]\n- [scsi] qla2xxx: Updated the reset sequence for ISP82xx (Chad Dupuis) [686462]\n- [scsi] qla2xxx: Update copyright banner (Chad Dupuis) [686462]\n- [scsi] qla2xxx: Perform FCoE context reset before adapter reset (Chad Dupuis) [686462]\n- [scsi] qla2xxx: Limit logs in case device state does not change (Chad Dupuis) [686462]\n- [scsi] qla2xxx: Abort pending commands for faster reset recovery (Chad Dupuis) [686462]\n- [scsi] qla2xxx: Check for match before setting FCP-priority info (Chad Dupuis) [686462]\n- [scsi] qla2xxx: Display PortID info during FCP command-status (Chad Dupuis) [686462]\n[2.6.18-264.el5]\n- [misc] Introduce pci_map_biosrom, kernel-xen variant (David Milburn) [651837]\n[2.6.18-263.el5]\n- [misc] vsyscall: remove code changing syscall instructions to nop (Ulrich Obergfell) [689546]\n- [scsi] mpt2sas: move fault event handling into process context (Tomas Henzl) [705398]\n- [scsi] ibmvscsi: Improve CRQ reset reliability (Steve Best) [704963]\n- [infiniband] cxgb4: Reset wait condition atomically (Steve Best) [703925]\n- [infiniband] cxgb4: fix driver hang on EEH error (Steve Best) [703925]\n- [fs] xfs: serialise unaligned direct IOs (Eric Sandeen) [689830]\n- [fs] ext4: serialize unaligned asynchronous DIO (Eric Sandeen) [689830]\n- [misc] Add printk_timed_ratelimit (Eric Sandeen) [689830]\n- [fs] set stats st_blksize to fs blocksize not page size (Eric Sandeen) [695168]\n- [pci] Disable PCI MSI/X on portable hardware (Prarit Bhargava) [703340]\n- [usb] ehci: Disable disconnect/connect wakeups (Matthew Garrett) [703344]\n- [fs] cifs: fix cifsConvertToUCS for the mapchars case (Jeff Layton) [705324]\n- [fs] nfs: set d_op on newly allocated dentries in nfs_rename (Jeff Layton) [702533]\n- [fs] nfs: Fix build break with CONFIG_NFS_V4=n (Harshula Jayasuriya) [702355]\n- [scsi] isci: enable building driver (David Milburn) [651837]\n- [scsi] libsas: flush initial device discovery before completing (David Milburn) [651837]\n- [scsi] libsas: fix up device gone notification in sas_deform_port (David Milburn) [651837]\n- [scsi] libsas: fix runaway error handler problem (David Milburn) [651837]\n- [scsi] isci: validate oem parameters early, and fallback (David Milburn) [651837]\n- [scsi] isci: fix oem parameter header definition (David Milburn) [651837]\n- [scsi] isci: fix fragile/conditional isci_host lookups (David Milburn) [651837]\n- [scsi] isci: cleanup isci_remote_device[_not]_ready interface (David Milburn) [651837]\n- [scsi] isci: Qualify when lock managed for STP/SATA callbacks (David Milburn) [651837]\n- [scsi] isci: Fix use of SATA soft reset state machine (David Milburn) [651837]\n- [scsi] isci: Free lock for abort escalation at submit time (David Milburn) [651837]\n- [scsi] isci: Properly handle requests in aborting state (David Milburn) [651837]\n- [scsi] isci: Remove screaming data types (David Milburn) [651837]\n- [scsi] isci: remove unused remote_device_started (David Milburn) [651837]\n- [scsi] isci: namespacecheck cleanups (David Milburn) [651837]\n- [scsi] isci: kill some long macros (David Milburn) [651837]\n- [scsi] isci: reorder init to cleanup unneeded declarations (David Milburn) [651837]\n- [scsi] isci: Remove event_* calls as they are just wrappers (David Milburn) [651837]\n- [scsi] isci: fix apc mode definition (David Milburn) [651837]\n- [scsi] isci: Revert task gating change handled by libsas (David Milburn) [651837]\n- [scsi] isci: reset hardware at init (David Milburn) [651837]\n- [scsi] isci: Revert unneeded error path fixes (David Milburn) [651837]\n- [scsi] isci: misc fixes (David Milburn) [651837]\n- [scsi] isci: add firmware support (David Milburn) [651837]\n- [scsi] isci: lldd support (David Milburn) [651837]\n- [scsi] isci: add core common definitions and utility functions (David Milburn) [651837]\n- [scsi] isci: add core base state machine and memory descriptors (David Milburn) [651837]\n- [scsi] isci: add core unsolicited frame handling and registers (David Milburn) [651837]\n- [scsi] isci: add core request support (David Milburn) [651837]\n- [scsi] isci: add core stp support (David Milburn) [651837]\n- [scsi] isci: add core remote node context support (David Milburn) [651837]\n- [scsi] isci: add core remote device support (David Milburn) [651837]\n- [scsi] isci: add core port support (David Milburn) [651837]\n- [scsi] isci: add core phy support (David Milburn) [651837]\n- [scsi] isci: add core controller support (David Milburn) [651837]\n- [scsi] isci: BZ 651837 Introduce pci_map_biosrom() (David Milburn) [651837]\n- [scsi] qla4xxx: update version to V5.02.04.00.05.07-d0 (Chad Dupuis) [660388]\n- [scsi] qla4xxx: set status_srb NULL if sense_len is 0 (Chad Dupuis) [660388]\n- [scsi] qla4xxx: Initialize host fw_ddb_index_map list (Chad Dupuis) [660388]\n- [scsi] qla4xxx: reuse qla4xxx_mailbox_premature_completion (Chad Dupuis) [660388]\n- [scsi] qla4xxx: check for all reset flags (Chad Dupuis) [660388]\n- [scsi] qla4xxx: added new function qla4xxx_relogin_all_devices (Chad Dupuis) [660388]\n- [scsi] qla4xxx: add support for ql4xkeepalive module parameter (Chad Dupuis) [660388]\n- [scsi] qla4xxx: Add support for ql4xmaxqdepth module parameter (Chad Dupuis) [660388]\n- [scsi] qla4xxx: skip core clock so firmware can increase clock (Chad Dupuis) [660388]\n- [scsi] qla4xxx: copy ipv4 opts and address state to host struct (Chad Dupuis) [660388]\n- [scsi] qla4xxx: check AF_FW_RECOVERY flag for 8022 adapter only (Chad Dupuis) [660388]\n- [scsi] qla4xxx: Change hard coded values to macros (Chad Dupuis) [660388]\n- [scsi] qla4xxx: Change hard coded value of Sense buffer (Chad Dupuis) [660388]\n- [scsi] qla4xxx: Remove stale references to ISP3031 and NetXen (Chad Dupuis) [660388]\n- [scsi] qla4xxx: Correct file header for iscsi (Chad Dupuis) [660388]\n- [scsi] qla4xxx: Add scsi_{,un}block_request while reading flash (Chad Dupuis) [660388]\n- [scsi] qla4xxx: Remove unused code from qla4xxx_send_tgts (Chad Dupuis) [660388]\n- [scsi] qla4xxx: Add proper locking around cmd->host_scribble (Chad Dupuis) [660388]\n- [scsi] qla4xxx: use return status DID_TRANSPORT_DISRUPTED (Chad Dupuis) [660388]\n- [scsi] qla4xxx: remove unused functions and struct parameters (Chad Dupuis) [660388]\n- [scsi] qla4xxx: change char string to static char (Chad Dupuis) [660388]\n- [scsi] qla4xxx: change spin_lock to spin_lock_irqsave (Chad Dupuis) [660388]\n- [scsi] qla4xxx: change hard coded value to a macro (Chad Dupuis) [660388]\n- [scsi] qla4xxx: move qla4xxx_free_ddb_list and scsi_remove_host (Chad Dupuis) [660388]\n- [scsi] qla4xxx: get status from initialize_adapter (Chad Dupuis) [660388]\n- [scsi] qla4xxx: remove extra pci_disable_device call (Chad Dupuis) [660388]\n- [scsi] qla4xxx: Remove unused argument from function prototype (Chad Dupuis) [660388]\n- [scsi] qla4xxx: call qla4xxx_mark_all_devices_missing (Chad Dupuis) [660388]\n- [scsi] qla4xxx: call scsi_scan_target only if AF_ONLINE set (Chad Dupuis) [660388]\n- [scsi] qla4xxx: call scsi_block_request before clearing AF_ONLINE (Chad Dupuis) [660388]\n- [scsi] qla4xxx: Add timer debug print (Chad Dupuis) [660388]\n- [scsi] qla4xxx: use iscsi class session state check ready (Chad Dupuis) [660388]\n- [scsi] qla4xxx: set device state missing only if non-dead state (Chad Dupuis) [660388]\n- [scsi] libiscsi: fix shutdown (Chad Dupuis) [660388]\n- [scsi] qla4xxx: Change function prototype to static (Chad Dupuis) [660388]\n- [scsi] qla4xxx: Fix panic while loading with corrupted 4032 card (Chad Dupuis) [660388]\n- [scsi] qla4xxx: no other port reinit during remove_adapter (Chad Dupuis) [660388]\n- [scsi] qla4xxx: unblock iscsi session before scsi_scan_target (Chad Dupuis) [660388]\n- [scsi] qla4xxx: Fix for dropping of AENs during init time (Chad Dupuis) [660388]\n- [scsi] qla4xxx: Free allocated memory only once (Chad Dupuis) [660388]\n- [scsi] qla4xxx: ignore existing interrupt during mailbox command (Chad Dupuis) [660388]\n- [scsi] qla4xxx: Check connection active before unblocking session (Chad Dupuis) [660388]\n- [scsi] qla4xxx: Poll for Disable Interrupt Mailbox Completion (Chad Dupuis) [660388]\n- [scsi] qla4xxx: fix request_irq to avoid spurious interrupts (Chad Dupuis) [660388]\n- [net] bridge: make bridge address settings sticky (Amerigo Wang) [705997]\n- [net] bridge: allow changing hardware addr to any valid address (Amerigo Wang) [705997]\n- [xen] hvm: build guest timers on monotonic system time (Paolo Bonzini) [705725]\n- [xen] hvm: explicitly use the TSC as the base for the hpet (Paolo Bonzini) [705725]\n- [xen] x86: allow Dom0 to drive PC speaker (Igor Mammedov) [501314]\n- [xen] vtd: Fix resource leaks on error paths in intremap code (Igor Mammedov) [704497]\n[2.6.18-262.el5]\n- [block] cciss: reading a write only register causes a hang (Tomas Henzl) [696153]\n[2.6.18-261.el5]\n- [message] mptfusion: inline data padding support for TAPE drives (Tomas Henzl) [698073]\n- [powerpc] fix VDSO gettimeofday called with NULL struct timeval (Steve Best) [700203]\n- [fs] gfs2: fix resource group bitmap corruption (Robert S Peterson) [690555]\n- [fs] gfs2: Add dlm callback owed glock flag (Robert S Peterson) [703213]\n- [net] cxgb4: fix some backport bugs (Neil Horman) [700947]\n- [scsi] fnic: fix stats memory leak (Mike Christie) [688459]\n- [block]: fix missing bio back/front segment size setting (Milan Broz) [700546]\n- [net] mlx4: Add CX3 PCI IDs (Jay Fenlason) [660671]\n- [pci] SRIOV: release VF BAR resources when device is hot unplug (Don Dutile) [698879]\n- [virtio] virtio_ring: Decrement avail idx on buffer detach (Amit Shah) [699426]\n- [virtio] virtio_pci: fix double-free of pci regions on unplug (Amit Shah) [701918]\n- Revert: [virtio] console: no device_destroy on port device (Amit Shah) [701918]\n- [xen] hvm: provide param to disable HPET in HVM guests (Paolo Bonzini) [702652]\n- [xen] vtd: Free unused interrupt remapping table entry (Don Dugger) [571410]\n[2.6.18-260.el5]\n- [scsi] mpt2sas: prevent heap overflows and unchecked access (Tomas Henzl) [694527] {CVE-2011-1494 CVE-2011-1495}\n- [block] cciss: fix export resettable host attribute fix (Tomas Henzl) [690511]\n- [fs] gfs2: Tag all metadata with jid of last node to change it (Steven Whitehouse) [701577]\n- [fs] nfsd: permit unauthenticated stat of export root (Steve Dickson) [491740]\n- [net] myri10ge: add dynamic LRO disabling (Stanislaw Gruszka) [688897]\n- [wireless] ath5k: disable ASPM L0s for all cards (Stanislaw Gruszka) [666866]\n- [net] igb: work-around for 82576 EEPROMs reporting invalid size (Stefan Assmann) [693934]\n- [pci] aerdrv: use correct bits and add delay to aer_root_reset (Stefan Assmann) [700386]\n- [fs] jbd: fix write_metadata_buffer and get_write_access race (Eric Sandeen) [494927 696843]\n- [x86_64] Disable Advanced RAS/MCE on newer Intel processors (Prarit Bhargava) [697508]\n- [x86_64] vdso: fix gettimeofday segfault when tv == NULL (Prarit Bhargava) [700782]\n- [x86_64] Ignore spurious IPIs left over from crash kernel (Myron Stowe) [692921]\n- [i386] Ignore spurious IPIs left over from crash kernel (Myron Stowe) [692921]\n- [scsi] iscsi_tcp: fix iscsis sk_user_data access (Mike Christie) [677703]\n- [edac] i7core_edac: return -ENODEV if no MC is found (Mauro Carvalho Chehab) [658418]\n- [char] vcs: hook sysfs devices to object lifetime (Mauro Carvalho Chehab) [622542]\n- [char] vt_ioctl: fix VT ioctl race (Mauro Carvalho Chehab) [622542]\n- [fs] avoid vmalloc space error opening many files on x86 (Larry Woodman) [681586]\n- [fs] nfs: Tighten up the attribute update code (Jeff Layton) [672981]\n- [net] bna: Avoid kernel panic in case of FW heartbeat failure (Ivan Vecera) [700488]\n- [net] benet: increment work_counter in be_worker (Ivan Vecera) [695197]\n- [net] benet: be_poll_tx_mcc_compat should always return zero (Ivan Vecera) [690755]\n- [net] benet: Fix be_get_stats_count return value (Ivan Vecera) [690755]\n- [net] tcp: Fix tcp_prequeue to get correct rto_min value (Herbert Xu) [696411]\n- [net] bonding: unshare skbs prior to calling pskb_may_pull (Andy Gospodarek) [607114]\n- [misc] x86: Sync CPU feature flag additions from Xen (Frank Arnold) [687994]\n- [misc] mark various drivers/features as tech preview (Don Zickus) [701722]\n- [hwmon] i5k_amb: Fix compile warning (Dean Nelson) [603345]\n- [hwmon] i5k_amb: Load automatically on all 5000/5400 chipsets (Dean Nelson) [603345]\n- [hwmon] i5k_amb: provide labels for temperature sensors (Dean Nelson) [603345]\n- [hwmod] i5k_amb: support Intel 5400 chipset (Dean Nelson) [603345]\n- [net] bridge/netfilter: fix ebtables information leak (Don Howard) [681326] {CVE-2011-1080}\n- [net] bluetooth: fix sco information leak to userspace (Don Howard) [681311] {CVE-2011-1078}\n- [fs] gfs2: make sure fallocate bytes is a multiple of blksize (Benjamin Marzinski) [699741]\n- [fs] fix corrupted GUID partition table kernel oops (Jerome Marchand) [695980] {CVE-2011-1577}\n- [xen] x86: Enable K8 NOPS for future AMD CPU Families (Frank Arnold) [687994]\n- [xen] x86: Blacklist new AMD CPUID bits for PV domains (Frank Arnold) [687994]\n- [xen] x86: Handle new AMD CPUID bits for HVM guests (Frank Arnold) [687994]\n- [xen] x86: Update AMD CPU feature flags (Frank Arnold) [687994]\n- [xen] x86/domain: fix error checks in arch_set_info_guest (Laszlo Ersek) [688582] {CVE-2011-1166}\n[2.6.18-259.el5]\n- [net] bridge: fix initial packet flood if !STP (Jiri Pirko) [695369]\n- [edac] amd64_edac: Fix potential memleak (Mauro Carvalho Chehab) [610235]\n- [edac] amd64_edac, amd64_mce: Revert printk changes (Mauro Carvalho Chehab) [610235]\n- [x86] amd: Fix init_amd build warnings (Frank Arnold) [610235]\n- [edac] amd64_edac: Enable PCI dev detection on F15h (Frank Arnold) [610235]\n- [edac] amd64_edac: Fix decode_syndrome types (Frank Arnold) [610235]\n- [edac] amd64_edac: Fix DCT argument type (Frank Arnold) [610235]\n- [edac] amd64_edac: Fix ranges signedness (Frank Arnold) [610235]\n- [edac] amd64_edac: Drop local variable (Frank Arnold) [610235]\n- [edac] amd64_edac: Fix PCI config addressing types (Frank Arnold) [610235]\n- [edac] amd64_edac: Fix DRAM base macros (Frank Arnold) [610235]\n- [edac] amd64_edac: Fix node id signedness (Frank Arnold) [610235]\n- [edac] amd64_edac: Enable driver on F15h (Frank Arnold) [610235]\n- [edac] amd64_edac: Adjust ECC symbol size to F15h (Frank Arnold) [610235]\n- [edac] amd64_edac: Improve DRAM address mapping (Frank Arnold) [610235]\n- [edac] amd64_edac: Sanitize ->read_dram_ctl_register (Frank Arnold) [610235]\n- [edac] amd64_edac: fix up chip select conversion routine to F15h (Frank Arnold) [610235]\n- [edac] amd64_edac: Beef up early exit reporting (Frank Arnold) [610235]\n- [edac] amd64_edac: Revamp online spare handling (Frank Arnold) [610235]\n- [edac] amd64_edac: Fix channel interleave removal (Frank Arnold) [610235]\n- [edac] amd64_edac: Correct node interleaving removal (Frank Arnold) [610235]\n- [edac] amd64_edac: Add support for interleaved region swapping (Frank Arnold) [610235]\n- [edac] amd64_edac: Unify get_error_address (Frank Arnold) [610235]\n- [edac] amd64_edac: Simplify decoding path (Frank Arnold) [610235]\n- [edac] amd64_edac: Adjust channel counting to F15h (Frank Arnold) [610235]\n- [edac] amd64_edac: Cleanup old defines cruft (Frank Arnold) [610235]\n- [edac] amd64_edac: Cleanup NBSH cruft (Frank Arnold) [610235]\n- [edac] amd64_edac: Cleanup NBCFG handling (Frank Arnold) [610235]\n- [edac] amd64_edac: Cleanup NBCTL code (Frank Arnold) [610235]\n- [edac] amd64_edac: Cleanup DCT Select Low/High code (Frank Arnold) [610235]\n- [edac] amd64_edac: Cleanup Dram Configuration registers handling (Frank Arnold) [610235]\n- [edac] amd64_edac: Cleanup DBAM handling (Frank Arnold) [610235]\n- [edac] amd64_edac: Replace huge bitmasks with a macro (Frank Arnold) [610235]\n- [edac] amd64_edac: Sanitize f10_get_base_addr_offset (Frank Arnold) [610235]\n- [edac] amd64_edac: Sanitize channel extraction (Frank Arnold) [610235]\n- [edac] amd64_edac: Cleanup chipselect handling (Frank Arnold) [610235]\n- [edac] amd64_edac: Cleanup DHAR handling (Frank Arnold) [610235]\n- [edac] amd64_edac: Remove DRAM base/limit subfields caching (Frank Arnold) [610235]\n- [edac] amd64_edac: Add support for F15h DCT PCI config accesses (Frank Arnold) [610235]\n- [edac] amd64_edac: Fix DIMMs per DCTs output (Frank Arnold) [610235]\n- [edac] amd64_edac: Remove two-stage initialization (Frank Arnold) [610235]\n- [edac] amd64_edac: Check ECC capabilities initially (Frank Arnold) [610235]\n- [edac] amd64_edac: Carve out ECC-related hw settings (Frank Arnold) [610235]\n- [edac] amd64_edac: Allocate driver instances dynamically (Frank Arnold) [610235]\n- [edac] amd64_edac: Rework printk macros (Frank Arnold) [610235]\n- [edac] amd64_edac: Rename CPU PCI devices (Frank Arnold) [610235]\n- [edac] amd64_edac: Concentrate per-family init even more (Frank Arnold) [610235]\n- [edac] amd64_edac: Cleanup the CPU PCI device reservation (Frank Arnold) [610235]\n- [edac] amd64_edac: Add per-family init function (Frank Arnold) [610235]\n- [edac] amd64_edac: Remove F11h support (Frank Arnold) [610235]\n- [edac] amd64_edac: Fix interleaving check (Frank Arnold) [610235]\n- [edac] amd64_edac: Fix DCT base address selector (Frank Arnold) [610235]\n- [edac] amd64_edac: Sanitize syndrome extraction (Frank Arnold) [610235]\n- [edac] amd64_edac: fix forcing module load/unload (Frank Arnold) [610235]\n- [edac] amd64_edac: add memory types strings for debugging (Frank Arnold) [610235]\n- [edac] amd64_edac: remove unneeded extract_error_address wrapper (Frank Arnold) [610235]\n- [edac] amd64_edac: rename StinkyIdentifier (Frank Arnold) [610235]\n- [edac] amd64_edac: remove superfluous dbg printk (Frank Arnold) [610235]\n- [edac] amd64_edac: cleanup f10_early_channel_count (Frank Arnold) [610235]\n- [edac] amd64_edac: dump DIMM sizes on K8 too (Frank Arnold) [610235]\n- [edac] amd64_edac: cleanup rest of amd64_dump_misc_regs (Frank Arnold) [610235]\n- [edac] amd64_edac: cleanup DRAM cfg low debug output (Frank Arnold) [610235]\n- [edac] amd64_edac: wrap-up pci config read error handling (Frank Arnold) [610235]\n- [edac] amd64_edac: make DRAM regions output more human-readable (Frank Arnold) [610235]\n- [edac] amd64_edac: clarify DRAM CTL debug reporting (Frank Arnold) [610235]\n- [edac] mce_amd: Fix NB error formatting (Frank Arnold) [659693]\n- [edac] mce_amd: Use BIT_64() to eliminate warnings on 32-bit (Frank Arnold) [659693]\n- [edac] mce_amd: Enable MCE decoding on F15h (Frank Arnold) [659693]\n- [edac] mce_amd: Shorten error report formatting (Frank Arnold) [659693]\n- [edac] mce_amd: Overhaul error fields extraction macros (Frank Arnold) [659693]\n- [edac] mce_amd: Add F15h FP MCE decoder (Frank Arnold) [659693]\n- [edac] mce_amd: Add F15 EX MCE decoder (Frank Arnold) [659693]\n- [edac] mce_amd: Add an F15h NB MCE decoder (Frank Arnold) [659693]\n- [edac] mce_amd: No F15h LS MCE decoder (Frank Arnold) [659693]\n- [edac] mce_amd: Add F15h CU MCE decoder (Frank Arnold) [659693]\n- [edac] mce_amd: Add F15h IC MCE decoder (Frank Arnold) [659693]\n- [edac] mce_amd: Add F15h DC MCE decoder (Frank Arnold) [659693]\n- [edac] mce_amd: Select extended error code mask (Frank Arnold) [659693]\n- [edac] mce_amd: Fix shift warning on 32-bit (Frank Arnold) [659693]\n- [edac] mce_amd: Add a BIT_64() macro (Frank Arnold) [659693]\n- [edac] mce_amd: Enable MCE decoding on F12h (Frank Arnold) [659693]\n- [edac] mce_amd: Add F12h NB MCE decoder (Frank Arnold) [659693]\n- [edac] mce_amd: Add F12h IC MCE decoder (Frank Arnold) [659693]\n- [edac] mce_amd: Add F12h DC MCE decoder (Frank Arnold) [659693]\n- [edac] mce_amd: Add support for F11h MCEs (Frank Arnold) [659693]\n- [edac] mce_amd: Enable MCE decoding on F14h (Frank Arnold) [659693]\n- [edac] mce_amd: Fix FR MCEs decoding (Frank Arnold) [659693]\n- [edac] mce_amd: Complete NB MCE decoders (Frank Arnold) [659693]\n- [edac] mce_amd: Warn about LS MCEs on F14h (Frank Arnold) [659693]\n- [edac] mce_amd: Adjust IC decoders to F14h (Frank Arnold) [659693]\n- [edac] mce_amd: Adjust DC decoders to F14h (Frank Arnold) [659693]\n- [edac] mce_amd: Rename files (Frank Arnold) [659693]\n- [edac] mce_amd: Pass complete MCE info to decoders (Frank Arnold) [659693]\n- [edac] mce_amd: Sanitize error codes (Frank Arnold) [659693]\n- [edac] mce_amd: Remove unused function parameter (Frank Arnold) [659693]\n- [edac] mce_amd: Do not report error overflow as a separate error (Frank Arnold) [659693]\n- [edac] mce_amd: Limit MCE decoding to current families for now (Frank Arnold) [659693]\n- [edac] mce_amd: Fix wrong mask and macro usage (Frank Arnold) [659693]\n- [edac] mce_amd: Filter out invalid values (Frank Arnold) [659693]\n- [edac] mce_amd: silence GART TLB errors (Frank Arnold) [659693]\n- [edac] mce_amd: correct corenum reporting (Frank Arnold) [659693]\n- [edac] mce_amd: update AMD F10h revD check (Frank Arnold) [659693]\n- [edac] mce_amd: Use an atomic notifier for MCEs decoding (Frank Arnold) [659693]\n- [edac] mce_amd: carve out AMD MCE decoding logic (Frank Arnold) [659693]\n- [edac] mce_amd: Fix MCE decoding callback logic (Frank Arnold) [659693]\n[2.6.18-258.el5]\n- [block] cciss: fix lost command problem (Tomas Henzl) [696153]\n- [block] cciss: export resettable host attribute (Tomas Henzl) [690511]\n- [powerpc] mm/numa: Disable VPNH feature on pseries (Steve Best) [696328]\n- [wireless] iwlagn: re-enable MSI on resume (Prarit Bhargava) [694672]\n- [fs] cifs: clean up various nits in unicode routines (Jeff Layton) [659715]\n- [fs] cifs: fix unaligned accesses in cifsConvertToUCS (Jeff Layton) [659715]\n- [fs] cifs: clean up unaligned accesses in cifs_unicode.c (Jeff Layton) [659715]\n- [fs] cifs: fix unaligned access in check2ndT2 and coalesce_t2 (Jeff Layton) [659715]\n- [fs] cifs: clean up unaligned accesses in validate_t2 (Jeff Layton) [659715]\n- [fs] cifs: use get/put_unaligned functions to access ByteCount (Jeff Layton) [659715]\n- [net] bridge: fix build warning in br_device (Jarod Wilson) [556811]\n- [scsi] arcmsr: fix broken CONFIG_XEN conditional (Jarod Wilson) [635992]\n- [net] cxgb4: clean up dma_mapping_error usage (Jarod Wilson) [567446]\n- [fs] dcache: Close a race-opportunity in d_splice_alias (David Howells) [646359]\n- [md] dm-crypt: support more encryption modes (Milan Broz) [660368]\n- [crypto] add XTS blockcipher mode support (Danny Feng) [553411]\n- [s390] dasd: fix race between open and offline (Hendrik Brueckner) [695357]\n- [net] netxen: limit skb frags for non tso packet (Chad Dupuis) [672368]\n- [net] qlcnic: limit skb frags for non tso packet (Bob Picco) [695490]\n[2.6.18-257.el5]\n- [char] ipmi: dont poll non-existant IPMI Event Message Buffer (Tony Camuso) [578913]\n- [char] ipmi: fix platform return check (Tony Camuso) [578913]\n- [fs] gfs: Never try to deallocate an inode on a read-only mount (Steven Whitehouse) [689943]\n- [infiniband] cxgb4: Initial import of driver to RHEL5 (Steve Best) [567449]\n- [net] cxgb4: Initial import of driver to RHEL5 (Neil Horman) [567446]\n- [net] bond: fix link up after restart (Neil Horman) [659558]\n- [infiniband] cxgb3: Dont free skbs on NET_XMIT_* from LLD (Neil Horman) [516956]\n- [infiniband] cxgb3: Wait 1+ schedule cycle during device removal (Neil Horman) [516956]\n- [infiniband] cxgb3: Mark device with CXIO_ERROR_FATAL on remove (Neil Horman) [516956]\n- [infiniband] cxgb3: Dont allocate the SW queue for user mode CQs (Neil Horman) [516956]\n- [infiniband] cxgb3: Increase the max CQ depth (Neil Horman) [516956]\n- [infiniband] cxgb3: Doorbell overflow avoidance and recovery (Neil Horman) [516956]\n- [infiniband] cxgb3: Remove BUG_ON() on CQ rearm failure (Neil Horman) [516956]\n- [infiniband] cxgb3: Fix error paths in post_send and post_recv (Neil Horman) [516956]\n- [infiniband] cxgb3: Handle NULL inetdev ptr in iwch_query_port (Neil Horman) [516956]\n- [infiniband] cxgb3: Clean up properly on FW mismatch failures (Neil Horman) [516956]\n- [infiniband] cxgb3: Dont ignore insert_handle() failures (Neil Horman) [516956]\n- [infiniband] cxgb3: Wake up any waiters on peer close/abort (Neil Horman) [516956]\n- [infiniband] cxgb3: Dont free endpoints early (Neil Horman) [516956]\n- [net] cxgb3: Handle port events properly (Mike Christie) [516956]\n- [fs] cifs: prevent infinite recursion in cifs_reconnect_tcon (Jeff Layton) [667454]\n- [fs] cifs: consolidate reconnect logic in smb_init routines (Jeff Layton) [667454]\n- [fs] dcache: allow __d_obtain_alias to return unhashed dentries (J. Bruce Fields) [613736]\n[2.6.18-256.el5]\n- [scsi] mpt2sas: fix _scsih_is_raid test in _scsih_qcmd (Tomas Henzl) [683806]\n- [scsi] megaraid_sas: add a reset_devices condition (Tomas Henzl) [692099]\n- [net] add socket API recvmmsg, receive multiple messages (Thomas Graf) [582653]\n- [scsi] device_handler: fix ref counting in error path (Mike Snitzer) [645343]\n- [scsi] device_handler: propagate SCSI device deletion (Mike Snitzer) [645343]\n- [net] 8021q: fix VLAN RX stats counting (Stefan Assmann) [579858]\n- [x86_64] vdso: Fix typo in vclock_gettime code (Prarit Bhargava) [691735]\n- [firmware] dmi_scan: Display system information in dmesg (Prarit Bhargava) [692860]\n- [fs] debugfs: Implement debugfs_remove_recursive (Neil Horman) [692946]\n- [redhat] configs: enable building CXGB4_ISCSI (Mike Christie) [567452]\n- [scsi] cxgbi: get rid of gl_skb in cxgbi_ddp_info (Mike Christie) [567452]\n- [scsi] cxgbi: set ulpmode only if digest is on (Mike Christie) [567452]\n- [scsi] cxgb4i: ignore informational act-open-rpl message (Mike Christie) [567452]\n- [scsi] cxgb4i: connection and ddp setting update (Mike Christie) [567452]\n- [scsi] cxgb3i: fixed connection over vlan (Mike Christie) [567452]\n- [scsi] libcxgbi: pdu read fixes (Mike Christie) [567452]\n- [scsi] cxgbi: rename alloc_cpl to alloc_wr (Mike Christie) [567452]\n- [scsi] cxgb3i: change cxgb3i to use libcxgbi (Mike Christie) [567452]\n- [scsi] cxgbi: add cxgb4i iscsi driver (Mike Christie) [567452]\n- [net] bonding: re-read speed and duplex when interface goes up (Andy Gospodarek) [677902]\n- [net] ipv4/tcp_timer: honor sysctl tcp_syn_retries (Flavio Leitner) [688989]\n- [usb] fix usbfs isochronous data transfer regression (Don Zickus) [688926]\n- [fs] partitions: Fix corrupted OSF partition table parsing (Danny Feng) [688023]\n- [misc] add param to change default coredump_filter setup (Dave Anderson) [488840]\n- Revert: [md] dm-crypt: support more encryption modes (Jarod Wilson) [660368]\n- [xen] allow delivery of timer interrupts to VCPU != 0 (Paolo Bonzini) [418501]\n- [xen] x86/hvm: Enable delivering 8259 interrupts to VCPUs != 0 (Paolo Bonzini) [418501]\n- [xen] get rid of the vcpu state in HPET (Paolo Bonzini) [418501]\n- [xen] add accessors for arch/x86/hvm/hpet.c (Paolo Bonzini) [418501]\n[2.6.18-255.el5]\n- [net] htb: Make HTB scheduler work with TSO (Thomas Graf) [481546]\n- [fs] cifs: map NT_STATUS_ERROR_WRITE_PROTECTED to -EROFS (Jeff Layton) [516102]\n- [pci] Ensure devices are resumed on system resume (Matthew Garrett) [644440]\n- [fs] ext2, ext3: copy i_flags to inode flags on write (Eric Sandeen) [431738]\n- [fs] gfs2: fix filesystem hang caused by incorrect lock order (Robert S Peterson) [656032]\n- [fs] gfs2: restructure reclaiming of unlinked dinodes (Robert S Peterson) [656032]\n- [fs] gfs2: unlock on gfs2_trans_begin error (Robert S Peterson) [656032]\n- [pci] Add HP BL620c G7 to pci=bfsort whitelist (Prarit Bhargava) [680946]\n- [pci] msi: simplify the msi irq limit policy (Prarit Bhargava) [652799]\n- [scsi] scsi_dh: allow scsi_dh_detach to detach when attached (Mike Christie) [666304]\n- [net] bonding: fix test for presence of VLANs (Jiri Pirko) [654878]\n- [net] 8021q: VLAN 0 should be treated as no vlan tag (Jiri Pirko) [654878]\n- [kernel] module: add sysctl to block module loading (Jerome Marchand) [645221]\n- [fs] nfs: Make close(2) async when closing O_DIRECT files (Jeff Layton) [626977]\n- [fs] nfs: Optimise NFS close() (Jeff Layton) [626977]\n- [fs] nfs: Fix nfsv4 atomic open for execute... (Jeff Layton) [626977]\n- [misc] pm: add comment explaining is_registered kabi work-around (Don Zickus) [637930]\n- [misc] sunrpc: only call get_seconds once in sunrpc_invalidate (David Howells) [589512]\n[2.6.18-254.el5]\n- [scsi] mpt2sas: Added customer specific display support (Tomas Henzl) [684842]\n- [scsi] mpt2sas: Add support for WarpDrive SSS-6200 (Tomas Henzl) [683806]\n- [scsi] megaraid: update driver to v5.34 (Tomas Henzl) [660728]\n- [scsi] arcmsr: driver update for RHEL5.7 (Tomas Henzl) [635992]\n- [scsi] scsi_dh_alua: add scalable ONTAP lun to dev list (Mike Snitzer) [667660]\n- [pci] Enable pci=bfsort by default on future Dell systems (Shyam Iyer) [689047]\n- [net] enic: update driver to 2.1.1.9 (Stefan Assmann) [661306]\n- [scsi] bfa: rebase for RHEL5.7 to current scsi-misc version (Rob Evers) [660545]\n- [pci] Enable PCI bus rescan for PPC64 only (Prarit Bhargava) [683461]\n- [net] enable VLAN SG on additional drivers (Paolo Bonzini) [668934]\n- [net] add ethtool -k sg off support for vlans (Paolo Bonzini) [668934]\n- [net] explicitly enable VLAN SG when already in use (Paolo Bonzini) [668934]\n- [net] enable SG on vlan devices if supported on the NIC (Paolo Bonzini) [668934]\n- [net] fix NETIF_F_GSO_MASK to exclude VLAN features (Paolo Bonzini) [668934]\n- [ata] ata_piix: honor ide=disable (Paolo Bonzini) [460821]\n- [scsi] be2iscsi: update driver version string (Mike Christie) [691899]\n- [scsi] be2iscsi: fix null ptr when accessing task hdr (Mike Christie) [660392]\n- [scsi] be2iscsi: fix gfp use in alloc_pdu (Mike Christie) [660392]\n- [scsi] be2iscsi: allow more time for FW to respond (Mike Christie) [660392]\n- [net] ixgbe: restore erratum 45 fix and whitespace (Andy Gospodarek) [568312 568557 570366 571254 651467 653236 653359 653469 655022]\n- [usb] ehci: AMD periodic frame list table quirk (Don Zickus) [651333]\n- [scsi] qla2xxx: Upgrade 24xx and 25xx firmware to 5.03.16 (Chad Dupuis) [682305]\n- [fs] nfsd: fix auth_domain reference leak on nlm operations (J. Bruce Fields) [589512]\n- [net] sunrpc: ensure cache_check caller sees updated entry (J. Bruce Fields) [589512]\n- [net] sunrpc: take lock on turning entry NEGATIVE in cache_check (J. Bruce Fields) [589512]\n- [net] sunrpc: move cache validity check into helper function (J. Bruce Fields) [589512]\n- [net] sunrpc: modifying valid sunrpc cache entries is racy (J. Bruce Fields) [589512]\n- [fs] nfs: extract some common sunrpc_cache code from nfsd (J. Bruce Fields) [589512]\n- [pci] return correct value when writing to reset attribute (Alex Williamson) [689860]\n- [pci] expose function reset capability in sysfs (Alex Williamson) [689860]\n[2.6.18-253.el5]\n- [media] sn9c102: fix world-wirtable sysfs files (Don Howard) [679305]\n- [scsi] scsi_dh_rdac: Add two new IBM devices to rdac_dev_list (Rob Evers) [691460]\n- [misc] support for marking code as tech preview (Don Zickus) [645431]\n- [misc] taint: Add taint padding (Don Zickus) [645431]\n- [scsi] lpfc: Update version for 8.2.0.96 driver release (Rob Evers) [660396]\n- [scsi] lpfc: Update version for 8.2.0.95 driver release (Rob Evers) [660396]\n- [scsi] lpfc: Fix rrq cleanup for vport delete (Rob Evers) [660396]\n- [scsi] lpfc: dont ignore lpfc_suppress_link_up on SLI-4 (Rob Evers) [660396]\n- [scsi] lpfc: LOGO completion must invalidate both RPI and D_ID (Rob Evers) [660396]\n- [scsi] lpfc: adds a comment (Rob Evers) [660396]\n- [scsi] lpfc: Do not take lock when clearing rrq active (Rob Evers) [660396]\n- [scsi] lpfc: Fix non-empty nodelist after sli3 driver remove (Rob Evers) [660396]\n- [scsi] lpfc: Save IRQ level when taking host_lock in findnode_did (Rob Evers) [660396]\n- [scsi] lpfc: Fixed hang in lpfc_get_scsi_buf_s4 (Rob Evers) [660396]\n- [scsi] lpfc: Fix xri lookup for received rrq (Rob Evers) [660396]\n- [scsi] lpfc: Fix setting of RRQ active for target aborted IOs (Rob Evers) [660396]\n- [scsi] lpfc: Modified lpfc_delay_discovery implementation (Rob Evers) [660396]\n- [scsi] lpfc: Fix bug with fc_vport symbolic_name not being generated (Rob Evers) [660396]\n- [scsi] lpfc: Update lpfc for 8.2.0.94 driver release (Rob Evers) [660396]\n- [scsi] lpfc: Fixed fdisc sent with invalid VPI (Rob Evers) [660396]\n- [scsi] lpfc: warn if the link_speed is not supported by this adapter (Rob Evers) [660396]\n- [scsi] lpfc: Fixed UE error on UCNA BE2 hba during reboot (Rob Evers) [660396]\n- [scsi] lpfc: Update version for 8.2.0.93 driver release (Rob Evers) [660396]\n- [scsi] lpfc: Added support for clean address bit (Rob Evers) [660396]\n- [scsi] lpfc: Fixed XRI reuse issue (Rob Evers) [660396]\n- [scsi] lpfc: Update version for 8.2.0.92 driver release (Rob Evers) [660396]\n- [scsi] lpfc: Unreg login when PLOGI received from logged in port (Rob Evers) [660396]\n- [scsi] lpfc: Fixed crashes for NULL vport dereference (Rob Evers) [660396]\n- [scsi] lpfc: Update version for 8.2.0.91 driver release (Rob Evers) [660396]\n- [scsi] lpfc: Fix for kmalloc failures in lpfc_workq_post_event (Rob Evers) [660396]\n- [scsi] lpfc: Adjust lengths for sli4_config mailbox commands (Rob Evers) [660396]\n- [scsi] lpfc: set parity and serr bits on after performing sli4 reset (Rob Evers) [660396]\n- [scsi] lpfc: VPI for ALL ELS commands and alloc RPIs at node creation (Rob Evers) [660396]\n- [scsi] lpfc: Correct bit-definitions in SLI4 data structures (Rob Evers) [660396]\n- [scsi] lpfc: Update version for 8.2.0.90 driver release (Rob Evers) [660396]\n- [scsi] lpfc: new SLI4 initialization procedures based on if_type (Rob Evers) [660396]\n- [scsi] lpfc: Implement FC and SLI async event handlers (Rob Evers) [660396]\n- [scsi] lpfc: Fix management command context setting (Rob Evers) [660396]\n- [scsi] lpfc: Fix panic in __lpfc_sli_get_sglq (Rob Evers) [660396]\n- [scsi] lpfc: Update version for 8.2.0.89 driver release (Rob Evers) [660396]\n- [scsi] lpfc: Fix compiler warning (Rob Evers) [660396]\n- [scsi] lpfc: Added support for ELS RRQ command (Rob Evers) [660396]\n- [scsi] lpfc: Init VFI and VPI for physical port (Rob Evers) [660396]\n- [scsi] lpfc: Update version for 8.2.0.88 driver release (Rob Evers) [660396]\n- [scsi] lpfc: add READ_TOPOLOGY mailbox command and new speed definition (Rob Evers) [660396]\n- [scsi] lpfc: Modified return status of unsupport ELS commands (Rob Evers) [660396]\n- [scsi] lpfc: Implement doorbell register changes for new hardware (Rob Evers) [660396]\n- [scsi] lpfc: Implement new SLI 4 SLI_INTF register definitions (Rob Evers) [660396]\n- [scsi] lpfc: Add PCI ID definitions for new hardware support (Rob Evers) [660396]\n- [scsi] lpfc: Add new SLI4 WQE support (Rob Evers) [660396]\n- [net] myri10ge: update to 1.5.2 (Stanislaw Gruszka) [481629]\n- [pci] make pcie_get_readrq visible in pci.h (Stanislaw Gruszka) [481629]\n- [net] igb: AER fix recover from PCIe Uncorrectable Error (Stefan Assmann) [568211]\n- [net] igb: driver update for RHEL5.7 (Stefan Assmann) [653238]\n- [fs] quota: do not allow setting quota limits too high (Eric Sandeen) [594609]\n- [fs] block: fix submit_bh discarding barrier flag on sync write (Lukas Czerner) [667673]\n- [net] netfilter/ipt_CLUSTERIP: fix buffer overflow (Jiri Pirko) [689340]\n- [net] netfilter: ip6_tables: fix infoleak to userspace (Jiri Pirko) [689349] {CVE-2011-1172}\n- [net] netfilter/ip_tables: fix infoleak to userspace (Jiri Pirko) [689332] {CVE-2011-1171}\n- [net] netfilter/arp_tables: fix infoleak to userspace (Jiri Pirko) [689323] {CVE-2011-1170}\n- [sound] alsa: hda driver update for RHEL5.7 (Jaroslav Kysela) [688539]\n- [sound] alsa: add snd-aloop driver (Jaroslav Kysela) [647094]\n- [mmc] sdhci: Add support for O2Micro Card Reader (John Feeney) [659318]\n- [base] Fix potential deadlock in driver core (Don Zickus) [637930]\n- Revert: [crypto] add XTS blockcipher mode support (Jarod Wilson) [553411]\n[2.6.18-252.el5]\n- [scsi] add new Dell Powervault controllers to RDAC device list (Shyam Iyer) [688981]\n- [ata] ahci: AHCI mode for Intel Patsburg SATA RAID controller (David Milburn) [684361]\n- [md] dm-crypt: support more encryption modes (Milan Broz) [660368]\n- [crypto] add XTS blockcipher mode support (Danny Feng) [553411]\n- [virt] hypervisor: Overflow fix for clocks > 4GHz (Zachary Amsden) [673242]\n- [net] tg3: Restrict phy ioctl access (John Feeney) [660397]\n- [net] tg3: Update version to 3.116 (John Feeney) [660397]\n- [net] tg3: Minor EEE code tweaks (John Feeney) [660397]\n- [net] tg3: Relax EEE thresholds (John Feeney) [660397]\n- [net] tg3: Fix 57765 EEE support (John Feeney) [660397]\n- [net] tg3: Move EEE definitions into mdio.h (John Feeney) [660397]\n- [net] tg3: Enable phy APD for 5717 and later asic revs (John Feeney) [660397]\n- [net] tg3: use dma_alloc_coherent() instead of pci_alloc_consistent() (John Feeney) [660397]\n- [net] tg3: Reenable TSS for 5719 (John Feeney) [660397]\n- [net] tg3: Enable mult rd DMA engine on 5719 (John Feeney) [660397]\n- [net] tg3: Always turn on APE features in mac_mode reg (John Feeney) [660397]\n- [net] tg3: Dont check for vlan group before vlan_tx_tag_present (John Feeney) [660397]\n- [net] tg3: Update version to 3.115 (John Feeney) [660397]\n- [net] tg3: Report invalid link from tg3_get_settings() (John Feeney) [660397]\n- [net] tg3: Dont allocate jumbo ring for 5780 class devs (John Feeney) [660397]\n- [net] tg3: Cleanup tg3_alloc_rx_skb() (John Feeney) [660397]\n- [net] tg3: Add EEE support (John Feeney) [660397]\n- [net] tg3: Add clause 45 register accessor methods (John Feeney) [660397]\n- [net] tg3: Disable unused transmit rings (John Feeney) [660397]\n- [net] tg3: Add support for selfboot format 1 v6 (John Feeney) [660397]\n- [net] tg3: Update version to 3.114 (John Feeney) [660397]\n- [net] tg3: Add extend rx ring sizes for 5717 and 5719 (John Feeney) [660397]\n- [net] tg3: Prepare for larger rx ring sizes (John Feeney) [660397]\n- [net] tg3: Futureproof the loopback test (John Feeney) [660397]\n- [net] tg3: Cleanup missing VPD partno section (John Feeney) [660397]\n- [net] tg3: Remove 5724 device ID (John Feeney) [660397]\n- [net] tg3: return operator cleanup (John Feeney) [660397]\n- [net] tg3: phy tmp variable roundup (John Feeney) [660397]\n- [net] tg3: Dynamically allocate VPD data memory (John Feeney) [660397]\n- [net] tg3: Use skb_is_gso_v6() (John Feeney) [660397]\n- [net] tg3: Move producer ring struct to tg3_napi (John Feeney) [660397]\n- [net] tg3: Clarify semantics of TG3_IRQ_MAX_VECS (John Feeney) [660397]\n- [net] tg3: Disable TSS (John Feeney) [660397]\n- [net] tg3: Update version to 3.113 (John Feeney) [660397]\n- [net] tg3: Migrate tg3_flags to phy_flags (John Feeney) [660397]\n- [net] tg3: Create phy_flags and migrate phy_is_low_power (John Feeney) [660397]\n- [net] tg3: Add phy-related preprocessor constants (John Feeney) [660397]\n- [net] tg3: Add error reporting to tg3_phydsp_write() (John Feeney) [660397]\n- [net] tg3: Improve small packet performance (John Feeney) [660397]\n- [net] tg3: Remove 5720, 5750, and 5750M (John Feeney) [660397]\n- [net] tg3: Restrict ASPM workaround devlist (John Feeney) [660397]\n- [net] tg3: Manage gphy power for CPMU-less devs only (John Feeney) [660397]\n- [net] tg3: Disable TSS also during tg3_close() (John Feeney) [660397]\n- [net] tg3: Add 5784 ASIC rev to earlier PCIe MPS fix (John Feeney) [660397]\n- [net] tg3: Update version to 3.112 (John Feeney) [660397]\n- [net] tg3: Fix some checkpatch errors (John Feeney) [660397]\n- [net] tg3: Revert PCIe tx glitch fix (John Feeney) [660397]\n- [net] tg3: Report driver version to firmware (John Feeney) [660397]\n- [net] tg3: Relax 5717 serdes restriction (John Feeney) [660397]\n- [net] tg3: Fix single MSI-X vector coalescing (John Feeney) [660397]\n- [net] tg3: Update version to 3.111 (John Feeney) [660397]\n- [net] tg3: Allow 5717 serdes link via parallel detect (John Feeney) [660397]\n- [net] tg3: Allow single MSI-X vector allocations (John Feeney) [660397]\n- [net] tg3: Update version to 3.110 (John Feeney) [660397]\n- [net] tg3: Remove function errors flagged by checkpatch (John Feeney) [660397]\n- [net] tg3: Unify max pkt size preprocessor constants (John Feeney) [660397]\n- [net] tg3: Re-inline VLAN tags when appropriate (John Feeney) [660397]\n- [net] tg3: Optimize rx double copy test (John Feeney) [660397]\n- [net] tg3: Update version to 3.109 (John Feeney) [660397]\n- [net] tg3: Remove tg3_dump_state() (John Feeney) [660397]\n- [net] tg3: Cleanup if codestyle (John Feeney) [660397]\n- [net] tg3: The case of switches (John Feeney) [660397]\n- [net] tg3: Whitespace, constant, and comment updates (John Feeney) [660397]\n- [net] tg3: Use VPD fw version when present (John Feeney) [660397]\n- [net] tg3: Prepare FW version code for VPD versioning (John Feeney) [660397]\n- [net] tg3: Fix message 80 char violations (John Feeney) [660397]\n- [net] tg3: netdev_err() => dev_err() (John Feeney) [660397]\n- [net] tg3: Replace pr_err with sensible alternatives (John Feeney) [660397]\n- [net] tg3: change field used with TG3_FLAG_10_100_ONLY constant (John Feeney) [660397]\n- [net] tg3: Remove now useless VPD code (John Feeney) [660397]\n- [net] tg3: use helper to search for VPD keywords (John Feeney) [660397]\n- [net] tg3: use VPD information field helper functions (John Feeney) [660397]\n- [net] tg3: use helper to find VPD resource data type (John Feeney) [660397]\n- [net] tg3: Add large and small resource data type code (John Feeney) [660397]\n- [net] tg3: Add PCI LRDT tag size and section size (John Feeney) [660397]\n- [net] tg3: convert to use netdev_for_each_mc_addr, part6 (John Feeney) [660397]\nmacro helpers (John Feeney) [660397]\n- [net] bna: Include embedded firmware for RHEL5 (Ivan Vecera) [475690]\n- [net] bna: use device model DMA API (Ivan Vecera) [475690]\n- [net] bna: Remove unnecessary memset 0 (Ivan Vecera) [475690]\n- [net] bna: Update the driver version to 2.3.2.3 (Ivan Vecera) [475690]\n- [net] bna: IOC failure auto recovery fix (Ivan Vecera) [475690]\n- [net] bna: Restore VLAN filter table (Ivan Vecera) [475690]\n- [net] bna: Removed unused code (Ivan Vecera) [475690]\n- [net] bna: IOC uninit check and misc cleanup (Ivan Vecera) [475690]\n- [net] bna: Fix for TX queue (Ivan Vecera) [475690]\n- [net] bna: Enable pure priority tagged packet reception and rxf uninit cleanup fix (Ivan Vecera) [475690]\n- [net] bna: Fix ethtool register dump and reordered an API (Ivan Vecera) [475690]\n- [net] bna: Port enable disable sync and txq priority fix (Ivan Vecera) [475690]\n- [net] bna: TxRx and datapath fix (Ivan Vecera) [475690]\n- [net] bna: scope and dead code cleanup (Ivan Vecera) [475690]\n- [net] bna: fix interrupt handling (Ivan Vecera) [475690]\n- [net] bna: off by one (Ivan Vecera) [475690]\n- [net] bna: Check for NULL before deref in bnad_cb_tx_cleanup (Ivan Vecera) [475690]\n- [net] bna: fix lock imbalance (Ivan Vecera) [475690]\n- [net] bna: fix stats handling (Ivan Vecera) [475690]\n- [net] bna: Fixed build break for allyesconfig (Ivan Vecera) [475690]\n- [net] bna: Brocade 10Gb Ethernet device driver (Ivan Vecera) [475690]\n- [s390] tape: deadlock on global work queue (Hendrik Brueckner) [681329]\n- [s390] qeth: remove needless IPA-commands in offline (Hendrik Brueckner) [679120]\n- [s390] qeth: allow channel path changes in recovery (Hendrik Brueckner) [678073]\n- [s390] qeth: wrong MAC-address displayed in error message (Hendrik Brueckner) [675747]\n- [s390] dasd: Improve handling of stolen DASD reservation (Hendrik Brueckner) [651141]\n- [s390] dasd: provide a Sense Path Group ID ioctl (Hendrik Brueckner) [651135]\n- [s390] qeth: tolerate OLM-limitation (Hendrik Brueckner) [651161]\n- [s390] sclp_vt220: console message may cause deadlock (Hendrik Brueckner) [675751]\n- [s390] uaccess: missing sacf in uaccess error handling (Hendrik Brueckner) [670234]\n- [x86_64] nmi_watchdog: modify default to perf counter 1 (Don Zickus) [633196 659816]\n- [net] qlcnic: Remove validation for max tx and max rx queues (Chad Dupuis) [660390]\n- [net] qlcnic: fix checks for auto_fw_reset (Chad Dupuis) [660390]\n- [net] qlcnic: change module parameter permissions (Chad Dupuis) [660390]\n- [net] qlcnic: fix ethtool diagnostics test (Chad Dupuis) [660390]\n- [net] qlcnic: fix flash fw version read (Chad Dupuis) [660390]\n- [net] qlcnic: Use static const (Chad Dupuis) [660390]\n- [net] qlcnic: reset pci function unconditionally during probe (Chad Dupuis) [660390]\n- [net] qlcnic: fix ocm window register offset calculation (Chad Dupuis) [660390]\n- [net] qlcnic: fix LED test when interface is down. (Chad Dupuis) [660390]\n- [net] qlcnic: Updated driver version to 5.0.13 (Chad Dupuis) [660390]\n- [net] qlcnic: LICENSE file for qlcnic (Chad Dupuis) [660390]\n- [net] qlcnic: validate eswitch config values for PF (Chad Dupuis) [660390]\n- [net] qlcnic: Disable loopback support (Chad Dupuis) [660390]\n- [net] qlcnic: Bumped up driver version to 5.0.12 (Chad Dupuis) [660390]\n- [net] qlcnic: lro module parameter (Chad Dupuis) [660390]\n- [net] qlcnic: Fix driver hang while using qcc application (Chad Dupuis) [660390]\n- [net] qlcnic: lro off message log from set rx checsum (Chad Dupuis) [660390]\n- [net] qlcnic: Add description for CN1000Q adapter (Chad Dupuis) [660390]\n- [net] qlcnic: Allow minimum bandwidth of zero (Chad Dupuis) [660390]\n- [net] qlcnic: fix panic on load (Chad Dupuis) [660390]\n- [net] qlcnic: define valid vlan id range (Chad Dupuis) [660390]\n- [net] qlcnic: reduce rx ring size (Chad Dupuis) [660390]\n- [net] qlcnic: fix mac learning (Chad Dupuis) [660390]\n- [net] qlcnic: update ethtool stats (Chad Dupuis) [660390]\n- [net] qlcnic: update driver version 5.0.11 (Chad Dupuis) [660390]\n- [net] qlcnic: change all P3 references to P3P (Chad Dupuis) [660390]\n- [net] qlcnic: fix promiscous mode for VF (Chad Dupuis) [660390]\n- [net] qlcnic: fix board description (Chad Dupuis) [660390]\n- [net] qlcnic: remove private LRO flag (Chad Dupuis) [660390]\n- [net] qlcnic: support quiescent mode (Chad Dupuis) [660390]\n- [net] qlcnic: remove dead code (Chad Dupuis) [660390]\n- [net] qlcnic: set mtu lower limit (Chad Dupuis) [660390]\n- [net] qlcnic: cleanup port mode setting (Chad Dupuis) [660390]\n- [net] qlcnic: sparse warning fixes (Chad Dupuis) [660390]\n- [net] qlcnic: fix vlan TSO on big endian machine (Chad Dupuis) [660390]\n- [net] qlcnic: fix endianess for lro (Chad Dupuis) [660390]\n- [net] qlcnic: fix diag register (Chad Dupuis) [660390]\n- [net] qlcnic: fix eswitch stats (Chad Dupuis) [660390]\n- [net] qlcnic: fix internal loopback test (Chad Dupuis) [660390]\n- [net] qlcnic: return operator cleanup (Chad Dupuis) [660390]\n- [net] qlcnic: dont set skb->truesize (Chad Dupuis) [660390]\n- [net] qlcnic: dont assume NET_IP_ALIGN is 2 (Chad Dupuis) [660390]\n- [net] qlcnic: update version 5.0.10 (Chad Dupuis) [660390]\n- [net] qlcnic: remove fw version check (Chad Dupuis) [660390]\n- [net] qlcnic: vlan lro support (Chad Dupuis) [660390]\n- [net] qlcnic: vlan gro support (Chad Dupuis) [660390]\n- [net] qlcnic: support vlan rx accleration (Chad Dupuis) [660390]\n- [net] qlcnic: add cksum flag (Chad Dupuis) [660390]\n- [net] qlcnic: mac vlan learning support (Chad Dupuis) [660390]\n- [net] qlcnic: support mac learning (Chad Dupuis) [660390]\n- [net] qlcnic: fix mac override capability (Chad Dupuis) [660390]\n- [net] qlcnic: fix panic while using eth_hdr (Chad Dupuis) [660390]\n- [net] qlcnic: fix mac anti spoof policy (Chad Dupuis) [660390]\n- [net] qlcnic: fix for setting default eswitch config (Chad Dupuis) [660390]\n- [net] qlcnic: fix mac addr read (Chad Dupuis) [660390]\n- [net] qlcnic: add api version in reg dump (Chad Dupuis) [660390]\n- [net] qlcnic: backout firmware initialization update (Chad Dupuis) [660390]\n- [net] qlnic: fix a race in qlcnic_get_stats (Chad Dupuis) [660390]\n- [net] qlcnic: PCI ID addition (Chad Dupuis) [660390]\n- [net] qlcnic: Fix driver load issue in FW hang (Chad Dupuis) [660390]\n- [net] qlcnic: change reg name (Chad Dupuis) [660390]\n- [net] qlcnic: fix fw recovery for PF (Chad Dupuis) [660390]\n- [net] qlcnic: support port vlan id (Chad Dupuis) [660390]\n- [net] qlcnic: eswitch config fixes (Chad Dupuis) [660390]\n- [net] qlcnic: update version 5.0.8 (Chad Dupuis) [660390]\n- [net] qlcnic: rom lock recovery (Chad Dupuis) [660390]\n- [net] qlcnic: firmware initialization update (Chad Dupuis) [660390]\n- [net] qlcnic: fix endiness in eswitch statistics (Chad Dupuis) [660390]\n- [net] qlcnic: mark device state as failed (Chad Dupuis) [660390]\n- [net] qlcnic: fix npar state (Chad Dupuis) [660390]\n- [net] qlcnic: support anti mac spoofing (Chad Dupuis) [660390]\n- [net] qlcnic: configure offload setting on eswitch (Chad Dupuis) [660390]\n- [net] qlcnic: configure port on eswitch (Chad Dupuis) [660390]\n- [net] qlcnic: replace magic numbers with defines (Chad Dupuis) [660390]\n- [net] qlcnic: remove unused code (Chad Dupuis) [660390]\n- [net] qlcnic: fix inconsistent lock state (Chad Dupuis) [660390]\n- [net] qlcnic: Use available error codes (Chad Dupuis) [660390]\n- [net] qlcnic: turn off lro when rxcsum is disabled (Chad Dupuis) [660390]\n- [net] qlcnic: fix link diag test (Chad Dupuis) [660390]\n- [net] qlcnic: fix link status message (Chad Dupuis) [660390]\n- [net] qlcnic: add eswitch statistics support (Chad Dupuis) [660390]\n- [net] qlcnic: fix for setting function modes (Chad Dupuis) [660390]\n- [net] qlcnic: device state management fixes for virtual func (Chad Dupuis) [660390]\n- [net] qlcnic: fix aer for virtual func (Chad Dupuis) [660390]\n- [net] qlcnic: using too much stack (Chad Dupuis) [660390]\n- [net] qlcnic: clean up qlcnic_init_pci_info (Chad Dupuis) [660390]\n- [net] qlcnic: fix copyright for pci searching function (Chad Dupuis) [660390]\n- [net] netxen: support for GbE port settings (Chad Dupuis) [660437]\n- [net] netxen: Notify firmware of Flex-10 interface down (Chad Dupuis) [660437]\n- [net] netxen: update driver version 4.0.75 (Chad Dupuis) [660437]\n- [net] netxen: enable LRO based on NETIF_F_LRO (Chad Dupuis) [660437]\n- [net] netxen: update module description (Chad Dupuis) [660437]\n- [net] netxen: Use static const (Chad Dupuis) [660437]\n- [net] netxen: remove unused firmware exports (Chad Dupuis) [660437]\n- [net] netxen: Fix tx queue manipulation bug in netxen_nic_probe (Chad Dupuis) [660437]\n- [net] netxen: make local function static (Chad Dupuis) [660437]\n- [net] netxen: mask correctable error (Chad Dupuis) [660437]\n- [net] netxen: fix race in tx stop queue (Chad Dupuis) [660437]\n- [net] netxen: return operator cleanup (Chad Dupuis) [660437]\n- [net] netxen: dont set skb->truesize (Chad Dupuis) [660437]\n[2.6.18-251.el5]\n- [net] benet: Bump up the version number (Ivan Vecera) [660389]\n- [net] benet: Copyright notice change. Update to Emulex instead of ServerEngines (Ivan Vecera) [660389]\n- [net] benet: Fix UDP packet detected status in RX compl (Ivan Vecera) [660389]\n- [net] benet: changes for BE3 native mode support (Ivan Vecera) [660389]\n- [net] benet: Add multicast filter capability for Lancer (Ivan Vecera) [660389]\n- [net] benet: Disarm CQ and EQ to disable interrupt in Lancer (Ivan Vecera) [660389]\n- [net] benet: Remove TX Queue stop in close (Ivan Vecera) [660389]\n- [net] benet: Change f/w command versions for Lancer (Ivan Vecera) [660389]\n- [net] benet: Add error recovery during load for Lancer (Ivan Vecera) [660389]\n- [net] benet: Checksum field valid only for TCP/UDP (Ivan Vecera) [660389]\n- [net] benet: Remove ERR compl workaround for Lancer (Ivan Vecera) [660389]\n- [net] benet: use GFP_KERNEL allocations when possible (Ivan Vecera) [660389]\n- [net] benet: use hba_port_num instead of port_num (Ivan Vecera) [660389]\n- [net] benet: add code to display temperature of ASIC (Ivan Vecera) [660389]\n- [net] benet: fix to ignore transparent vlan ids wrongly indicated by NIC (Ivan Vecera) [660389]\n- [net] benet: variable name change (Ivan Vecera) [660389]\n- [net] benet: fixes in ethtool selftest (Ivan Vecera) [660389]\n- [net] benet: add new counters to display via ethtool stats (Ivan Vecera) [660389]\n- [net] benet: restrict WOL to PFs only. (Ivan Vecera) [660389]\n- [net] benet: detect a UE even when a interface is down. (Ivan Vecera) [660389]\n- [net] benet: gracefully handle situations when UE is detected (Ivan Vecera) [660389]\n- [net] benet: fix be_suspend/resume/shutdown (Ivan Vecera) [660389]\n- [net] benet: pass proper hdr_size while flashing redboot. (Ivan Vecera) [660389]\n- [net] benet: Fix broken priority setting when vlan tagging is enabled. (Ivan Vecera) [660389]\n- [net] benet: Allow VFs to call be_cmd_reset_function. (Ivan Vecera) [660389]\n- [net] benet: pass domain numbers for pmac_add/del functions (Ivan Vecera) [660389]\n- [net] benet: For the VF MAC, use the OUI from current MAC address (Ivan Vecera) [660389]\n- [net] benet: Cleanup the VF interface handles (Ivan Vecera) [660389]\n- [net] benet: call be_vf_eth_addr_config() after register_netdev (Ivan Vecera) [660389]\n- [net] benet: Initialize and cleanup sriov resources only if pci_enable_sriov has succeeded. (Ivan Vecera) [660389]\n- [net] benet: Use domain id when be_cmd_if_destroy is called. (Ivan Vecera) [660389]\n- [net] benet: Avoid null deref in be_cmd_get_seeprom_data (Ivan Vecera) [660389]\n- [net] benet: use device model DMA API (Ivan Vecera) [660389]\n- [net] benet: remove netif_stop_queue being called before register_netdev. (Ivan Vecera) [660389]\n- [net] benet: fix a crash seen during insmod/rmmod test (Ivan Vecera) [660389]\n- [net] benet: Use static const (Ivan Vecera) [660389]\n- [net] benet: use mutex instead of spin lock for mbox_lock (Ivan Vecera) [660389]\n- [net] benet: Handle out of buffer completions for lancer (Ivan Vecera) [660389]\n- [net] benet: FW init cmd fix for lancer (Ivan Vecera) [660389]\n- [net] benet: Fix be_dev_family_check() return value check (Ivan Vecera) [660389]\n- [net] benet: Fix too optimistic NETIF_F_HW_CSUM features (Ivan Vecera) [660389]\n- [net] benet: adding support for Lancer family of CNAs (Ivan Vecera) [660389]\n- [net] benet: remove dead code (Ivan Vecera) [660389]\n- [net] benet: Changes to use only priority codes allowed by f/w (Ivan Vecera) [660389]\n- [net] benet: add multiple RX queue support (Ivan Vecera) [660389]\n- [net] benet: fix tx completion polling (Ivan Vecera) [660389]\n- [net] benet: use Rx and Tx queues like upstream (Ivan Vecera) [660389]\n- [net] benet: return operator cleanup (Ivan Vecera) [660389]\n- [net] benet: fix a bug in UE detection logic (Ivan Vecera) [660389]\n- [net] benet: fix net-snmp error because of wrong packet stats (Ivan Vecera) [660389]\n- [net] benet: stats for packets received due to internal switching in ASIC. (Ivan Vecera) [660389]\n- [net] benet: fix to avoid sending get_stats request if one is already being processed. (Ivan Vecera) [660389]\n- [net] benet: change to show correct physical link status (Ivan Vecera) [660389]\n- [net] benet: add code to dump registers for debug (Ivan Vecera) [660389]\n- [net] benet: bump the driver version number (Ivan Vecera) [660389]\n- [net] benet: variable name changes (Ivan Vecera) [660389]\n- [net] benet: supress printing error when mac query fails for VF (Ivan Vecera) [660389]\n- [net] benet: Patch to determine if function is VF while running in guest OS. (Ivan Vecera) [660389]\n- [net] benet: enable ipv6 tso support (Ivan Vecera) [660389]\n- [net] benet: fix typos concerning management (Ivan Vecera) [660389]\n- [net] benet: Remove unnecessary returns from void functions (Ivan Vecera) [660389]\n- [net] benet: use skb_headlen() (Ivan Vecera) [660389]\n- [net] benet: clarify promiscuous cmd with a comment (Ivan Vecera) [660389]\n- [net] benet: Fix compile warnnings in drivers/net/benet/be_ethtool.c (Ivan Vecera) [660389]\n- [net] ixgbe: update to upstream version 3.2.9-k2 (Andy Gospodarek) [568312 568557 570366 571254 651467 653236 653359 653469 655022]\n- [misc] vlan: Add function to get EtherType from vlan packets (Andy Gospodarek) [568312 568557 570366 571254 651467 653236 653359 653469 655022]\n- [net] support for NETIF_F_HIGHDMA on vlan interfaces (Andy Gospodarek) [568312 568557 570366 571254 651467 653236 653359 653469 655022]\n- [scsi] bnx2i: Updated to version 2.6.2.3 (Mike Christie) [660406]\n- [scsi] bnx2i: Updated version to 2.6.2.2 (Mike Christie) [660406]\n- [scsi] bnx2i: Added iSCSI text pdu support for iSCSI offload (Mike Christie) [660406]\n- [scsi] bnx2i: Added jumbo MTU support for the no shost case (Mike Christie) [660406]\n- [scsi] bnx2i: Added support for the 57712(E) devices (Mike Christie) [660406]\n- [scsi] bnx2i: Added handling for unsupported iSCSI offload hba (Mike Christie) [660406]\n- [scsi] bnx2i: Fixed the 32-bit swapping of the LUN field for nopouts for 5771X (Mike Christie) [660406]\n- [scsi] bnx2i: Allow ep CONNECT_FAILED condition to go through proper cleanup (Mike Christie) [660406]\n- [scsi] bnx2i: Added reconnect fix connecting against Lefthand targets (Mike Christie) [660406]\n- [scsi] bnx2i: Cleaned up various error conditions in ep_connect/disconnect (Mike Christie) [660406]\n- [scsi] bnx2i: Added return code check for chip kwqe submission request (Mike Christie) [660406]\n- [scsi] bnx2i: Modified the bnx2i stop path to compensate for in progress ops (Mike Christie) [660406]\n- [scsi] bnx2i: Removed the dynamic registration of CNIC (Mike Christie) [660406]\n- [scsi] bnx2i: Added mutex lock protection to conn_get_param (Mike Christie) [660406]\n- [net] cnic: Fix lost interrupt on bnx2x (Mike Christie) [660430]\n- [net] cnic: Prevent status block race conditions with hardware (Mike Christie) [660430]\n- [net] bnx2x, cnic: Consolidate iSCSI/FCoE shared mem logic in bnx2x (Mike Christie) [660430]\n- [net] cnic: Fix the type field in SPQ messages (Mike Christie) [660430]\n- [net] cnic: Do not call bnx2i when bnx2i is calling cnic_unregister_driver() (Mike Christie) [660430]\n- [net] cnic: Do not allow iSCSI and FCoE on bnx2x multi-function mode (Mike Christie) [660430]\n- [net] cnic: fix mem leak on alloc fail in cnic_alloc_uio_rings (Mike Christie) [660430]\n- [net] cnic: Add FCoE support on 57712 (Mike Christie) [660430]\n- [net] cnic: Add kcq2 support on 57712 (Mike Christie) [660430]\n- [net] cnic: Call cm_connect_complete() immediately on error (Mike Christie) [660430]\n- [net] cnic: Check device state before reading the kcq pointer in IRQ (Mike Christie) [660430]\n- [net] cnic: Support NIC Partition mode (Mike Christie) [660430]\n- [net] cnic: Use proper client and connection IDs on iSCSI ring (Mike Christie) [660430]\n- [net] cnic: Improve ->iscsi_nl_msg_send() (Mike Christie) [660430]\n- [net] cnic: Prevent 'scheduling while atomic' when calling ->cnic_init() (Mike Christie) [660430]\n- [net] cnic: Fix iSCSI TCP port endian order. (Mike Christie) [660430]\n- [net] cnic: Remove unnecessary semicolons (Mike Christie) [660430]\n- [net] cnic: Add support for 57712 device (Mike Christie) [660430]\n- [net] cnic: Decouple uio close from cnic shutdown (Mike Christie) [660430]\n- [net] cnic: Add cnic_uio_dev struct (Mike Christie) [660430]\n- [net] cnic: Add cnic_free_uio() (Mike Christie) [660430]\n- [net] cnic: Defer iscsi connection cleanup (Mike Christie) [660430]\n- [net] cnic: Add cnic_bnx2x_destroy_ramrod() (Mike Christie) [660430]\n- [net] cnic: Convert ctx_flags to bit fields (Mike Christie) [660430]\n- [net] cnic: Add common cnic_request_irq() (Mike Christie) [660430]\n- [net] bnx2x, cnic: Fix SPQ return credit (Mike Christie) [660430]\n- [char] Enable and extend Legacy PTY support for 4096 device pairs (Mauro Carvalho Chehab) [582776]\n- [fs] ioctl: make fiemap map at least a blocksize amount (Josef Bacik) [663041]\n- [net] forcedeth/r8169: call netif_carrier_off at end of probe (Ivan Vecera) [664705 664707]\n- [net] ixgbevf: update to upstream version 2.0.0-k2 (Andy Gospodarek) [653237]\n- [net] e1000e: update to upstream version 1.3.10 (Andy Gospodarek) [653242 653548]\n- [x86] amd: Extend support to future families (Frank Arnold) [682835]\n- [x86] smpboot: Use compute unit info to determine thread siblings (Frank Arnold) [682835]\n- [x86] amd: Extract compute unit information for AMD CPUs (Frank Arnold) [682835]\n- [x86] amd: Add support for CPUID topology extension of AMD CPUs (Frank Arnold) [682835]\n- [x86] cpufeature: Update AMD CPUID feature bits (Frank Arnold) [682835]\n- [x86_64] Support NMI watchdog on newer AMD CPU families (Frank Arnold) [682835]\n- [net] ixgbe: fix for 82599 erratum on Header Splitting (Andy Gospodarek) [680531]\n- [net] ixgbe: limit VF access to network traffic (Andy Gospodarek) [680531]\n- [net] igbvf driver update for RHEL5.7 (Stefan Assmann) [653241]\n- [fs] ext3: Always set dx_nodes fake_dirent explicitly (Eric Sandeen) [662838]\n- [virt] xen/netback: signal front-end close event via udev (Paolo Bonzini) [661985]\n- [net] bnx2x: fix swap of rx-ticks and tx-ticks parameters in interrupt coalescing flow (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: fix MaxBW configuration (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: (NPAR) prevent HW access in D3 state (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: fix link notification (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: fix non-pmf device load flow (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: update driver version to 1.62.00-6 (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: properly calculate lro_mss (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: perform statistics 'action' before state transition. (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: properly configure coefficients for MinBW algorithm (NPAR mode). (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Fix ethtool -t link test for MF (non-pmf) devices. (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Fix nvram test for single port devices. (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: (NPAR mode) Fix FW initialization (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Add a missing bit for PXP parity register of 57712. (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Duplication in promisc mode (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: multicasts in NPAR mode (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Update bnx2x version to 1.62.00-5 (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Fix potential link loss in multi-function mode (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Fix port swap for BCM8073 (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Fix LED blink rate on BCM84823 (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Remove setting XAUI low-power for BCM8073 (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Update bnx2x version to 1.62.00-4 (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Fix AER setting for BCM57712 (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Fix BCM84823 LED behavior (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Mark full duplex on some external PHYs (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Fix BCM8073/BCM8727 microcode loading (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: LED fix for BCM8727 over BCM57712 (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Common init will be executed only once after POR (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Swap BCM8073 PHY polarity if required (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: fix typos (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Fix the race on bp->stats_pending. (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Move to D0 before clearing MSI/MSI-X configuration. (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: registers dump fixes (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Dont prevent RSS configuration in INT#x and MSI interrupt modes. (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: adding dcbnl support (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Use static const (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: remove bogus check (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: update version to 1.62.00-2 (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: update firmware to 6.2.5.0 (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: bnx2x_request_firmware update for 6.2.5.0 (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: replace FW to 6.2.5 (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Add DCB/PFC support - link layer (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: add DCB support (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Disable FCoE ring, NETDEV_HW_ADDR_T_SAN for RHEL5.7. (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: add FCoE ring (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Update version number and a date. (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Fixed a compilation warning (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Use dma_alloc_coherent() semantics for ILT memory allocation (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: LSO code was broken on BE platforms (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Add Nic partitioning mode (57712 devices) (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Use helpers instead of direct access to the shinfo(skb) fields (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Do interrupt mode initialization and NAPIs adding before register_netdev() (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Disable local BHes to prevent a dead-lock situation (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: fix error value sign (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Remove unnecessary semicolons (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Update version number (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Reset 8073 phy during common init (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Do not enable CL37 BAM unless it is explicitly enabled (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Fix resetting BCM8726 PHY during common init (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Clear latch indication on link reset (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Fix port selection in case of E2 (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Fix waiting for reset complete on BCM848x3 PHYs (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Restore appropriate delay during BMAC reset (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: make local function static and remove dead code (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: remove BCM_VLAN (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Dont check for vlan group before vlan_tx_tag_present. (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: update version to 1.60.00-3 (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: prevent false parity error in MSI-X memory of HC block (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: fix possible deadlock in HC hw block (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: update version to 1.60.00-2 (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: remove unnecessary FUNC_FLG_RSS flag and related (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Use correct FW constant for header padding (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: do not deal with power if no capability (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: remove redundant commands during error handling (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Optimized the branching in the bnx2x_rx_int() (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Fixing a typo: added a missing RSS enablement (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: update version to 1.60.00-1 (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: properly initialize FW stats (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: code beautify (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Fix SPQ return credit (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: move msix table initialization to probe() (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: use L1_CACHE_BYTES instead of magic number (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: remove unused fields in main driver structure (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: remove unused parameter in reuse_rx_skb() (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Add 57712 support (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: change type of spq_left to atomic (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Protect statistics ramrod and sequence number (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: rename MF related fields (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: firmware naming from upstream (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: whitespaces like in upstream, remove some #if0 lines (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: use netdev_for_each_mc_addr (Michal Schmidt) [629609 651546 653357 656360]\n- [misc] netdevice.h: add netdev_mc_count (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: use trivial wrappers around get_sset_count (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: remove a few pointless differences from upstream (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: bnx2x_alloc_napi cleanup, caller more similar to upstream (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: remove bnx2x_init_values.h (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x, cnic, bnx2i: use new FW/HSI (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Moved enabling of MSI to the bnx2x_set_num_queues() (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Use netif_set_real_num_{rx, tx}_queues() (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: return operator cleanup (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Spread rx buffers between allocated queues (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: use ARRAY_SIZE macro in bnx2x_main.c (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Update bnx2x version to 1.52.53-6 (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Change LED scheme for dual-media (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Add dual-media changes (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Organize PHY functions (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Apply logic changes for the new scheme (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Move common function into aggregated function (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Adjust flow-control with the new scheme (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Adjust alignment of split PHY functions (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Split PHY functions (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Unify PHY attributes (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: avoid skb->ip_summed initialization (Michal Schmidt) [629609 651546 653357 656360]\n- [net] skbuff: add skb_checksum_none_assert (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Update version to 1.52.53-5 (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Add BCM84823 to the supported PHYs (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Change BCM848xx LED configuration (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Remove unneeded setting of XAUI low power to BCM8727 (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Change BCM848xx configuration according to IEEE (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Reset link before any new link settings (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Fix potential link issue In BCM8727 based boards (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Fix potential link issue of BCM8073/BCM8727 (Michal Schmidt) [629609 651546 653357 656360]\n- Revert: [net] bnx2x: force interrupt mode for iscsi unset mac (Michal Schmidt) [629609 651546 653357 656360]\n- [net] ipv4: make accept_local writeable for loopback (Neil Horman) [672570]\n- [net] bnx2: Update to latest upstream for RHEL5.7 (Neil Horman) [651438 660375]\n- [pci] backport common vpd support functions (Neil Horman) [683978]\n- [net] e1000: fix sparse warning (Dean Nelson) [571889 653248 653546]\n- [net] e1000: add support for Marvell Alaska M88E1118R PHY (Dean Nelson) [571889 653248 653546]\n- [net] e1000: Add support for the CE4100 reference platform (Dean Nelson) [571889 653248 653546]\n- [net] e1000: fix return value not set on error (Dean Nelson) [571889 653248 653546]\n- [net] e1000: fix Tx hangs by disabling 64-bit DMA (Dean Nelson) [571889 653248 653546]\n- [net] e1000: allow option to limit number of descriptors down to 48 per ring (Dean Nelson) [571889 653248 653546]\n- [net] e1000: Use new function for copybreak tests (Dean Nelson) [571889 653248 653546]\n- [net] e1000: do not modify tx_queue_len on link speed change (Dean Nelson) [571889 653248 653546]\n- [net] e1000: Fix DMA mapping error handling on RX (Dean Nelson) [571889 653248 653546]\n- [net] e1000: call pci_save_state after pci_restore_state (Dean Nelson) [571889 653248 653546]\n- [net] e1000: dont use small hardware rx buffers (Dean Nelson) [571889 653248 653546]\n- [fs] gfs2: directly write blocks past i_size (Benjamin Marzinski) [684371]\n- [fs] gfs2: fix block allocation check for fallocate (Benjamin Marzinski) [684024]\n- [redhat] spec: trim srpm size and vastly improve prep time (Jarod Wilson) [687950]\n[2.6.18-250.el5]\n- [block] cciss: use short tags where supported (Tomas Henzl) [656343]\n- [block] cciss: Fix memory leak in cciss_sysfs_stat_inquiry (Tomas Henzl) [656343]\n- [block] cciss: do not reorder commands in internal queue (Tomas Henzl) [656343]\n- [block] cciss: add another controller 0x103C3356 (Tomas Henzl) [656343]\n- [block] cciss: fix panic in cciss_revalidate (Tomas Henzl) [656343]\n- [block] cciss: Do not remove /proc entry if we never created it (Tomas Henzl) [656343]\n- [block] cciss: do not leak stack to userland (Tomas Henzl) [656343]\n- [block] cciss: catch kmalloc failure of h->scatter_list (Tomas Henzl) [656343]\n- [block] cciss: fix missed command status value CMD_UNABORTABLE (Tomas Henzl) [656343]\n- [block] cciss: remove ifdefed out interrupt_not_for_us (Tomas Henzl) [656343]\n- [block] cciss: change printks to dev_warn (Tomas Henzl) [656343]\n- [block] cciss: use consistent variable names (Tomas Henzl) [656343]\n- [block] cciss: mark performant mode function as __devinit (Tomas Henzl) [656343]\n- [block] cciss: cleanup some debug ifdefs (Tomas Henzl) [656343]\n- [block] cciss: fix leak of ioremapped memory in init error path (Tomas Henzl) [656343]\n- [block] cciss: Fix panic in multipath configurations (Tomas Henzl) [656343]\n- [message] mptfusion: version update to 3.04.18rh (Tomas Henzl) [662160]\n- [message] mptfusion: Incorrect return value in mptscsih_dev_reset (Tomas Henzl) [662160]\n- [message] mptfusion: remove bus reset (Tomas Henzl) [662160]\n- [message] mptfusion: 3gbps - 6gbps (Tomas Henzl) [662160]\n- [message] mptfusion: sysfs sas addr handle (Tomas Henzl) [662160]\n- [message] mptfusion: Fix 32 bit platforms with 64 bit resources (Tomas Henzl) [662160]\n- [message] mptfusion: use module_param correctly (Tomas Henzl) [662160]\n- [message] mptfusion: Adjust confusing if indentation (Tomas Henzl) [662160]\n- [message] mptfusion: print Doorbell reg on hard reset and timeout (Tomas Henzl) [662160]\n- [message] mptfusion: Cleanup some duplicate calls in mptbase.c (Tomas Henzl) [662160]\n- [message] mptfusion: Extra DMD error handling debug prints (Tomas Henzl) [662160]\n- [message] mptfusion: block errors if deleting devices or DMD (Tomas Henzl) [662160]\n- [message] mptfusion: add ioc_reset_in_progress reset in SoftReset (Tomas Henzl) [662160]\n- [message] mptfusion: handle SATA hotplug failure (Tomas Henzl) [662160]\n- [message] mptfusion: schedule_target_reset from all Reset context (Tomas Henzl) [662160]\n- [message] mptfusion: sanity check for device before adding to OS (Tomas Henzl) [662160]\n- [message] mptfusion: fix declaration of device_missing_delay (Tomas Henzl) [662160]\n- [message] mptfusion: DID_TRANSPORT_DISRUPTED, not DID_BUS_BUSY (Tomas Henzl) [662160]\n- [message] mptfusion: Set fw_events_off to 1 at driver load time (Tomas Henzl) [662160]\n- [scsi] mpt2sas: version change to 08.101.00.00 (Tomas Henzl) [662153]\n- [scsi] mpt2sas: Call _scsih_ir_shutdown before reporting to OS (Tomas Henzl) [662153]\n- [scsi] mpt2sas: Basic Code Cleanup in mpt2sas_base (Tomas Henzl) [662153]\n- [scsi] mpt2sas: fix access to freed memory from port enable (Tomas Henzl) [662153]\n- [scsi] mpt2sas: Fix race between broadcast asyn event (Tomas Henzl) [662153]\n- [scsi] mpt2sas: support for Customer specific branding messages (Tomas Henzl) [662153]\n- [scsi] mpt2sas: Revision P MPI Header Update (Tomas Henzl) [662153]\n- [scsi] mpt2sas: Correct resizing calculation for max_queue_depth (Tomas Henzl) [662153]\n- [scsi] mpt2sas: device reset event not supported on old firmware (Tomas Henzl) [662153]\n- [scsi] mpt2sas: fix device removal handshake with vacant bit set (Tomas Henzl) [662153]\n- [scsi] mpt2sas: Debug string changes from target to device (Tomas Henzl) [662153]\n- [scsi] mpt2sas: Remove code for TASK_SET_FULL from driver (Tomas Henzl) [662153]\n- [scsi] mpt2sas: MPI2.0 Header updated (Tomas Henzl) [662153]\n- [scsi] mpt2sas: Modify code to support Expander switch (Tomas Henzl) [662153]\n- [scsi] mpt2sas: create pool of chain buffers for IO (Tomas Henzl) [662153]\n- [scsi] mpt2sas: add loadtime params for IOMissingDelay and params (Tomas Henzl) [662153]\n- [scsi] mpt2sas: add sanity check for cb_idx and smid access (Tomas Henzl) [662153]\n- [scsi] mpt2sas: remov compiler warnnings when logging is disabled (Tomas Henzl) [662153]\n- [scsi] mpt2sas: Copy message frame before releasing (Tomas Henzl) [662153]\n- [scsi] mpt2sas: Copy sense buffer to work on it (Tomas Henzl) [662153]\n- [scsi] mpt2sas: Add message to error escalation callback (Tomas Henzl) [662153]\n- [scsi] mpt2sas: Add check for responding volumes after Host Reset (Tomas Henzl) [662153]\n- [scsi] mpt2sas: add ENOMEM return type when allocation fails (Tomas Henzl) [662153]\n- [scsi] mpt2sas: device event handling using pd_handles per HBA (Tomas Henzl) [662153]\n- [scsi] mpt2sas: Tie a log info message to a specific PHY (Tomas Henzl) [662153]\n- [scsi] mpt2sas: print level KERN_DEBUG is replaced by KERN_INFO (Tomas Henzl) [662153]\n- [scsi] mpt2sas: add sysfs support for tracebuffer (Tomas Henzl) [662153]\n- [scsi] mpt2sas: MPI header version N is updated (Tomas Henzl) [662153]\n- [scsi] mpt2sas: add sysfs counter for ioc reset (Tomas Henzl) [662153]\n- [scsi] mpt2sas: add expander phy control support (Tomas Henzl) [662153]\n- [scsi] mpt2sas: add expander phy counter support (Tomas Henzl) [662153]\n- [scsi] mpt2sas: add disable_discovery module parameter (Tomas Henzl) [662153]\n- [scsi] mpt2sas: dont reset when another reset is in progress (Tomas Henzl) [662153]\n- [net] ip_conntrack_ftp: fix tracking of sequence numbers (Thomas Graf) [642388]\n- [fs] gfs2: add missing unlock_page in gfs2_write_begin (Steven Whitehouse) [684795]\n- [powerpc] numa: improved kABI breakage fix in paca struct (Steve Best) [651167]\n- [fs] gfs2: Make delayed workqueues submit immediately if delay 0 (Robert S Peterson) [650494]\n- [fs] gfs2: improve performance with bouncing locks in a cluster (Robert S Peterson) [650494]\n- [net] s2io: rx_ring_sz bounds checking (Michal Schmidt) [491786]\n- [net] s2io: resolve statistics issues (Michal Schmidt) [598650]\n- [scsi] iscsi: use kmap instead of kmap_atomic (Mike Christie) [672115]\n- [block] reduce stack footprint of blk_recount_segments() (Jeff Moyer) [638988]\n- [block] fix nr_phys_segments miscalculation bug (Jeff Moyer) [638988]\n- [block] raid fixups for removal of bi_hw_segments (Jeff Moyer) [638988]\n- [block] drop vmerge accounting (Jeff Moyer) [638988]\n- [block] drop virtual merging accounting (Jeff Moyer) [638988]\n- [block] Introduce rq_for_each_segment replacing rq_for_each_bio (Jeff Moyer) [638988]\n- [block] Merge blk_recount_segments into blk_recalc_rq_segments (Jeff Moyer) [638988]\n- [fs] Fix over-zealous flush_disk changing device size (Jeff Moyer) [678359]\n- [fs] lockd: make lockd_down wait for lockd to come down (Jeff Layton) [653286]\n- [net] sunrpc: Dont disconnect if connection in progress (Jeff Layton) [680329]\n- [fs] fix block based fiemap (Josef Bacik) [675986]\n- [fs] proc: protect mm start_/end_code in /proc/pid/stat (Eugene Teo) [684571] {CVE-2011-0726}\n- [net] dccp: fix oops in dccp_rcv_state_process (Eugene Teo) [682956] {CVE-2011-1093}\n- [scsi] libsas: fix bug for vacant phy (David Milburn) [676423]\n- [scsi] libsas: do not set res = 0 in sas_ex_discover_dev (David Milburn) [676423]\n- [scsi] libsas: fix wide port hotplug issues (David Milburn) [676423]\n- [scsi] libsas: fixup kABI breakage (David Milburn) [676423]\n- [scsi] libsas: no commands to hot-removed devices (David Milburn) [676423]\n- [scsi] libsas: transport-level facility to req SAS addrs (David Milburn) [676423]\n- [scsi] libsas: misc fixes to the eh path (David Milburn) [676423]\n- [scsi] libsas: correctly flush LU queue on error recovery (David Milburn) [676423]\n- [scsi] libsas: fix error handling (David Milburn) [676423]\n- [scsi] libsas: fix sense_buffer overrun (David Milburn) [676423]\n- [scsi] libsas: reuse orig port hotplugging phys wide port (David Milburn) [676423]\n- [scsi] libsas: fix NCQ mixing with non-NCQ (David Milburn) [676423]\n- [scsi] libsas: fix endianness bug in sas_ata (David Milburn) [676423]\n- [scsi] libsas: dont use made up error codes (David Milburn) [676423]\n- [net] bluetooth: fix bnep buffer overflow (Don Howard) [681319] {CVE-2011-1079}\n- [pci] intel-iommu: Fix get_domain_for_dev() error path (Alex Williamson) [688646]\n- [pci] intel-iommu: Unlink domain from iommu (Alex Williamson) [688646]\n- [redhat] spec: assorted cleanup and streamlining\n[2.6.18-249.el5]\n- [md] dm-mpath: avoid storing private suspended state (Mike Snitzer) [678670]\n- [md] dm-mpath: reject messages when device is suspended (Mike Snitzer) [678670]\n- [md] dm: export suspended state to targets (Mike Snitzer) [678670]\n- [md] dm: rename dm_suspended to dm_suspended_md (Mike Snitzer) [678670]\n- [md] dm: swap postsuspend call and setting suspended flag (Mike Snitzer) [678670]\n- [md] dm-ioctl: retrieve status from inactive table (Mike Snitzer) [678670]\n- [md] dm: rename dm_get_table to dm_get_live_table (Mike Snitzer) [678670]\n- [md] dm-stripe: avoid div by 0 with invalid stripe count (Mike Snitzer) [678670]\n- [md] dm-ioctl: forbid messages to devices being deleted (Mike Snitzer) [678670]\n- [md] dm: add dm_deleting_md function (Mike Snitzer) [678670]\n- [md] dm: dec_pending needs locking to save error value (Mike Snitzer) [678670]\n- [md] dm-raid1: keep retrying alloc if mempool_alloc fails (Mike Snitzer) [678670]\n- [md] dm-table: fix upgrade mode race (Mike Snitzer) [678670]\n- [md] dm-io: respect BIO_MAX_PAGES limit (Mike Snitzer) [678670]\n- [md] dm-ioctl: validate name length when renaming (Mike Snitzer) [678670]\n- [md] dm-log: fix dm_io_client leak on error paths (Mike Snitzer) [678670]\n- [md] dm: avoid destroying table in dm_any_congested (Mike Snitzer) [678670]\n- [md] dm-raid1: fix leakage (Mike Snitzer) [678670]\n- [md] dm-mpath: validate hw_handler argument count (Mike Snitzer) [678670]\n- [md] dm-mpath: validate table argument count (Mike Snitzer) [678670]\n- [md] dm-mpath: fix NULL deref when path parameter missing (Mike Snitzer) [673058]\n- [md] dm-mpath: wait for pg_init completion on suspend (Mike Snitzer) [673058]\n- [md] dm-mpath: hold io until all pg_inits completed (Mike Snitzer) [673058]\n- [md] dm-mpath: skip activate_path for failed paths (Mike Snitzer) [673058]\n- [md] dm-mpath: pass struct pgpath to pg init done (Mike Snitzer) [673058]\n- [md] dm-mpath: prevent io from work queue while suspended (Mike Snitzer) [673058]\n- [md] dm-mpath: add mutex to sync adding and flushing work (Mike Snitzer) [673058]\n- [md] dm-mpath: flush workqueues before suspend completes (Mike Snitzer) [673058]\n- [powerpc] numa: Fix kABI breakage in paca struct (Steve Best) [651167]\n- [powerpc] Disable VPHN polling during a suspend operation (Steve Best) [651167]\n- [powerpc] mm: Poll VPA for topo changes, update NUMA maps (Steve Best) [651167]\n- [powerpc] Add VPHN firmware feature (Steve Best) [651167]\nwith external journal (Lukas Czerner) [652321]\n- [fs] nfs: wait for COMMIT RPC complete before task put (Jeff Layton) [441730]\n- [fs] nfs: ->flush and ->fsync should use FLUSH_SYNC (Jeff Layton) [441730]\n- [net] sunrpc: fix race in __rpc_wait_for_completion_task (Jeff Layton) [441730]\n- [fs] nfs: Ensure proper cleanup on rpc_run_task fail (Jeff Layton) [441730]\n- [fs] nfs: clean up the unstable write code (Jeff Layton) [441730]\n- [fs] nfs: Dont use ClearPageUptodate if writeback fails (Jeff Layton) [441730]\n- [fs] nfs: Fix an unstable write data integrity race (Jeff Layton) [441730]\n- [fs] nfs: make sure WRITE and COMMIT are uninterruptible (Jeff Layton) [441730]\n- [fs] nfs: change how FLUSH_STABLE flag is used (Jeff Layton) [441730]\n- [mm] writeback: fix queue handling in blk_congestion_wait (Jeff Layton) [516490]\n- [fs] nfs: clean up nfs congestion control (Jeff Layton) [516490]\n- [block] Add real API for dealing with blk_congestion_wait (Jeff Layton) [516490]\n- [fs] nfs: kswapd must not block in nfs_release_page (Jeff Layton) [516490]\n- [fs] nfs: Prevent another deadlock in nfs_release_page (Jeff Layton) [516490]\n- [fs] nfs: Try commit unstable writes in nfs_release_page (Jeff Layton) [516490]\n- [fs] nfs: Add debugging facility for NFS aops (Jeff Layton) [516490]\n- [fs] nfs: Fix race in nfs_release_page() (Jeff Layton) [516490]\n- [fs] nfs: Fix nfs_release_page (Jeff Layton) [516490]\n- [fs] nfs: reduce number of unnecessary commit calls (Jeff Layton) [516490]\n- [fs] nfs: nfs_writepages() cleanup (Jeff Layton) [516490]\n[2.6.18-248.el5]\n- [virt] xen: make more room for event channel IRQs (Paolo Bonzini) [650838]\n- [message] mptfusion: fix msgContext in mptctl_hp_hostinfo (Tomas Henzl) [646513]\n- [net] ipv6: Add GSO support on forwarding path (Thomas Graf) [648572]\n- [net] tc: Ignore noqueue_qdisc default qdisc when dumping (Thomas Graf) [627850]\n- [serial] 8250_pci: add support for PowerPC PLX 8250 (Steve Best) [651431]\n- [scsi] ibmveth: Free irq on error path (Steve Best) [651872]\n- [scsi] ibmveth: Cleanup error handling in ibmveth_open (Steve Best) [651872]\n- [scsi] ibmveth: Remove some unnecessary include files (Steve Best) [651872]\n- [scsi] ibmveth: Convert driver specific assert to BUG_ON (Steve Best) [651872]\n- [scsi] ibmveth: Return -EINVAL on all ->probe errors (Steve Best) [651872]\n- [scsi] ibmveth: Some formatting fixes (Steve Best) [651872]\n- [scsi] ibmveth: Remove redundant function prototypes (Steve Best) [651872]\n- [scsi] ibmveth: Convert to netdev_alloc_skb (Steve Best) [651872]\n- [scsi] ibmveth: Remove dupe checksum offload setup code (Steve Best) [651872]\n- [scsi] ibmveth: Add optional flush of rx buffer (Steve Best) [651872]\n- [scsi] ibmveth: Add scatter-gather support (Steve Best) [651872]\n- [scsi] ibmveth: Add rx_copybreak (Steve Best) [651872]\n- [scsi] ibmveth: Add tx_copybreak (Steve Best) [651872]\n- [scsi] ibmveth: Remove LLTX (Steve Best) [651872]\n- [scsi] ibmveth: batch rx buffer replacement (Steve Best) [651872]\n- [scsi] ibmveth: Remove integer divide caused by modulus (Steve Best) [651872]\n- [fs] gfs2: creating large files suddenly slow to a crawl (Robert S Peterson) [683155]\n- [virt] xen: performance improvement for 32-bit domains (Paolo Bonzini) [390451]\n- [fs] nfs: fix use of slab allocd pages in skb frag list (Neil Horman) [682643] {CVE-2011-1090}\n- [net] af_packet: allow multicast traffic on bond ORIGDEV (Jiri Pirko) [579000]\n- [net] af_packet: option to return orig_dev to userspace (Jiri Pirko) [579000]\n- [fs] nfs: back out the FS-Cache patches (Jeff Layton) [631950]\n- [x86_64]: fix section mismatches in kernel setup (Frank Arnold) [683078]\n- [char] tty_audit: fix live lock on audit disabled (Danny Feng) [679563]\n- [s390] remove task_show_regs (Danny Feng) [677853] {CVE-2011-0710}\n- [scsi] qla2xxx: Query proper reg bits to determine state (Chad Dupuis) [537277]\n- [scsi] qla2xxx: update version to 8.03.07.00.05.07 (Chad Dupuis) [660386]\n- [scsi] qla2xxx: online ISP82XX for commands completion (Chad Dupuis) [660386]\n- [scsi] qla2xxx: fix tagging modifier while executing IOs (Chad Dupuis) [660386]\n- [scsi] qla2xxx: fix FCP_RSP response-info check after TMF (Chad Dupuis) [660386]\n- [scsi] qla2xxx: no reset/fw-dump on CT/ELS pt req timeout (Chad Dupuis) [660386]\n- [scsi] qla2xxx: return all loopback mbox out regs to API (Chad Dupuis) [660386]\n- [scsi] qla2xxx: fix IO failure during chip reset (Chad Dupuis) [660386]\n- [scsi] qla2xxx: show mbox reg 4 in 8012 AEN on ISP82XX (Chad Dupuis) [660386]\n- [scsi] qla2xxx: show more mailbox regs during AEN handle (Chad Dupuis) [660386]\n- [scsi] qla2xxx: no BIG_HAMMER if 0x20 cmd fails on CNAs (Chad Dupuis) [660386]\n- [scsi] qla2xxx: Remove redundant modparam permission bits (Chad Dupuis) [660386]\n- [scsi] qla2xxx: set right ret val in qla2xxx_eh_abort (Chad Dupuis) [660386]\n- [scsi] qla2xxx: set FCP prio info to firmware before IOs (Chad Dupuis) [660386]\n- [scsi] qla2xxx: Memory wedge with peg_halt test in loop (Chad Dupuis) [660386]\n- [scsi] qla2xxx: populate FCP_PRIO loc for no flt case (Chad Dupuis) [660386]\n- [scsi] qla2xxx: avoid SCSI host_lock dep in queuecommand (Chad Dupuis) [660386]\n- [scsi] qla2xxx: drop srb ref before wait for completion (Chad Dupuis) [660386]\n- [scsi] qla2xxx: log FCP priority data messages (Chad Dupuis) [660386]\n- [scsi] qla2xxx: add sysfs node for board temperature (Chad Dupuis) [660386]\n- [scsi] qla2xxx: fix check for need quiescence state (Chad Dupuis) [660386]\n- [scsi] qla2xxx: clear local rport refs on timeout from FC (Chad Dupuis) [660386]\n- [scsi] qla2xxx: remove unwanted check for bad spd (Chad Dupuis) [660386]\n- [scsi] qla2xxx: no continuous log when dontreset is set (Chad Dupuis) [660386]\n- [scsi] qla2xxx: quiescence mode support for ISP82xx (Chad Dupuis) [660386]\n- [virtio] console: no device_destroy on port device (Amit Shah) [681179]\n- [virtio] console: dont access vqs if device unplugged (Amit Shah) [681179]\n- [virtio] pci: fix config change oops w/no driver loaded (Amit Shah) [681179]\n- [xen] hap: preserve domain context (Radim Krcmar) [678571]\n[2.6.18-247.el5]\n- [mm] set barrier and send tlb flush to all affected cpus (Prarit Bhargava) [675793]\n- [misc] vdso: export wall_to_monotonic (Prarit Bhargava) [675727]\n- [mm] add vzalloc and vzalloc_node helpers (Neil Horman) [681303]\n- [fs] add lockd endianness annotations (Jeff Layton) [526829]\n- [misc] add key_revoke() dummy for KEYS=n (Jeff Layton) [640891]\n- [fs] nfs: Fix a use-after-free case in nfs_async_rename() (Jeff Layton) [511901]\n- [fs] nfs: make sillyrename an async operation (Jeff Layton) [511901]\n- [fs] nfs: move nfs_sillyrename to unlink.c (Jeff Layton) [511901]\n- [fs] nfs: standardize the rename response container (Jeff Layton) [511901]\n- [fs] nfs: standardize the rename args container (Jeff Layton) [511901]\n- [scsi] scsi_dh_emc: Set request flags consistently (Dave Wysochanski) [670367]\n- [i2c] i2c-i801: Add PCI idents for Patsburg 'IDF' devices (David Milburn) [651513]\n- [i2c] i2c-i801: Handle multiple instances properly (David Milburn) [651513]\n- [i2c] i2c-i801: Dont use block buffer for block writes (David Milburn) [651513]\n- [i2c] i2c-i801: Fix handling of error conditions (David Milburn) [651513]\n- [i2c] i2c-i801: Rename local variable temp to status (David Milburn) [651513]\n- [i2c] i2c-i801: Properly report bus arbitration loss (David Milburn) [651513]\n- [i2c] i2c-i801: Remove verbose debugging messages (David Milburn) [651513]\n- [i2c] i2c-i801: Implement I2C block read support (David Milburn) [651513]\n- [i2c] i2c-i801: Clear special mode bits as needed (David Milburn) [651513]\n- [i2c] i2c-i801: More explicit names for chip features (David Milburn) [651513]\n- [i2c] i2c-i801: Use the internal 32-byte buffer on ICH4+ (David Milburn) [651513]\n- [i2c] i2c-i801: Various cleanups (David Milburn) [651513]\n- [fs] xfs: disable CONFIG_XFS_DEBUG on kernel-debug (Dave Chinner) [658012]\n- [fs] xfs: remove cmn_err log buffer and lock (Dave Chinner) [658012]\n- [fs] fix select/poll timeout overflow (Bob Picco) [591607]\n- [x86_64] Use u32, not long, to set reset vector back to 0 (Don Zickus) [675258]\n- [net] sctp: fix race allowing access before full init (Neil Horman) [465876]\n- [xen] gdbsx: hypervisor part backport (Radim Krcmar) [678618]\n- [xen] add arch/x86/debug.c, debugger routines (Radim Krcmar) [678618]\n- [xen] x86/vmx: making TRAP_debug and TRAP_int3 useful (Radim Krcmar) [678618]\n[2.6.18-246.el5]\n- [net] bridge: restore ebt ksym versions (Herbert Xu) [626659]\n- [net] bridge: Fix mglist corruption (Herbert Xu) [506630]\n- [net] Fix IGMP3 report parsing (Herbert Xu) [506630]\n- [net] bridge: Fix IGMPv3 report parsing (Herbert Xu) [506630]\n- [net] bridge: Fix skb leak in multicast TX parse fail (Herbert Xu) [506630]\n- [net] bridge: Fix OOM crash in deliver_clone (Herbert Xu) [506630]\n- [net] bridge: Make first arg to deliver_clone const (Herbert Xu) [506630]\n- [net] bridge: Fix build error w/IGMP_SNOOPING not enabled (Herbert Xu) [506630]\n- [net] bridge: Add multicast count/interval sysfs entries (Herbert Xu) [506630]\n- [net] bridge: Add hash elasticity/max sysfs entries (Herbert Xu) [506630]\n- [net] bridge: Add multicast_snooping sysfs toggle (Herbert Xu) [506630]\n- [net] bridge: Add multicast_router sysfs entries (Herbert Xu) [506630]\n- [net] bridge: Add multicast data-path hooks (Herbert Xu) [506630]\n- [net] bridge: Add multicast start/stop hooks (Herbert Xu) [506630]\n- [net] bridge: Add multicast forwarding functions (Herbert Xu) [506630]\n- [net] bridge: Move NULL mdb check into br_mdb_ip_get (Herbert Xu) [506630]\n- [net] bridge: ensure br_multicast_query error path unlock (Herbert Xu) [506630]\n- [net] bridge: Fix RCU race in br_multicast_stop (Herbert Xu) [506630]\n- [net] bridge: Use RCU list primitive in __br_mdb_ip_get (Herbert Xu) [506630]\n- [net] bridge: cleanup: remove unneed check (Herbert Xu) [506630]\n- [net] bridge: depends on INET (Herbert Xu) [506630]\n- [net] bridge: Make IGMP snooping depend upon BRIDGE. (Herbert Xu) [506630]\n- [net] bridge: Add core IGMP snooping support (Herbert Xu) [506630]\n- [net] bridge: Fix br_forward crash in promiscuous mode (Herbert Xu) [506630]\n- [net] bridge: Split may_deliver/deliver_clone out (Herbert Xu) [506630]\n- [net] bridge: Use BR_INPUT_SKB_CB on xmit path (Herbert Xu) [506630]\n- [net] bridge: Avoid unnecessary clone on forward path (Herbert Xu) [506630]\n- [net] bridge: Allow tail-call on br_pass_frame_up (Herbert Xu) [506630]\n- [net] bridge: Do br_pass_frame_up after other ports (Herbert Xu) [506630]\n- [net] bridge: Kill clone argument to br_flood_* (Herbert Xu) [506630]\n- [net] Add netdev_alloc_skb_ip_align() helper (Herbert Xu) [506630]\n- [fs] partitions: Validate map_count in Mac part tables (Danny Feng) [679284] {CVE-2011-1010}\n- [fs] nfs: Only increment seqid for cmds seen by server (Sachin Prabhu) [651409]\n- [scsi] ipr: fix a race on multiple configuration changes (Steve Best) [651429]\n- [misc] vmware: increase apic_calibration_diff to 10000 (Prarit Bhargava) [665197]\n- [net] tun: introduce tun_file (Michael S. Tsirkin) [672619]\n- [virt] xen blktap: bump MAX_TAP_DEV from 100 to 256 (Laszlo Ersek) [452650]\n- [fs] nfs: Too many GETATTR/ACCESS calls after direct I/O (Jeff Layton) [626974]\n- [net] bonding: fix add/remove of slaves when master down (Flavio Leitner) [671238]\n- [net] sctp: make sctp_ctl_sock_init try IPv4 if v6 fails (Jiri Pirko) [674175]\n- [net] Fix netdev_run_todo dead-lock (Jiri Pirko) [679487]\n- [net] niu: Fix races between up/down and get_stats (Jiri Pirko) [679407]\n- [misc] introduce ACCESS_ONCE (Jiri Pirko) [679407]\n- [x86] fix AMD family 0x15 guest boot issue on 64-bit host (Frank Arnold) [667234]\n- [sound] alsa: cache mixer values on usb-audio devices (Don Zickus) [678074]\n- [xen] prevent cross-vendor migration of HVM domains (Paolo Bonzini) [621916]\n- [xen] new domctl to get 1 record from HVM save context (Michal Novotny) [674514]\n[2.6.18-245.el5]\n- [block] cciss: version bump (Tomas Henzl) [635143]\n- [block] cciss: add option to enforce simple mode (Tomas Henzl) [635143]\n- [block] cciss: patch to make kdump work in rhel5 (Tomas Henzl) [635143]\n- [block] cciss: cleanup warnings (Tomas Henzl) [635143]\n- [block] cciss: patch to support kdump on new controllers (Tomas Henzl) [635143]\n- [block] cciss: factor out code to find max commands (Tomas Henzl) [635143]\n- [block] cciss: split out cciss_defs (Tomas Henzl) [635143]\n- [block] cciss: scsi tape updates (Tomas Henzl) [635143]\n- [block] cciss: remove fail_all_cmds (Tomas Henzl) [635143]\n- [block] cciss: factor out cciss_passthru (Tomas Henzl) [635143]\n- [block] cciss: factor out cciss_getdrivver (Tomas Henzl) [635143]\n- [block] cciss: factor out cciss_getfirmver (Tomas Henzl) [635143]\n- [block] cciss: factor out cciss_getbustypes (Tomas Henzl) [635143]\n- [block] cciss: factor out cciss_getheartbeat (Tomas Henzl) [635143]\n- [block] cciss: factor out cciss_setnodename (Tomas Henzl) [635143]\n- [block] cciss: factor out cciss_getnodename (Tomas Henzl) [635143]\n- [block] cciss: factor out cciss_setintinfo (Tomas Henzl) [635143]\n- [block] cciss: factor out cciss_getintinfo (Tomas Henzl) [635143]\n- [block] cciss: factor out cciss_getpciinfo (Tomas Henzl) [635143]\n- [block] cciss: factor out cciss_reset_devices (Tomas Henzl) [635143]\n- [block] cciss: factor out cciss_find_cfg_addrs (Tomas Henzl) [635143]\n- [block] cciss: factor out cciss_wait_for_mode_change_ack (Tomas Henzl) [635143]\n- [block] cciss: factor out cciss_p600_dma_prefetch_quirk (Tomas Henzl) [635143]\n- [block] cciss: factor out cciss_enable_scsi_prefetch (Tomas Henzl) [635143]\n- [block] cciss: factor out CISS_signature_present (Tomas Henzl) [635143]\n- [block] cciss: factor out cciss_find_board_params (Tomas Henzl) [635143]\n- [block] cciss: factor out cciss_find_cfgtables (Tomas Henzl) [635143]\n- [block] cciss: factor out wait_for_board_ready (Tomas Henzl) [635143]\n- [block] cciss: factor out cciss_find_memory_BAR (Tomas Henzl) [635143]\n- [block] cciss: remove board_id from cciss_interrupt_mode (Tomas Henzl) [635143]\n- [block] cciss: factor out cciss_board_disabled (Tomas Henzl) [635143]\n- [block] cciss: factor out cciss_lookup_board_id (Tomas Henzl) [635143]\n- [block] cciss: save off pdev struct early (Tomas Henzl) [635143]\n- [block] cciss: add performant mode support (Tomas Henzl) [635143]\n- [block] cciss: new controller support (Tomas Henzl) [635143]\n- [block] cciss: remove generic sa support (Tomas Henzl) [635143]\n- [block] cciss: copyright update (Tomas Henzl) [635143]\n- [x86_64] vdso: fix gtod via export of sysctl_vsyscall (Prarit Bhargava) [673616]\n- [pci] msi: remove infiniband compat code (Prarit Bhargava) [636260]\n- [pci] msi: remove pci_save_msi|x_state() functions (Prarit Bhargava) [636260]\n- [pci] msi: use msi_desc save areas in msi state functions (Prarit Bhargava) [636260]\n- [pci] msi: use msi_desc save areas in drivers/pci code (Prarit Bhargava) [636260]\n- [misc] kdump: fixup mcp55 quick to skip non HT devices (Neil Horman) [477032]\n- [security] selinux: properly handle empty tty_files list (Lachlan McIlroy) [674226]\n- [fs] xfs: fix double free of log tickets (Lachlan McIlroy) [657166]\n- [fs] ext4: protect inode bitmap clearing w/ spinlock (Lukas Czerner) [663563]\n- [fs] procfs: fix numbering in /proc/locks (Jerome Marchand) [622647]\n- [fs] seq_file: Introduce the seq_open_private() (Jerome Marchand) [622647]\n- [fs] Rework /proc/locks w/seq_files and seq_list helpers (Jerome Marchand) [622647]\n- [fs] common helpers for seq_files working with list_heads (Jerome Marchand) [622647]\n- [fs] nfs: Remove incorrect do_vfs_lock message (Jeff Layton) [632399]\n- [fs] nfs: allow redirtying of a completed unstable write (Jeff Layton) [648657]\n- [fs] nfsd4: fix seqid on lock req incompat w/open mode (Jeff Layton) [517629]\n- [net] sunrpc: a better way to set tcp_slot_table_entries (Harshula Jayasuriya) [654293]\n- [x86] Convert BUG() to use unreachable() (Dean Nelson) [677396]\n- [s390] Convert BUG() to use unreachable() (Dean Nelson) [677396]\n- [powerpc] Convert BUG() to use unreachable() (Dean Nelson) [677396]\n- [misc] add support for __builtin_unreachable (Dean Nelson) [677396]\n- [fs] xfs: more swap extent fixes for dynamic fork offsets (Dave Chinner) [661300]\n- [fs] xfs: handle dynamic fork offsets in xfs_swap_extents (Dave Chinner) [661300]\n- [lib] fix vscnprintf() if @size is == 0 (Anton Arapov) [667327]\n- [net] netpoll: fix use after free (Amerigo Wang) [556811]\n- [net] netpoll: fix a softirq warning (Amerigo Wang) [556811]\n- [net] netconsole: Introduce netconsole netdev notifier (Amerigo Wang) [556811]\n- [net] bridge: support netpoll over bridge (Amerigo Wang) [556811]\n- [net] netconsole: Use netif_running() in write_msg() (Amerigo Wang) [556811]\n- [net] netconsole: Simplify boot/module option setup logic (Amerigo Wang) [556811]\n- [net] netconsole: Remove bogus check (Amerigo Wang) [556811]\n- [net] netconsole: Cleanups, codingstyle, prettyfication (Amerigo Wang) [556811]\n- [net] netpoll: setup error handling (Amerigo Wang) [556811]\n- [char] virtio_console: fix memory leak (Amit Shah) [656836]\n- [media] dvb: fix av7110 negative array offset (Mauro Carvalho Chehab) [672402] {CVE-2011-0521}\n[2.6.18-244.el5]\n- [message] mptfusion: add required mptctl_release call (Tomas Henzl) [660871]\n- [fs] gfs2: no exclusive glocks on mmapped read-only fs (Steven Whitehouse) [672724]\n- [scsi] ibmvfc: Driver version 1.0.9 (Steve Best) [651885]\n- [scsi] ibmvfc: Handle Virtual I/O Server reboot (Steve Best) [651885]\n- [scsi] ibmvfc: Log link up/down events (Steve Best) [651885]\n- [scsi] ibmvfc: Fix rport add/delete race oops (Steve Best) [651885]\n- [scsi] ibmvfc: Remove stale param to ibmvfc_init_host (Steve Best) [651885]\n- [scsi] ibmvfc: Fix locking in ibmvfc_remove (Steve Best) [651885]\n- [scsi] ibmvfc: Fixup TMF response handling (Steve Best) [651885]\n- [fs] nfs: pure nfs client performance using odirect (Jeff Layton) [643441]\n- [mm] fix install_special_mapping skips security_file_mmap (Frantisek Hrbata) [662197] {CVE-2010-4346}\n- [virt] xen: setup memory zones the same way as native (Andrew Jones) [525898]\n- [s390] qeth: wait for recovery finish in open function (Hendrik Brueckner) [668844]\n- [s390] cio: fix unuseable device after offline operation (Hendrik Brueckner) [668842]\n- [s390] qdio: use proper QEBSM operand for SIGA-{R,S} (Hendrik Brueckner) [668464]\n- [s390] qdio: zfcp stall with > 63 active qdio devices (Hendrik Brueckner) [662134]\n- [s390] qeth: enable VIPA add/remove for offline devices (Hendrik Brueckner) [661106]\n- [s390] hvc_iucv: no iucv_unregister if register failed (Hendrik Brueckner) [661021]\n- [s390] qeth: l3 add vlan hdr in passthru frames (Hendrik Brueckner) [659822]\n- [s390] cio: suppress chpid event in case of config error (Hendrik Brueckner) [668838]\n- [xen] x86: fix guest memmove in __pirq_guest_unbind (Yufang Zhang) [659642]\n[2.6.18-243.el5]\n- [scsi] device_handler: fix alua_rtpg port group id check (Mike Snitzer) [669961]\n- [net] cnic: fix big endian bug with device page tables (Steve Best) [669527]\n- [fs] only return EIO once on msync/fsync after IO failure (Rik van Riel) [652369]\n- [net] bonding: convert netpoll tx blocking to a counter (Neil Horman) [659594]\n- [net] conntrack: fix oops specify hashsize module option (Neil Horman) [667810]\n- [misc] mce: reduce thermal throttle message severity (Matthew Garrett) [666972]\n- [acpi] reduce the number of resched IPIs (Matthew Garrett) [653398]\n- [virt] xen: make netfront driver return info to ethtool (Laszlo Ersek) [643292]\n- [virt] xen: synch arch/i386/pci/irq-xen.c (Laszlo Ersek) [623979]\n- [virt] netback: take lock when removing entry from list (Laszlo Ersek) [648854]\n- [virt] xen: make netloop permanent (Laszlo Ersek) [567540]\n- [net] virtio: add get_drvinfo support to virtio_net (Laszlo Ersek) [645646]\n- [virt] xen: implement get_drvinfo for netloop driver (Laszlo Ersek) [643872]\n- [virt] xen: implement get_drvinfo for netback driver (Laszlo Ersek) [643872]\n- [net] virtio_net: update trans_start properly (Jiri Olsa) [653828]\n- [net] gro: reset dev pointer on reuse (Andy Gospodarek) [600350]\n- [net] atl1e: add new Atheros GbE NIC driver (Bob Picco) [465379]\n- [fs] gfs2: support for growing a full filesytem (Benjamin Marzinski) [661904]\n- [fs] gfs2: reserve more blocks for transactions (Benjamin Marzinski) [637970]\n- [fs] gfs2: add fallocate support (Benjamin Marzinski) [626585]\n- [fs] nfs: break nfsd v4 lease on unlink, link, and rename (J. Bruce Fields) [610093]\n- [fs] nfs: break lease on nfsd v4 setattr (J. Bruce Fields) [610093]\n- [net] ipv6: add missing support for local_reserved_ports (Amerigo Wang) [669603]\n- [misc] add ignore_loglevel kernel parameter (Amerigo Wang) [662102]\n- [misc] add bootmem_debug kernel parameter (Amerigo Wang) [662102]\n- [xen] unmask ISVM bit on SVM guests (Paolo Bonzini) [665972]\n- [xen] add MSR_IA32_THERM_CONTROL for dom0 CPU throttling (Laszlo Ersek) [614007]\n[2.6.18-242.el5]\n- [net] be2net: fix missing trans_start update (Ivan Vecera) [671595]\n- [message] mptfusion: release resources in error path (Tomas Henzl) [648413]\n- [fs] gfs2: fix recovery stuck on transaction lock (Robert S Peterson) [553803]\n- [net] fix unix socket local dos (Neil Horman) [656760] {CVE-2010-4249}\n- [net] core: clear allocs for privileged ethtool actions (Jiri Pirko) [672433] {CVE-2010-4655}\n- [net] limit socket backlog add operation to prevent DoS (Jiri Pirko) [657309] {CVE-2010-4251}\n- [block] fix accounting bug on cross partition merges (Jerome Marchand) [646816]\n- [fs] nfs: fix units bug causing hang on nfsv4 recovery (J. Bruce Fields) [659243]\n- [fs] nfs: set source addr when v4 callback is generated (J. Bruce Fields) [659255]\n- [char] virtio: Wake console outvq on host notifications (Amit Shah) [673459]\n- [net] ipv4: fix IGMP behavior on v2/v3 query responses (Jiri Pirko) [634276]\n- [net] ipv6: honor SO_BINDTODEVICE parameter when routing (Jiri Olsa) [568881]\n[2.6.18-241.el5]\n- [net] tcp: fix shrinking windows with window scaling (Jiri Pirko) [627496]\n- [virt] xen: no enable extended PCI cfg space via IOports (Don Dutile) [661478]\n- [fs] gfs2: remove iopen glocks from cache on delete fail (Benjamin Marzinski) [666080]\n- [char] virtio: make console port names a KOBJ_ADD event (Amit Shah) [669909]\n- [net] e1000: Avoid unhandled IRQ (Dean Nelson) [651512]\n- [net] e1000: fix screaming IRQ (Dean Nelson) [651512]\n[2.6.18-240.el5]\n- [acpi] bus: check if list is empty before kfree()ing it (Matthew Garrett) [670373]\n- [net] ipv6: fragment local tunnel IPSec6 pkts if needed (Herbert Xu) [661110]\n- [block] cciss: fix null pointer problem in tur usage (Tomas Henzl) [664592]\n[2.6.18-239.el5]\n- [scsi] megaraid: give FW more time to recover from reset (Tomas Henzl) [665427]\n- [fs] gfs2: fix statfs error after gfs2_grow (Robert S Peterson) [660661]\n- [mm] prevent file lock corruption using popen(3) (Larry Woodman) [664931]\n- [net] sctp: fix panic from bad socket lock on icmp error (Neil Horman) [665477] {CVE-2010-4526}", "edition": 72, "modified": "2011-07-31T00:00:00", "published": "2011-07-31T00:00:00", "id": "ELSA-2011-1065", "href": "http://linux.oracle.com/errata/ELSA-2011-1065.html", "title": "Oracle Linux 5.7 kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "cve": [{"lastseen": "2020-09-21T14:01:22", "description": "Multiple buffer overflows in the caiaq Native Instruments USB audio functionality in the Linux kernel before 2.6.38-rc4-next-20110215 might allow attackers to cause a denial of service or possibly have unspecified other impact via a long USB device name, related to (1) the snd_usb_caiaq_audio_init function in sound/usb/caiaq/audio.c and (2) the snd_usb_caiaq_midi_init function in sound/usb/caiaq/midi.c.", "edition": 3, "cvss3": {}, "published": "2011-02-18T20:00:00", "title": "CVE-2011-0712", "type": "cve", "cwe": ["CWE-120"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0712"], "modified": "2020-08-11T19:59:00", "cpe": ["cpe:/o:linux:linux_kernel:2.6.38", "cpe:/o:canonical:ubuntu_linux:8.04"], "id": "CVE-2011-0712", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0712", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:2.6.38:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38:-:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38:rc1:*:*:*:*:*:*"]}, {"lastseen": "2020-09-21T13:55:48", "description": "Integer overflow in the ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large value of a certain structure member.", "edition": 3, "cvss3": {}, "published": "2011-02-18T20:00:00", "title": "CVE-2010-4649", "type": "cve", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4649"], "modified": "2020-08-11T13:56:00", "cpe": ["cpe:/o:redhat:enterprise_linux_eus:5.6", "cpe:/o:redhat:enterprise_linux_desktop:5.0", "cpe:/o:redhat:enterprise_linux_workstation:5.0", "cpe:/o:redhat:enterprise_linux_server_aus:5.6", "cpe:/o:redhat:enterprise_linux_server:5.0"], "id": "CVE-2010-4649", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4649", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_server_aus:5.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_eus:5.6:*:*:*:*:*:*:*"]}, {"lastseen": "2020-09-21T13:56:16", "description": "Memory leak in the inotify_init1 function in fs/notify/inotify/inotify_user.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service (memory consumption) via vectors involving failed attempts to create files.", "edition": 2, "cvss3": {}, "published": "2012-06-21T23:55:00", "title": "CVE-2010-4250", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4250"], "modified": "2012-06-26T04:00:00", "cpe": ["cpe:/o:linux:linux_kernel:2.6.36.3", "cpe:/o:linux:linux_kernel:2.6.36.2", "cpe:/o:linux:linux_kernel:2.6.36.4", "cpe:/o:linux:linux_kernel:2.6.36.1"], "id": "CVE-2010-4250", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4250", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:2.6.36.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.36.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.36.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.36.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-09-21T14:01:22", "description": "The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel before 2.6.38-rc6-git3 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FSGEOMETRY_V1 ioctl call.", "edition": 3, "cvss3": {}, "published": "2011-03-01T23:00:00", "title": "CVE-2011-0711", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0711"], "modified": "2020-08-07T14:48:00", "cpe": ["cpe:/o:redhat:enterprise_linux_desktop:5.0", "cpe:/o:redhat:enterprise_linux_workstation:5.0", "cpe:/o:linux:linux_kernel:2.6.38", "cpe:/o:redhat:enterprise_linux_server_aus:5.6", "cpe:/o:redhat:enterprise_linux_server_eus:5.6", "cpe:/o:redhat:enterprise_linux_server:5.0"], "id": "CVE-2011-0711", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0711", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:2.6.38:rc2:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:5.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38:rc3:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38:-:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38:rc1:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:5.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38:rc5:*:*:*:*:*:*"]}, {"lastseen": "2020-09-21T14:01:23", "description": "The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a '\\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory, or cause a denial of service (BUG and system crash), via a BNEPCONNADD command.", "edition": 3, "cvss3": {}, "published": "2012-06-21T23:55:00", "title": "CVE-2011-1079", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 5.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1079"], "modified": "2015-05-06T01:59:00", "cpe": ["cpe:/o:linux:linux_kernel:2.6.38.8", "cpe:/o:linux:linux_kernel:2.6.38", "cpe:/o:linux:linux_kernel:2.6.38.3", "cpe:/o:linux:linux_kernel:2.6.38.1", "cpe:/o:linux:linux_kernel:2.6.38.5", "cpe:/o:linux:linux_kernel:2.6.38.2", "cpe:/o:linux:linux_kernel:2.6.38.6", "cpe:/o:linux:linux_kernel:2.6.38.4", "cpe:/o:linux:linux_kernel:2.6.38.7"], "id": "CVE-2011-1079", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1079", "cvss": {"score": 5.4, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:2.6.38.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38:rc8:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38:rc5:*:*:*:*:*:*"]}, {"lastseen": "2020-09-21T14:01:23", "description": "Integer signedness error in the drm_modeset_ctl function in (1) drivers/gpu/drm/drm_irq.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.38 and (2) sys/dev/pci/drm/drm_irq.c in the kernel in OpenBSD before 4.9 allows local users to trigger out-of-bounds write operations, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via a crafted num_crtcs (aka vb_num) structure member in an ioctl argument.", "edition": 4, "cvss3": {}, "published": "2011-05-09T19:55:00", "title": "CVE-2011-1013", "type": "cve", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1013"], "modified": "2020-08-05T14:49:00", "cpe": ["cpe:/o:openbsd:openbsd:4.8"], "id": "CVE-2011-1013", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1013", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:openbsd:openbsd:4.8:*:*:*:*:*:*:*"]}, {"lastseen": "2020-09-21T14:01:24", "description": "net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when addip_enable and auth_enable are used, does not consider the amount of zero padding during calculation of chunk lengths for (1) INIT and (2) INIT ACK chunks, which allows remote attackers to cause a denial of service (OOPS) via crafted packet data.", "edition": 4, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2012-02-02T04:09:00", "title": "CVE-2011-1573", "type": "cve", "cwe": ["CWE-682"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1573"], "modified": "2020-08-04T17:50:00", "cpe": [], "id": "CVE-2011-1573", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1573", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": []}, {"lastseen": "2020-09-21T14:01:22", "description": "The do_task_stat function in fs/proc/array.c in the Linux kernel before 2.6.39-rc1 does not perform an expected uid check, which makes it easier for local users to defeat the ASLR protection mechanism by reading the start_code and end_code fields in the /proc/#####/stat file for a process executing a PIE binary.", "edition": 2, "cvss3": {}, "published": "2011-07-18T22:55:00", "title": "CVE-2011-0726", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0726"], "modified": "2015-10-06T02:49:00", "cpe": ["cpe:/o:linux:linux_kernel:2.6.20.9", "cpe:/o:linux:linux_kernel:2.6.18.1", "cpe:/o:linux:linux_kernel:2.6.27.51", "cpe:/o:linux:linux_kernel:2.6.22.3", "cpe:/o:linux:linux_kernel:2.6.30.4", "cpe:/o:linux:linux_kernel:2.6.16.49", "cpe:/o:linux:linux_kernel:2.6.19.1", "cpe:/o:linux:linux_kernel:2.6.28.6", "cpe:/o:linux:linux_kernel:2.6.31.2", "cpe:/o:linux:linux_kernel:2.6.22.19", "cpe:/o:linux:linux_kernel:2.6.32.17", "cpe:/o:linux:linux_kernel:2.6.37.2", "cpe:/o:linux:linux_kernel:2.6.16.4", "cpe:/o:linux:linux_kernel:2.6.32.24", "cpe:/o:linux:linux_kernel:2.6.16.15", "cpe:/o:linux:linux_kernel:2.6.38.8", "cpe:/o:linux:linux_kernel:2.6.15.2", "cpe:/o:linux:linux_kernel:2.6.27.30", "cpe:/o:linux:linux_kernel:2.6.22.15", "cpe:/o:linux:linux_kernel:2.6.23.17", "cpe:/o:linux:linux_kernel:2.6.23.12", "cpe:/o:linux:linux_kernel:2.6.16.3", "cpe:/o:linux:linux_kernel:2.6.23.1", "cpe:/o:linux:linux_kernel:2.6.34.4", "cpe:/o:linux:linux_kernel:2.6.21", "cpe:/o:linux:linux_kernel:2.6.35.5", "cpe:/o:linux:linux_kernel:2.6.14.4", "cpe:/o:linux:linux_kernel:2.6.16.20", "cpe:/o:linux:linux_kernel:2.6.23.8", "cpe:/o:linux:linux_kernel:2.6.29.2", "cpe:/o:linux:linux_kernel:2.6.32.7", "cpe:/o:linux:linux_kernel:2.6.26.2", "cpe:/o:linux:linux_kernel:2.6.4", "cpe:/o:linux:linux_kernel:2.6.27.39", "cpe:/o:linux:linux_kernel:2.6.27.54", "cpe:/o:linux:linux_kernel:2.6.22.16", "cpe:/o:linux:linux_kernel:2.6.35.7", "cpe:/o:linux:linux_kernel:2.6.33.5", "cpe:/o:linux:linux_kernel:2.6.30.10", "cpe:/o:linux:linux_kernel:2.6.28.9", "cpe:/o:linux:linux_kernel:2.6.16.9", "cpe:/o:linux:linux_kernel:2.6.29.6", "cpe:/o:linux:linux_kernel:2.6.34.2", "cpe:/o:linux:linux_kernel:2.6.16.10", "cpe:/o:linux:linux_kernel:2.6.11.7", "cpe:/o:linux:linux_kernel:2.6.11.8", "cpe:/o:linux:linux_kernel:2.6.25.3", "cpe:/o:linux:linux_kernel:2.6.32.25", "cpe:/o:linux:linux_kernel:2.6.12.3", "cpe:/o:linux:linux_kernel:2.6.38", "cpe:/o:linux:linux_kernel:2.6.14.1", "cpe:/o:linux:linux_kernel:2.6.32.2", "cpe:/o:linux:linux_kernel:2.6.14.7", "cpe:/o:linux:linux_kernel:2.6.16.50", "cpe:/o:linux:linux_kernel:2.6.16.40", "cpe:/o:linux:linux_kernel:2.6.16.22", "cpe:/o:linux:linux_kernel:2.6.16.5", "cpe:/o:linux:linux_kernel:2.6.25.14", "cpe:/o:linux:linux_kernel:2.6.27.6", "cpe:/o:linux:linux_kernel:2.6.24.1", "cpe:/o:linux:linux_kernel:2.6.23.2", "cpe:/o:linux:linux_kernel:2.6.16.55", "cpe:/o:linux:linux_kernel:2.6.24.2", "cpe:/o:linux:linux_kernel:2.6.26.8", "cpe:/o:linux:linux_kernel:2.6.12", "cpe:/o:linux:linux_kernel:2.6.23.11", "cpe:/o:linux:linux_kernel:2.6.8", "cpe:/o:linux:linux_kernel:2.6.21.1", "cpe:/o:linux:linux_kernel:2.6.1", "cpe:/o:linux:linux_kernel:2.6.23.9", "cpe:/o:linux:linux_kernel:2.6.30.9", "cpe:/o:linux:linux_kernel:2.6.16.44", "cpe:/o:linux:linux_kernel:2.6.26.5", "cpe:/o:linux:linux_kernel:2.6.21.7", "cpe:/o:linux:linux_kernel:2.6.32.26", "cpe:/o:linux:linux_kernel:2.6.27.12", "cpe:/o:linux:linux_kernel:2.6.33.3", "cpe:/o:linux:linux_kernel:2.6.29.5", "cpe:/o:linux:linux_kernel:2.6.23.14", "cpe:/o:linux:linux_kernel:2.6.24.5", "cpe:/o:linux:linux_kernel:2.6.27.8", "cpe:/o:linux:linux_kernel:2.6.27.5", "cpe:/o:linux:linux_kernel:2.6.37", "cpe:/o:linux:linux_kernel:2.6.36.3", "cpe:/o:linux:linux_kernel:2.6.16.18", "cpe:/o:linux:linux_kernel:2.6.32.3", "cpe:/o:linux:linux_kernel:2.6.22.1", "cpe:/o:linux:linux_kernel:2.6.15.7", "cpe:/o:linux:linux_kernel:2.6.17.11", "cpe:/o:linux:linux_kernel:2.6.38.3", "cpe:/o:linux:linux_kernel:2.6.14", "cpe:/o:linux:linux_kernel:2.6.16.29", "cpe:/o:linux:linux_kernel:2.6.16.27", "cpe:/o:linux:linux_kernel:2.6.32.20", "cpe:/o:linux:linux_kernel:2.6.27.16", "cpe:/o:linux:linux_kernel:2.6.30.5", "cpe:/o:linux:linux_kernel:2.6.22.11", "cpe:/o:linux:linux_kernel:2.6.11.2", "cpe:/o:linux:linux_kernel:2.6.17.2", "cpe:/o:linux:linux_kernel:2.6.27.7", "cpe:/o:linux:linux_kernel:2.6.27.2", "cpe:/o:linux:linux_kernel:2.6.27.18", "cpe:/o:linux:linux_kernel:2.6.11.11", "cpe:/o:linux:linux_kernel:2.6.36.2", "cpe:/o:linux:linux_kernel:2.6.27.15", "cpe:/o:linux:linux_kernel:2.6.16.21", "cpe:/o:linux:linux_kernel:2.6.33.2", "cpe:/o:linux:linux_kernel:2.6.27.53", "cpe:/o:linux:linux_kernel:2.6.27.11", "cpe:/o:linux:linux_kernel:2.6.28.10", "cpe:/o:linux:linux_kernel:2.6.27.33", "cpe:/o:linux:linux_kernel:2.6.32.1", "cpe:/o:linux:linux_kernel:2.6.23", "cpe:/o:linux:linux_kernel:2.6.19", "cpe:/o:linux:linux_kernel:2.6.33.4", "cpe:/o:linux:linux_kernel:2.6.27.32", "cpe:/o:linux:linux_kernel:2.6.34.1", "cpe:/o:linux:linux_kernel:2.6.12.5", "cpe:/o:linux:linux_kernel:2.6.21.6", "cpe:/o:linux:linux_kernel:2.6.19.5", "cpe:/o:linux:linux_kernel:2.6.30.7", "cpe:/o:linux:linux_kernel:2.6.16.51", "cpe:/o:linux:linux_kernel:2.6.17.1", "cpe:/o:linux:linux_kernel:2.6.31.3", "cpe:/o:linux:linux_kernel:2.6.16.30", "cpe:/o:linux:linux_kernel:2.6.20.15", "cpe:/o:linux:linux_kernel:2.6.26.7", "cpe:/o:linux:linux_kernel:2.6.16.53", "cpe:/o:linux:linux_kernel:2.6.19.6", "cpe:/o:linux:linux_kernel:2.6.23.13", "cpe:/o:linux:linux_kernel:2.6.27.38", "cpe:/o:linux:linux_kernel:2.6.23.10", "cpe:/o:linux:linux_kernel:2.6.16.57", "cpe:/o:linux:linux_kernel:2.6.34.6", "cpe:/o:linux:linux_kernel:2.6.26.4", "cpe:/o:linux:linux_kernel:2.6.13", "cpe:/o:linux:linux_kernel:2.6.11.9", "cpe:/o:linux:linux_kernel:2.6.35.3", "cpe:/o:linux:linux_kernel:2.6.14.5", "cpe:/o:linux:linux_kernel:2.6.27.23", "cpe:/o:linux:linux_kernel:2.6.20.11", "cpe:/o:linux:linux_kernel:2.6.31.9", "cpe:/o:linux:linux_kernel:2.6.37.3", "cpe:/o:linux:linux_kernel:2.6.35.6", "cpe:/o:linux:linux_kernel:2.6.27.24", "cpe:/o:linux:linux_kernel:2.6.28.8", "cpe:/o:linux:linux_kernel:2.6.37.6", "cpe:/o:linux:linux_kernel:2.6.31", "cpe:/o:linux:linux_kernel:2.6.23.6", "cpe:/o:linux:linux_kernel:2.6.38.1", "cpe:/o:linux:linux_kernel:2.6.15.6", "cpe:/o:linux:linux_kernel:2.6.27.4", "cpe:/o:linux:linux_kernel:2.6.27.29", "cpe:/o:linux:linux_kernel:2.6.19.2", "cpe:/o:linux:linux_kernel:2.6.30.2", "cpe:/o:linux:linux_kernel:2.6.17.10", "cpe:/o:linux:linux_kernel:2.6.16.19", "cpe:/o:linux:linux_kernel:2.6.15.1", "cpe:/o:linux:linux_kernel:2.6.23.7", "cpe:/o:linux:linux_kernel:2.6.22.20", "cpe:/o:linux:linux_kernel:2.6.31.8", "cpe:/o:linux:linux_kernel:2.6.27.46", "cpe:/o:linux:linux_kernel:2.6.20", "cpe:/o:linux:linux_kernel:2.6.16.60", "cpe:/o:linux:linux_kernel:2.6.16.34", "cpe:/o:linux:linux_kernel:2.6.22.7", "cpe:/o:linux:linux_kernel:2.6.25.1", "cpe:/o:linux:linux_kernel:2.6.16.14", "cpe:/o:linux:linux_kernel:2.6.27.26", "cpe:/o:linux:linux_kernel:2.6.38.5", "cpe:/o:linux:linux_kernel:2.6.25.11", "cpe:/o:linux:linux_kernel:2.6.22.4", "cpe:/o:linux:linux_kernel:2.6.32.10", "cpe:/o:linux:linux_kernel:2.6.18", "cpe:/o:linux:linux_kernel:2.6.27.3", "cpe:/o:linux:linux_kernel:2.6.23.16", "cpe:/o:linux:linux_kernel:2.6.34.7", "cpe:/o:linux:linux_kernel:2.6.25.5", "cpe:/o:linux:linux_kernel:2.6.20.8", "cpe:/o:linux:linux_kernel:2.6.16.42", "cpe:/o:linux:linux_kernel:2.6.25.13", "cpe:/o:linux:linux_kernel:2.6.24.7", "cpe:/o:linux:linux_kernel:2.6.26.6", "cpe:/o:linux:linux_kernel:2.6.25.12", "cpe:/o:linux:linux_kernel:2.6.16.56", "cpe:/o:linux:linux_kernel:2.6.3", "cpe:/o:linux:linux_kernel:2.6.14.2", "cpe:/o:linux:linux_kernel:2.6.25.17", "cpe:/o:linux:linux_kernel:2.6.32.21", "cpe:/o:linux:linux_kernel:2.6.34", "cpe:/o:linux:linux_kernel:2.6.16.48", "cpe:/o:linux:linux_kernel:2.6.38.2", "cpe:/o:linux:linux_kernel:2.6.27.47", "cpe:/o:linux:linux_kernel:2.6.11.10", "cpe:/o:linux:linux_kernel:2.6.29.4", "cpe:/o:linux:linux_kernel:2.6.16.12", "cpe:/o:linux:linux_kernel:2.6.27.42", "cpe:/o:linux:linux_kernel:2.6.28.7", "cpe:/o:linux:linux_kernel:2.6.20.21", "cpe:/o:linux:linux_kernel:2.6.35.4", "cpe:/o:linux:linux_kernel:2.6.23.5", "cpe:/o:linux:linux_kernel:2.6.20.14", "cpe:/o:linux:linux_kernel:2.6.32.22", "cpe:/o:linux:linux_kernel:2.6.20.18", "cpe:/o:linux:linux_kernel:2.6.27.57", "cpe:/o:linux:linux_kernel:2.6.17.13", "cpe:/o:linux:linux_kernel:2.6.26.3", "cpe:/o:linux:linux_kernel:2.6.6", "cpe:/o:linux:linux_kernel:2.6.20.12", "cpe:/o:linux:linux_kernel:2.6.38.6", "cpe:/o:linux:linux_kernel:2.6.12.1", "cpe:/o:linux:linux_kernel:2.6.16.39", "cpe:/o:linux:linux_kernel:2.6.27.22", "cpe:/o:linux:linux_kernel:2.6.30.1", "cpe:/o:linux:linux_kernel:2.6.20.3", "cpe:/o:linux:linux_kernel:2.6.16.8", "cpe:/o:linux:linux_kernel:2.6.27.1", "cpe:/o:linux:linux_kernel:2.6.16.25", "cpe:/o:linux:linux_kernel:2.6.32.12", "cpe:/o:linux:linux_kernel:2.6.22.9", "cpe:/o:linux:linux_kernel:2.6.29.1", "cpe:/o:linux:linux_kernel:2.6.18.5", "cpe:/o:linux:linux_kernel:2.6.27.19", "cpe:/o:linux:linux_kernel:2.6.35.2", "cpe:/o:linux:linux_kernel:2.6.16.17", "cpe:/o:linux:linux_kernel:2.6.26.1", "cpe:/o:linux:linux_kernel:2.6.32.19", "cpe:/o:linux:linux_kernel:2.6.5", "cpe:/o:linux:linux_kernel:2.6.16.26", "cpe:/o:linux:linux_kernel:2.6.16.32", "cpe:/o:linux:linux_kernel:2.6.27.21", "cpe:/o:linux:linux_kernel:2.6.14.3", "cpe:/o:linux:linux_kernel:2.6.24.6", "cpe:/o:linux:linux_kernel:2.6.32.11", "cpe:/o:linux:linux_kernel:2.6.32.27", "cpe:/o:linux:linux_kernel:2.6.16.1", "cpe:/o:linux:linux_kernel:2.6.17.3", "cpe:/o:linux:linux_kernel:2.6.30", "cpe:/o:linux:linux_kernel:2.6.16.33", "cpe:/o:linux:linux_kernel:2.6.22.12", "cpe:/o:linux:linux_kernel:2.6.21.4", "cpe:/o:linux:linux_kernel:2.6.33", "cpe:/o:linux:linux_kernel:2.6.19.3", "cpe:/o:linux:linux_kernel:2.6.18.3", "cpe:/o:linux:linux_kernel:2.6.36", "cpe:/o:linux:linux_kernel:2.6.31.10", "cpe:/o:linux:linux_kernel:2.6.18.6", "cpe:/o:linux:linux_kernel:2.6.20.16", "cpe:/o:linux:linux_kernel:2.6.0", "cpe:/o:linux:linux_kernel:2.6.27.13", "cpe:/o:linux:linux_kernel:2.6.2", "cpe:/o:linux:linux_kernel:2.6.22", "cpe:/o:linux:linux_kernel:2.6.13.2", "cpe:/o:linux:linux_kernel:2.6.21.5", "cpe:/o:linux:linux_kernel:2.6.22.5", "cpe:/o:linux:linux_kernel:2.6.16.59", "cpe:/o:linux:linux_kernel:2.6.32", "cpe:/o:linux:linux_kernel:2.6.16.36", "cpe:/o:linux:linux_kernel:2.6.16.37", "cpe:/o:linux:linux_kernel:2.6.13.5", "cpe:/o:linux:linux_kernel:2.6.17.9", "cpe:/o:linux:linux_kernel:2.6.28.3", "cpe:/o:linux:linux_kernel:2.6.18.2", "cpe:/o:linux:linux_kernel:2.6.32.4", "cpe:/o:linux:linux_kernel:2.6.20.6", "cpe:/o:linux:linux_kernel:2.6.37.1", "cpe:/o:linux:linux_kernel:2.6.9", "cpe:/o:linux:linux_kernel:2.6.19.7", "cpe:/o:linux:linux_kernel:2.6.20.2", "cpe:/o:linux:linux_kernel:2.6.27.27", "cpe:/o:linux:linux_kernel:2.6.10", "cpe:/o:linux:linux_kernel:2.6.17.8", "cpe:/o:linux:linux_kernel:2.6.11.12", "cpe:/o:linux:linux_kernel:2.6.11", "cpe:/o:linux:linux_kernel:2.6.27.35", "cpe:/o:linux:linux_kernel:2.6.15.5", "cpe:/o:linux:linux_kernel:2.6.32.13", "cpe:/o:linux:linux_kernel:2.6.27.43", "cpe:/o:linux:linux_kernel:2.6.15.3", "cpe:/o:linux:linux_kernel:2.6.27.14", "cpe:/o:linux:linux_kernel:2.6.31.11", "cpe:/o:linux:linux_kernel:2.6.36.4", "cpe:/o:linux:linux_kernel:2.6.17.14", "cpe:/o:linux:linux_kernel:2.6.16.7", "cpe:/o:linux:linux_kernel:2.6.20.19", "cpe:/o:linux:linux_kernel:2.6.23.4", "cpe:/o:linux:linux_kernel:2.6.18.7", "cpe:/o:linux:linux_kernel:2.6.32.14", "cpe:/o:linux:linux_kernel:2.6.22.22", "cpe:/o:linux:linux_kernel:2.6.16.47", "cpe:/o:linux:linux_kernel:2.6.27.25", "cpe:/o:linux:linux_kernel:2.6.15.4", "cpe:/o:linux:linux_kernel:2.6.35.9", "cpe:/o:linux:linux_kernel:2.6.25.20", "cpe:/o:linux:linux_kernel:2.6.31.4", "cpe:/o:linux:linux_kernel:2.6.27.20", "cpe:/o:linux:linux_kernel:2.6.32.5", "cpe:/o:linux:linux_kernel:2.6.20.5", "cpe:/o:linux:linux_kernel:2.6.27.36", "cpe:/o:linux:linux_kernel:2.6.11.6", "cpe:/o:linux:linux_kernel:2.6.31.7", "cpe:/o:linux:linux_kernel:2.6.22.10", "cpe:/o:linux:linux_kernel:2.6.27.40", "cpe:/o:linux:linux_kernel:2.6.32.16", "cpe:/o:linux:linux_kernel:2.6.33.1", "cpe:/o:linux:linux_kernel:2.6.16.38", "cpe:/o:linux:linux_kernel:2.6.27", "cpe:/o:linux:linux_kernel:2.6.25.18", "cpe:/o:linux:linux_kernel:2.6.17.12", "cpe:/o:linux:linux_kernel:2.6.16.16", "cpe:/o:linux:linux_kernel:2.6.28", "cpe:/o:linux:linux_kernel:2.6.16.2", "cpe:/o:linux:linux_kernel:2.6.27.50", "cpe:/o:linux:linux_kernel:2.6.25.19", "cpe:/o:linux:linux_kernel:2.6.20.17", "cpe:/o:linux:linux_kernel:2.6.20.7", "cpe:/o:linux:linux_kernel:2.6.28.5", "cpe:/o:linux:linux_kernel:2.6.27.28", "cpe:/o:linux:linux_kernel:2.6.20.20", "cpe:/o:linux:linux_kernel:2.6.27.44", "cpe:/o:linux:linux_kernel:2.6.17", "cpe:/o:linux:linux_kernel:2.6.16.31", "cpe:/o:linux:linux_kernel:2.6.36.1", "cpe:/o:linux:linux_kernel:2.6.27.17", "cpe:/o:linux:linux_kernel:2.6.20.4", "cpe:/o:linux:linux_kernel:2.6.38.4", "cpe:/o:linux:linux_kernel:2.6.25.16", "cpe:/o:linux:linux_kernel:2.6.16.52", "cpe:/o:linux:linux_kernel:2.6.27.34", "cpe:/o:linux:linux_kernel:2.6.27.56", "cpe:/o:linux:linux_kernel:2.6.31.14", "cpe:/o:linux:linux_kernel:2.6.24.3", "cpe:/o:linux:linux_kernel:2.6.16.61", "cpe:/o:linux:linux_kernel:2.6.37.4", "cpe:/o:linux:linux_kernel:2.6.29", "cpe:/o:linux:linux_kernel:2.6.25.9", "cpe:/o:linux:linux_kernel:2.6.25", "cpe:/o:linux:linux_kernel:2.6.13.4", "cpe:/o:linux:linux_kernel:2.6.23.15", "cpe:/o:linux:linux_kernel:2.6.11.4", "cpe:/o:linux:linux_kernel:2.6.12.4", "cpe:/o:linux:linux_kernel:2.6.35.8", "cpe:/o:linux:linux_kernel:2.6.7", "cpe:/o:linux:linux_kernel:2.6.16", "cpe:/o:linux:linux_kernel:2.6.22.8", "cpe:/o:linux:linux_kernel:2.6.25.7", "cpe:/o:linux:linux_kernel:2.6.33.6", "cpe:/o:linux:linux_kernel:2.6.16.46", "cpe:/o:linux:linux_kernel:2.6.34.5", "cpe:/o:linux:linux_kernel:2.6.16.41", "cpe:/o:linux:linux_kernel:2.6.34.3", "cpe:/o:linux:linux_kernel:2.6.32.18", "cpe:/o:linux:linux_kernel:2.6.29.3", "cpe:/o:linux:linux_kernel:2.6.33.7", "cpe:/o:linux:linux_kernel:2.6.25.4", "cpe:/o:linux:linux_kernel:2.6.24", "cpe:/o:linux:linux_kernel:2.6.27.31", "cpe:/o:linux:linux_kernel:2.6.16.45", "cpe:/o:linux:linux_kernel:2.6.26", "cpe:/o:linux:linux_kernel:2.6.15", "cpe:/o:linux:linux_kernel:2.6.17.7", "cpe:/o:linux:linux_kernel:2.6.11.1", "cpe:/o:linux:linux_kernel:2.6.22.18", "cpe:/o:linux:linux_kernel:2.6.16.28", "cpe:/o:linux:linux_kernel:2.6.18.4", "cpe:/o:linux:linux_kernel:2.6.21.3", "cpe:/o:linux:linux_kernel:2.6.32.23", "cpe:/o:linux:linux_kernel:2.6.25.6", "cpe:/o:linux:linux_kernel:2.6.8.1", "cpe:/o:linux:linux_kernel:2.6.32.8", "cpe:/o:linux:linux_kernel:2.6.11.5", "cpe:/o:linux:linux_kernel:2.6.12.6", "cpe:/o:linux:linux_kernel:2.6.22.21", "cpe:/o:linux:linux_kernel:2.6.31.6", "cpe:/o:linux:linux_kernel:2.6.16.24", "cpe:/o:linux:linux_kernel:2.6.16.58", "cpe:/o:linux:linux_kernel:2.6.19.4", "cpe:/o:linux:linux_kernel:2.6.25.2", "cpe:/o:linux:linux_kernel:2.6.30.3", "cpe:/o:linux:linux_kernel:2.6.28.2", "cpe:/o:linux:linux_kernel:2.6.32.6", "cpe:/o:linux:linux_kernel:2.6.35", "cpe:/o:linux:linux_kernel:2.6.17.6", "cpe:/o:linux:linux_kernel:2.6.27.52", "cpe:/o:linux:linux_kernel:2.6.37.5", "cpe:/o:linux:linux_kernel:2.6.22.14", "cpe:/o:linux:linux_kernel:2.6.27.45", "cpe:/o:linux:linux_kernel:2.6.22.13", "cpe:/o:linux:linux_kernel:2.6.22.17", "cpe:/o:linux:linux_kernel:2.6.20.1", "cpe:/o:linux:linux_kernel:2.6.16.54", "cpe:/o:linux:linux_kernel:2.6.27.48", "cpe:/o:linux:linux_kernel:2.6.27.37", "cpe:/o:linux:linux_kernel:2.6.31.1", "cpe:/o:linux:linux_kernel:2.6.17.4", "cpe:/o:linux:linux_kernel:2.6.13.1", "cpe:/o:linux:linux_kernel:2.6.30.6", "cpe:/o:linux:linux_kernel:2.6.16.6", "cpe:/o:linux:linux_kernel:2.6.24.4", "cpe:/o:linux:linux_kernel:2.6.25.15", "cpe:/o:linux:linux_kernel:2.6.32.9", "cpe:/o:linux:linux_kernel:2.6.27.9", "cpe:/o:linux:linux_kernel:2.6.28.4", "cpe:/o:linux:linux_kernel:2.6.11.3", "cpe:/o:linux:linux_kernel:2.6.14.6", "cpe:/o:linux:linux_kernel:2.6.18.8", "cpe:/o:linux:linux_kernel:2.6.16.35", "cpe:/o:linux:linux_kernel:2.6.12.2", "cpe:/o:linux:linux_kernel:2.6.20.13", "cpe:/o:linux:linux_kernel:2.6.27.10", "cpe:/o:linux:linux_kernel:2.6.16.11", "cpe:/o:linux:linux_kernel:2.6.32.15", "cpe:/o:linux:linux_kernel:2.6.28.1", "cpe:/o:linux:linux_kernel:2.6.35.1", "cpe:/o:linux:linux_kernel:2.6.27.41", "cpe:/o:linux:linux_kernel:2.6.31.5", "cpe:/o:linux:linux_kernel:2.6.27.49", "cpe:/o:linux:linux_kernel:2.6.20.10", "cpe:/o:linux:linux_kernel:2.6.17.5", "cpe:/o:linux:linux_kernel:2.6.30.8", "cpe:/o:linux:linux_kernel:2.6.16.23", "cpe:/o:linux:linux_kernel:2.6.23.3", "cpe:/o:linux:linux_kernel:2.6.25.10", "cpe:/o:linux:linux_kernel:2.6.13.3", "cpe:/o:linux:linux_kernel:2.6.22.2", "cpe:/o:linux:linux_kernel:2.6.21.2", "cpe:/o:linux:linux_kernel:2.6.38.7", "cpe:/o:linux:linux_kernel:2.6.27.55", "cpe:/o:linux:linux_kernel:2.6.16.13", "cpe:/o:linux:linux_kernel:2.6.25.8", "cpe:/o:linux:linux_kernel:2.6.22.6", "cpe:/o:linux:linux_kernel:2.6.16.43", "cpe:/o:linux:linux_kernel:2.6.16.62", "cpe:/o:linux:linux_kernel:2.6.31.12", "cpe:/o:linux:linux_kernel:2.6.31.13"], "id": "CVE-2011-0726", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0726", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:2.6.16:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.36:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.23.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.30:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.35:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.47:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.33:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.37:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.51:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.32:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.32.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.40:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.21.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.33:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.31.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.11.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.33:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.28.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.3:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.37:rc8:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.36:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.31.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.12.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.15.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25:rc9:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.32:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.15.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.30.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.33:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.32.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.19:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.15.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.21.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.30.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.32.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.15:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.39:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.29.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.42:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.31.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.26:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.30:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.36:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.23:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.26:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.14.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.29.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.32.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.35:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.31.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.24:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.32.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.26:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.24.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.33:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.55:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.23:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.28.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.26.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.41:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.19.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.19:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.14:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.21.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.32.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.43:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.33.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.35.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.55:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.29:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.37:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.35:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.23.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.30:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.6:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.28:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.32.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.31.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.21:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.18.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.54:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.24.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.18:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.32.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.11.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.56:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.13.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.44:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.23:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.32.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.30.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.14.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.34:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.21.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.31:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.29.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.26:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.11.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.15:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.34.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.23.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.9:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27:rc9:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.30:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.28.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.29:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.8.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.44:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.31:rc8:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.34.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.30.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.13.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.52:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.19.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.11.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.33.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.30.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.28.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.13.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.24.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.14:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.32.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.29:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.23.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.32.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.41:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.47:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.32.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.5:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.33.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.35.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.30.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.36:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.34:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.24:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.42:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.35:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.15.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.18:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.24.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.23.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.32.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.33:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.32.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.30:rc8:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.58:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25:rc8:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.30.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.28:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.28:rc8:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.11:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.26:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.13.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.37:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.52:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.24:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.28.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.34.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.35.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.35.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.13:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.59:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.54:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.45:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.18:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.15:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.24:rc8:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.10:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.21:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.28.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.31.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.12.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.13:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.32.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.31:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.45:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.21:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.4:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.34:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.2:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.23.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.51:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.31.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.34:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.36:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.23.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.18.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.31.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.40:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.2:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.31:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.23.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.31.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.33:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.4:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.50:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.12.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.56:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.26:rc8:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.32:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.14.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.32:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.36:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.35.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.38:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.24.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.35.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.2:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.3:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.28.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.26.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.26:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.34.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.30:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.23.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.19.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.31:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.49:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.48:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.8:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.36:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.19.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.36.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.13:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.18.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.15:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.57:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.36:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.39:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.24.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.26.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.43:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.8:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.48:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.31:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.37:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.11.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.13:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.23.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.32.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.30:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.32.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.14:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.24:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.29:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.23.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.28.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.23:rc9:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.12:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.8:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.19.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.15.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.23.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.31.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.11:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.14.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.18:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.23:rc8:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.18.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.18.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.11.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38:rc8:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.30.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.29:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.37.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.29:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.33.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.32:rc8:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.9:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.31.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.28:rc9:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.32.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.21.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.6:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.14.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.28:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.35:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.18.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.37.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.31:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.23.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.36.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.49:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.32:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.23.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.15:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.19:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.31:rc9:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.37.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.24:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.32.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.34.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.14:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.23.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.26.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.19:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.15:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.28:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.53:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.18:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.13:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.11:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.32:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.19.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.37:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.21.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.31:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.30.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.21.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.50:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.32.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.32:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.8:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.37.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.53:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.31:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.61:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.46:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.60:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.35:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.6:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.33.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.23:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.13:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.26.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.11.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.34:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.33.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.1:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.23:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.19:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.35:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.19:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.29.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.26.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.15:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.31.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.5:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.12.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.32:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.35:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.7:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.24:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.29:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.34.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.13.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.18.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.18:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27:rc8:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.37.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.35.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.11.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.23.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.1:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.23.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.18.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.21:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.11.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.7:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.34:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.37:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.14.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.28:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.26.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.15.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.26:rc9:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.19.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.28:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.37:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.1:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.30.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.33:rc8:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.34:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.32.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.11.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.15.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.14.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.28.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.37:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.9:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.31.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.46:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.10:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.36:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.24.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.32.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.29.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.37:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.36.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.31:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.21:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.35:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.4:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.21:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.21:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.26.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.31.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.11:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.11:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.32:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.18:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.3:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.35.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.12.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.34.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.29:rc8:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.28:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.37.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.23:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.34:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.34:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.35.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.36:rc8:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.30:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.7:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.12:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.11.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.32.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.26:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.62:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.36.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.24:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.9:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.33:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.23:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.37:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.33.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.34:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.12.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.36:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.29.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.10:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.33:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.13:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.32.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.28.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.31:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.38:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.5:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.11.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.32.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.3:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.32.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.32.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.33:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.57:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.27.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.14:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.8:*:*:*:*:*:*:*"]}, {"lastseen": "2020-09-21T14:01:23", "description": "The dev_load function in net/core/dev.c in the Linux kernel before 2.6.38 allows local users to bypass an intended CAP_SYS_MODULE capability requirement and load arbitrary modules by leveraging the CAP_NET_ADMIN capability.", "edition": 4, "cvss3": {}, "published": "2013-03-01T12:37:00", "title": "CVE-2011-1019", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1019"], "modified": "2020-08-03T15:42:00", "cpe": [], "id": "CVE-2011-1019", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1019", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2020-09-21T14:01:23", "description": "The ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 does not initialize a certain response buffer, which allows local users to obtain potentially sensitive information from kernel memory via vectors that cause this buffer to be only partially filled, a different vulnerability than CVE-2010-4649.", "edition": 3, "cvss3": {}, "published": "2011-02-18T20:00:00", "title": "CVE-2011-1044", "type": "cve", "cwe": ["CWE-909"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1044"], "modified": "2020-08-12T19:39:00", "cpe": ["cpe:/o:redhat:enterprise_linux_eus:5.6", "cpe:/o:redhat:enterprise_linux_desktop:5.0", "cpe:/o:redhat:enterprise_linux_workstation:5.0", "cpe:/o:redhat:enterprise_linux_server_aus:5.6", "cpe:/o:redhat:enterprise_linux_server:5.0"], "id": "CVE-2011-1044", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1044", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_server_aus:5.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_eus:5.6:*:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2020-08-08T14:07:56", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0521", "CVE-2010-4529", "CVE-2011-1476", "CVE-2011-0695", "CVE-2011-1160", "CVE-2011-1078", "CVE-2011-1478", "CVE-2011-1012", "CVE-2011-1573", "CVE-2011-1173", "CVE-2010-4656", "CVE-2011-0463", "CVE-2011-4611", "CVE-2011-0711", "CVE-2010-4263", "CVE-2011-1180", "CVE-2011-3359", "CVE-2011-1079", "CVE-2011-0712", "CVE-2011-1019", "CVE-2010-4243", "CVE-2011-4913", "CVE-2011-1013", "CVE-2010-4342", "CVE-2011-1093", "CVE-2011-1010", "CVE-2011-1016", "CVE-2011-1170", "CVE-2011-1172", "CVE-2011-1171", "CVE-2011-1082", "CVE-2011-1477", "CVE-2011-2534", "CVE-2011-0726", "CVE-2011-1182", "CVE-2010-4565", "CVE-2011-1080"], "description": "Brad Spengler discovered that the kernel did not correctly account for \nuserspace memory allocations during exec() calls. A local attacker could \nexploit this to consume all system memory, leading to a denial of service. \n(CVE-2010-4243)\n\nAlexander Duyck discovered that the Intel Gigabit Ethernet driver did not \ncorrectly handle certain configurations. If such a device was configured \nwithout VLANs, a remote attacker could crash the system, leading to a \ndenial of service. (CVE-2010-4263)\n\nNelson Elhage discovered that Econet did not correctly handle AUN packets \nover UDP. A local attacker could send specially crafted traffic to crash \nthe system, leading to a denial of service. (CVE-2010-4342)\n\nDan Rosenberg discovered that IRDA did not correctly check the size of \nbuffers. On non-x86 systems, a local attacker could exploit this to read \nkernel heap memory, leading to a loss of privacy. (CVE-2010-4529)\n\nDan Rosenburg discovered that the CAN subsystem leaked kernel addresses \ninto the /proc filesystem. A local attacker could use this to increase the \nchances of a successful memory corruption exploit. (CVE-2010-4565)\n\nKees Cook discovered that the IOWarrior USB device driver did not correctly \ncheck certain size fields. A local attacker with physical access could plug \nin a specially crafted USB device to crash the system or potentially gain \nroot privileges. (CVE-2010-4656)\n\nGoldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly \nclear memory when writing certain file holes. A local attacker could \nexploit this to read uninitialized data from the disk, leading to a loss of \nprivacy. (CVE-2011-0463)\n\nDan Carpenter discovered that the TTPCI DVB driver did not check certain \nvalues during an ioctl. If the dvb-ttpci module was loaded, a local \nattacker could exploit this to crash the system, leading to a denial of \nservice, or possibly gain root privileges. (CVE-2011-0521)\n\nJens Kuehnel discovered that the InfiniBand driver contained a race \ncondition. On systems using InfiniBand, a local attacker could send \nspecially crafted requests to crash the system, leading to a denial of \nservice. (CVE-2011-0695)\n\nDan Rosenberg discovered that XFS did not correctly initialize memory. A \nlocal attacker could make crafted ioctl calls to leak portions of kernel \nstack memory, leading to a loss of privacy. (CVE-2011-0711)\n\nRafael Dominguez Vega discovered that the caiaq Native Instruments USB \ndriver did not correctly validate string lengths. A local attacker with \nphysical access could plug in a specially crafted USB device to crash the \nsystem or potentially gain root privileges. (CVE-2011-0712)\n\nKees Cook reported that /proc/pid/stat did not correctly filter certain \nmemory locations. A local attacker could determine the memory layout of \nprocesses in an attempt to increase the chances of a successful memory \ncorruption exploit. (CVE-2011-0726)\n\nTimo Warns discovered that MAC partition parsing routines did not correctly \ncalculate block counts. A local attacker with physical access could plug in \na specially crafted block device to crash the system or potentially gain \nroot privileges. (CVE-2011-1010)\n\nTimo Warns discovered that LDM partition parsing routines did not correctly \ncalculate block counts. A local attacker with physical access could plug in \na specially crafted block device to crash the system, leading to a denial \nof service. (CVE-2011-1012)\n\nMatthiew Herrb discovered that the drm modeset interface did not correctly \nhandle a signed comparison. A local attacker could exploit this to crash \nthe system or possibly gain root privileges. (CVE-2011-1013)\n\nMarek Ol\u0161\u00e1k discovered that the Radeon GPU drivers did not correctly \nvalidate certain registers. On systems with specific hardware, a local \nattacker could exploit this to write to arbitrary video memory. \n(CVE-2011-1016)\n\nVasiliy Kulikov discovered that the CAP_SYS_MODULE capability was not \nneeded to load kernel modules. A local attacker with the CAP_NET_ADMIN \ncapability could load existing kernel modules, possibly increasing the \nattack surface available on the system. (CVE-2011-1019)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly clear \nmemory. A local attacker could exploit this to read kernel stack memory, \nleading to a loss of privacy. (CVE-2011-1078)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly check \nthat device name strings were NULL terminated. A local attacker could \nexploit this to crash the system, leading to a denial of service, or leak \ncontents of kernel stack memory, leading to a loss of privacy. \n(CVE-2011-1079)\n\nVasiliy Kulikov discovered that bridge network filtering did not check that \nname fields were NULL terminated. A local attacker could exploit this to \nleak contents of kernel stack memory, leading to a loss of privacy. \n(CVE-2011-1080)\n\nNelson Elhage discovered that the epoll subsystem did not correctly handle \ncertain structures. A local attacker could create malicious requests that \nwould hang the system, leading to a denial of service. (CVE-2011-1082)\n\nJohan Hovold discovered that the DCCP network stack did not correctly \nhandle certain packet combinations. A remote attacker could send specially \ncrafted network traffic that would crash the system, leading to a denial of \nservice. (CVE-2011-1093)\n\nPeter Huewe discovered that the TPM device did not correctly initialize \nmemory. A local attacker could exploit this to read kernel heap memory \ncontents, leading to a loss of privacy. (CVE-2011-1160)\n\nVasiliy Kulikov discovered that the netfilter code did not check certain \nstrings copied from userspace. A local attacker with netfilter access could \nexploit this to read kernel memory or crash the system, leading to a denial \nof service. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-2534)\n\nVasiliy Kulikov discovered that the Acorn Universal Networking driver did \nnot correctly initialize memory. A remote attacker could send specially \ncrafted traffic to read kernel stack memory, leading to a loss of privacy. \n(CVE-2011-1173)\n\nDan Rosenberg discovered that the IRDA subsystem did not correctly check \ncertain field sizes. If a system was using IRDA, a remote attacker could \nsend specially crafted traffic to crash the system or gain root privileges. \n(CVE-2011-1180)\n\nJulien Tinnes discovered that the kernel did not correctly validate the \nsignal structure from tkill(). A local attacker could exploit this to send \nsignals to arbitrary threads, possibly bypassing expected restrictions. \n(CVE-2011-1182)\n\nDan Rosenberg reported errors in the OSS (Open Sound System) MIDI \ninterface. A local attacker on non-x86 systems might be able to cause a \ndenial of service. (CVE-2011-1476)\n\nDan Rosenberg reported errors in the kernel's OSS (Open Sound System) \ndriver for Yamaha FM synthesizer chips. A local user can exploit this to \ncause memory corruption, causing a denial of service or privilege \nescalation. (CVE-2011-1477)\n\nRyan Sweat discovered that the GRO code did not correctly validate memory. \nIn some configurations on systems using VLANs, a remote attacker could send \nspecially crafted traffic to crash the system, leading to a denial of \nservice. (CVE-2011-1478)\n\nIt was discovered that the Stream Control Transmission Protocol (SCTP) \nimplementation incorrectly calculated lengths. If the net.sctp.addip_enable \nvariable was turned on, a remote attacker could send specially crafted \ntraffic to crash the system. (CVE-2011-1573)\n\nA flaw was found in the b43 driver in the Linux kernel. An attacker could \nuse this flaw to cause a denial of service if the system has an active \nwireless interface using the b43 driver. (CVE-2011-3359)\n\nMaynard Johnson discovered that on POWER7, certain speculative events may \nraise a performance monitor exception. A local attacker could exploit this \nto crash the system, leading to a denial of service. (CVE-2011-4611)\n\nDan Rosenberg discovered flaws in the linux Rose (X.25 PLP) layer used by \namateur radio. A local user or a remote user on an X.25 network could \nexploit these flaws to execute arbitrary code as root. (CVE-2011-4913)", "edition": 6, "modified": "2011-06-01T00:00:00", "published": "2011-06-01T00:00:00", "id": "USN-1141-1", "href": "https://ubuntu.com/security/notices/USN-1141-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-08T23:40:30", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1017", "CVE-2011-0521", "CVE-2010-4529", "CVE-2011-1476", "CVE-2011-0695", "CVE-2011-1160", "CVE-2011-1078", "CVE-2011-1494", "CVE-2011-1478", "CVE-2011-1012", "CVE-2011-1173", "CVE-2010-4656", "CVE-2011-0463", "CVE-2011-4611", "CVE-2011-0711", "CVE-2011-2022", "CVE-2011-1180", "CVE-2011-3359", "CVE-2011-1079", "CVE-2011-0712", "CVE-2011-1019", "CVE-2011-1495", "CVE-2011-1169", "CVE-2011-4913", "CVE-2011-1013", "CVE-2011-1093", "CVE-2011-1010", "CVE-2011-1016", "CVE-2011-1593", "CVE-2011-1170", "CVE-2011-1172", "CVE-2011-1748", "CVE-2011-1171", "CVE-2011-1082", "CVE-2011-1477", "CVE-2011-2534", "CVE-2011-0726", "CVE-2011-1745", "CVE-2011-1182", "CVE-2010-4565", "CVE-2011-1080"], "description": "Dan Rosenberg discovered that IRDA did not correctly check the size of \nbuffers. On non-x86 systems, a local attacker could exploit this to read \nkernel heap memory, leading to a loss of privacy. (CVE-2010-4529)\n\nDan Rosenburg discovered that the CAN subsystem leaked kernel addresses \ninto the /proc filesystem. A local attacker could use this to increase the \nchances of a successful memory corruption exploit. (CVE-2010-4565)\n\nKees Cook discovered that the IOWarrior USB device driver did not correctly \ncheck certain size fields. A local attacker with physical access could plug \nin a specially crafted USB device to crash the system or potentially gain \nroot privileges. (CVE-2010-4656)\n\nGoldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly \nclear memory when writing certain file holes. A local attacker could \nexploit this to read uninitialized data from the disk, leading to a loss of \nprivacy. (CVE-2011-0463)\n\nDan Carpenter discovered that the TTPCI DVB driver did not check certain \nvalues during an ioctl. If the dvb-ttpci module was loaded, a local \nattacker could exploit this to crash the system, leading to a denial of \nservice, or possibly gain root privileges. (CVE-2011-0521)\n\nJens Kuehnel discovered that the InfiniBand driver contained a race \ncondition. On systems using InfiniBand, a local attacker could send \nspecially crafted requests to crash the system, leading to a denial of \nservice. (CVE-2011-0695)\n\nDan Rosenberg discovered that XFS did not correctly initialize memory. A \nlocal attacker could make crafted ioctl calls to leak portions of kernel \nstack memory, leading to a loss of privacy. (CVE-2011-0711)\n\nRafael Dominguez Vega discovered that the caiaq Native Instruments USB \ndriver did not correctly validate string lengths. A local attacker with \nphysical access could plug in a specially crafted USB device to crash the \nsystem or potentially gain root privileges. (CVE-2011-0712)\n\nKees Cook reported that /proc/pid/stat did not correctly filter certain \nmemory locations. A local attacker could determine the memory layout of \nprocesses in an attempt to increase the chances of a successful memory \ncorruption exploit. (CVE-2011-0726)\n\nTimo Warns discovered that MAC partition parsing routines did not correctly \ncalculate block counts. A local attacker with physical access could plug in \na specially crafted block device to crash the system or potentially gain \nroot privileges. (CVE-2011-1010)\n\nTimo Warns discovered that LDM partition parsing routines did not correctly \ncalculate block counts. A local attacker with physical access could plug in \na specially crafted block device to crash the system, leading to a denial \nof service. (CVE-2011-1012)\n\nMatthiew Herrb discovered that the drm modeset interface did not correctly \nhandle a signed comparison. A local attacker could exploit this to crash \nthe system or possibly gain root privileges. (CVE-2011-1013)\n\nMarek Ol\u0161\u00e1k discovered that the Radeon GPU drivers did not correctly \nvalidate certain registers. On systems with specific hardware, a local \nattacker could exploit this to write to arbitrary video memory. \n(CVE-2011-1016)\n\nTimo Warns discovered that the LDM disk partition handling code did not \ncorrectly handle certain values. By inserting a specially crafted disk \ndevice, a local attacker could exploit this to gain root privileges. \n(CVE-2011-1017)\n\nVasiliy Kulikov discovered that the CAP_SYS_MODULE capability was not \nneeded to load kernel modules. A local attacker with the CAP_NET_ADMIN \ncapability could load existing kernel modules, possibly increasing the \nattack surface available on the system. (CVE-2011-1019)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly clear \nmemory. A local attacker could exploit this to read kernel stack memory, \nleading to a loss of privacy. (CVE-2011-1078)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly check \nthat device name strings were NULL terminated. A local attacker could \nexploit this to crash the system, leading to a denial of service, or leak \ncontents of kernel stack memory, leading to a loss of privacy. \n(CVE-2011-1079)\n\nVasiliy Kulikov discovered that bridge network filtering did not check that \nname fields were NULL terminated. A local attacker could exploit this to \nleak contents of kernel stack memory, leading to a loss of privacy. \n(CVE-2011-1080)\n\nNelson Elhage discovered that the epoll subsystem did not correctly handle \ncertain structures. A local attacker could create malicious requests that \nwould hang the system, leading to a denial of service. (CVE-2011-1082)\n\nJohan Hovold discovered that the DCCP network stack did not correctly \nhandle certain packet combinations. A remote attacker could send specially \ncrafted network traffic that would crash the system, leading to a denial of \nservice. (CVE-2011-1093)\n\nPeter Huewe discovered that the TPM device did not correctly initialize \nmemory. A local attacker could exploit this to read kernel heap memory \ncontents, leading to a loss of privacy. (CVE-2011-1160)\n\nDan Rosenberg discovered that some ALSA drivers did not correctly check the \nadapter index during ioctl calls. If this driver was loaded, a local \nattacker could make a specially crafted ioctl call to gain root privileges. \n(CVE-2011-1169)\n\nVasiliy Kulikov discovered that the netfilter code did not check certain \nstrings copied from userspace. A local attacker with netfilter access could \nexploit this to read kernel memory or crash the system, leading to a denial \nof service. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-2534)\n\nVasiliy Kulikov discovered that the Acorn Universal Networking driver did \nnot correctly initialize memory. A remote attacker could send specially \ncrafted traffic to read kernel stack memory, leading to a loss of privacy. \n(CVE-2011-1173)\n\nDan Rosenberg discovered that the IRDA subsystem did not correctly check \ncertain field sizes. If a system was using IRDA, a remote attacker could \nsend specially crafted traffic to crash the system or gain root privileges. \n(CVE-2011-1180)\n\nJulien Tinnes discovered that the kernel did not correctly validate the \nsignal structure from tkill(). A local attacker could exploit this to send \nsignals to arbitrary threads, possibly bypassing expected restrictions. \n(CVE-2011-1182)\n\nDan Rosenberg reported errors in the OSS (Open Sound System) MIDI \ninterface. A local attacker on non-x86 systems might be able to cause a \ndenial of service. (CVE-2011-1476)\n\nDan Rosenberg reported errors in the kernel's OSS (Open Sound System) \ndriver for Yamaha FM synthesizer chips. A local user can exploit this to \ncause memory corruption, causing a denial of service or privilege \nescalation. (CVE-2011-1477)\n\nRyan Sweat discovered that the GRO code did not correctly validate memory. \nIn some configurations on systems using VLANs, a remote attacker could send \nspecially crafted traffic to crash the system, leading to a denial of \nservice. (CVE-2011-1478)\n\nDan Rosenberg discovered that MPT devices did not correctly validate \ncertain values in ioctl calls. If these drivers were loaded, a local \nattacker could exploit this to read arbitrary kernel memory, leading to a \nloss of privacy. (CVE-2011-1494, CVE-2011-1495)\n\nTavis Ormandy discovered that the pidmap function did not correctly handle \nlarge requests. A local attacker could exploit this to crash the system, \nleading to a denial of service. (CVE-2011-1593)\n\nVasiliy Kulikov discovered that the AGP driver did not check certain ioctl \nvalues. A local attacker with access to the video subsystem could exploit \nthis to crash the system, leading to a denial of service, or possibly gain \nroot privileges. (CVE-2011-1745, CVE-2011-2022)\n\nOliver Hartkopp and Dave Jones discovered that the CAN network driver did \nnot correctly validate certain socket structures. If this driver was \nloaded, a local attacker could crash the system, leading to a denial of \nservice. (CVE-2011-1748)\n\nA flaw was found in the b43 driver in the Linux kernel. An attacker could \nuse this flaw to cause a denial of service if the system has an active \nwireless interface using the b43 driver. (CVE-2011-3359)\n\nMaynard Johnson discovered that on POWER7, certain speculative events may \nraise a performance monitor exception. A local attacker could exploit this \nto crash the system, leading to a denial of service. (CVE-2011-4611)\n\nDan Rosenberg discovered flaws in the linux Rose (X.25 PLP) layer used by \namateur radio. A local user or a remote user on an X.25 network could \nexploit these flaws to execute arbitrary code as root. (CVE-2011-4913)", "edition": 5, "modified": "2011-06-28T00:00:00", "published": "2011-06-28T00:00:00", "id": "USN-1160-1", "href": "https://ubuntu.com/security/notices/USN-1160-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-07-09T00:25:01", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1017", "CVE-2011-0521", "CVE-2010-4163", "CVE-2010-3865", "CVE-2010-4529", "CVE-2011-4621", "CVE-2011-1476", "CVE-2010-4668", "CVE-2010-3881", "CVE-2010-4346", "CVE-2011-1746", "CVE-2011-0695", "CVE-2011-1160", "CVE-2010-4527", "CVE-2010-4083", "CVE-2011-1078", "CVE-2011-1494", "CVE-2010-4649", "CVE-2011-1478", "CVE-2011-1012", "CVE-2011-1598", "CVE-2010-3877", "CVE-2010-3875", "CVE-2011-1173", "CVE-2010-4656", "CVE-2010-3876", "CVE-2011-0006", "CVE-2011-0463", "CVE-2010-3698", "CVE-2011-4611", "CVE-2011-0711", "CVE-2010-4650", "CVE-2011-2022", "CVE-2011-1180", "CVE-2011-3359", "CVE-2011-1079", "CVE-2011-1044", "CVE-2011-0712", "CVE-2011-1019", "CVE-2010-4248", "CVE-2011-1495", "CVE-2011-1163", "CVE-2011-1169", "CVE-2011-4913", "CVE-2010-4648", "CVE-2011-1013", "CVE-2010-4079", "CVE-2010-3880", "CVE-2010-4250", "CVE-2010-4342", "CVE-2011-1093", "CVE-2011-1010", "CVE-2011-1016", "CVE-2011-1593", "CVE-2011-1170", "CVE-2011-1172", "CVE-2011-1748", "CVE-2011-1171", "CVE-2011-1082", "CVE-2011-1477", "CVE-2011-2534", "CVE-2011-0726", "CVE-2011-1745", "CVE-2011-1182", "CVE-2011-1090", "CVE-2010-4565", "CVE-2011-1080", "CVE-2010-4077", "CVE-2010-4075", "CVE-2011-1577", "CVE-2010-4076"], "description": "It was discovered that KVM did not correctly initialize certain CPU \nregisters. A local attacker could exploit this to crash the system, leading \nto a denial of service. (CVE-2010-3698)\n\nThomas Pollet discovered that the RDS network protocol did not check \ncertain iovec buffers. A local attacker could exploit this to crash the \nsystem or possibly execute arbitrary code as the root user. (CVE-2010-3865)\n\nVasiliy Kulikov discovered that the Linux kernel X.25 implementation did \nnot correctly clear kernel memory. A local attacker could exploit this to \nread kernel stack memory, leading to a loss of privacy. (CVE-2010-3875)\n\nVasiliy Kulikov discovered that the Linux kernel sockets implementation did \nnot properly initialize certain structures. A local attacker could exploit \nthis to read kernel stack memory, leading to a loss of privacy. \n(CVE-2010-3876)\n\nVasiliy Kulikov discovered that the TIPC interface did not correctly \ninitialize certain structures. A local attacker could exploit this to read \nkernel stack memory, leading to a loss of privacy. (CVE-2010-3877)\n\nNelson Elhage discovered that the Linux kernel IPv4 implementation did not \nproperly audit certain bytecodes in netlink messages. A local attacker \ncould exploit this to cause the kernel to hang, leading to a denial of \nservice. (CVE-2010-3880)\n\nVasiliy Kulikov discovered that kvm did not correctly clear memory. A local \nattacker could exploit this to read portions of the kernel stack, leading \nto a loss of privacy. (CVE-2010-3881)\n\nDan Rosenberg discovered that multiple terminal ioctls did not correctly \ninitialize structure memory. A local attacker could exploit this to read \nportions of kernel stack memory, leading to a loss of privacy. \n(CVE-2010-4075, CVE-2010-4076, CVE-2010-4077)\n\nDan Rosenberg discovered that the ivtv V4L driver did not correctly \ninitialize certian structures. A local attacker could exploit this to read \nkernel stack memory, leading to a loss of privacy. (CVE-2010-4079)\n\nDan Rosenberg discovered that the semctl syscall did not correctly clear \nkernel memory. A local attacker could exploit this to read kernel stack \nmemory, leading to a loss of privacy. (CVE-2010-4083)\n\nDan Rosenberg discovered that the SCSI subsystem did not correctly validate \niov segments. A local attacker with access to a SCSI device could send \nspecially crafted requests to crash the system, leading to a denial of \nservice. (CVE-2010-4163, CVE-2010-4668)\n\nIt was discovered that multithreaded exec did not handle CPU timers \ncorrectly. A local attacker could exploit this to crash the system, leading \nto a denial of service. (CVE-2010-4248)\n\nVegard Nossum discovered a leak in the kernel's inotify_init() system call. \nA local, unprivileged user could exploit this to cause a denial of service. \n(CVE-2010-4250)\n\nNelson Elhage discovered that Econet did not correctly handle AUN packets \nover UDP. A local attacker could send specially crafted traffic to crash \nthe system, leading to a denial of service. (CVE-2010-4342)\n\nTavis Ormandy discovered that the install_special_mapping function could \nbypass the mmap_min_addr restriction. A local attacker could exploit this \nto mmap 4096 bytes below the mmap_min_addr area, possibly improving the \nchances of performing NULL pointer dereference attacks. (CVE-2010-4346)\n\nDan Rosenberg discovered that the OSS subsystem did not handle name \ntermination correctly. A local attacker could exploit this crash the system \nor gain root privileges. (CVE-2010-4527)\n\nDan Rosenberg discovered that IRDA did not correctly check the size of \nbuffers. On non-x86 systems, a local attacker could exploit this to read \nkernel heap memory, leading to a loss of privacy. (CVE-2010-4529)\n\nDan Rosenburg discovered that the CAN subsystem leaked kernel addresses \ninto the /proc filesystem. A local attacker could use this to increase the \nchances of a successful memory corruption exploit. (CVE-2010-4565)\n\nAn error was reported in the kernel's ORiNOCO wireless driver's handling of \nTKIP countermeasures. This reduces the amount of time an attacker needs \nbreach a wireless network using WPA+TKIP for security. (CVE-2010-4648)\n\nDan Carpenter discovered that the Infiniband driver did not correctly \nhandle certain requests. A local user could exploit this to crash the \nsystem or potentially gain root privileges. (CVE-2010-4649, CVE-2011-1044)\n\nAn error was discovered in the kernel's handling of CUSE (Character device \nin Userspace). A local attacker might exploit this flaw to escalate \nprivilege, if access to /dev/cuse has been modified to allow non-root \nusers. (CVE-2010-4650)\n\nKees Cook discovered that the IOWarrior USB device driver did not correctly \ncheck certain size fields. A local attacker with physical access could plug \nin a specially crafted USB device to crash the system or potentially gain \nroot privileges. (CVE-2010-4656)\n\nA flaw was found in the kernel's Integrity Measurement Architecture (IMA). \nChanges made by an attacker might not be discovered by IMA, if SELinux was \ndisabled, and a new IMA rule was loaded. (CVE-2011-0006)\n\nGoldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly \nclear memory when writing certain file holes. A local attacker could \nexploit this to read uninitialized data from the disk, leading to a loss of \nprivacy. (CVE-2011-0463)\n\nDan Carpenter discovered that the TTPCI DVB driver did not check certain \nvalues during an ioctl. If the dvb-ttpci module was loaded, a local \nattacker could exploit this to crash the system, leading to a denial of \nservice, or possibly gain root privileges. (CVE-2011-0521)\n\nJens Kuehnel discovered that the InfiniBand driver contained a race \ncondition. On systems using InfiniBand, a local attacker could send \nspecially crafted requests to crash the system, leading to a denial of \nservice. (CVE-2011-0695)\n\nDan Rosenberg discovered that XFS did not correctly initialize memory. A \nlocal attacker could make crafted ioctl calls to leak portions of kernel \nstack memory, leading to a loss of privacy. (CVE-2011-0711)\n\nRafael Dominguez Vega discovered that the caiaq Native Instruments USB \ndriver did not correctly validate string lengths. A local attacker with \nphysical access could plug in a specially crafted USB device to crash the \nsystem or potentially gain root privileges. (CVE-2011-0712)\n\nKees Cook reported that /proc/pid/stat did not correctly filter certain \nmemory locations. A local attacker could determine the memory layout of \nprocesses in an attempt to increase the chances of a successful memory \ncorruption exploit. (CVE-2011-0726)\n\nTimo Warns discovered that MAC partition parsing routines did not correctly \ncalculate block counts. A local attacker with physical access could plug in \na specially crafted block device to crash the system or potentially gain \nroot privileges. (CVE-2011-1010)\n\nTimo Warns discovered that LDM partition parsing routines did not correctly \ncalculate block counts. A local attacker with physical access could plug in \na specially crafted block device to crash the system, leading to a denial \nof service. (CVE-2011-1012)\n\nMatthiew Herrb discovered that the drm modeset interface did not correctly \nhandle a signed comparison. A local attacker could exploit this to crash \nthe system or possibly gain root privileges. (CVE-2011-1013)\n\nMarek Ol\u0161\u00e1k discovered that the Radeon GPU drivers did not correctly \nvalidate certain registers. On systems with specific hardware, a local \nattacker could exploit this to write to arbitrary video memory. \n(CVE-2011-1016)\n\nTimo Warns discovered that the LDM disk partition handling code did not \ncorrectly handle certain values. By inserting a specially crafted disk \ndevice, a local attacker could exploit this to gain root privileges. \n(CVE-2011-1017)\n\nVasiliy Kulikov discovered that the CAP_SYS_MODULE capability was not \nneeded to load kernel modules. A local attacker with the CAP_NET_ADMIN \ncapability could load existing kernel modules, possibly increasing the \nattack surface available on the system. (CVE-2011-1019)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly clear \nmemory. A local attacker could exploit this to read kernel stack memory, \nleading to a loss of privacy. (CVE-2011-1078)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly check \nthat device name strings were NULL terminated. A local attacker could \nexploit this to crash the system, leading to a denial of service, or leak \ncontents of kernel stack memory, leading to a loss of privacy. \n(CVE-2011-1079)\n\nVasiliy Kulikov discovered that bridge network filtering did not check that \nname fields were NULL terminated. A local attacker could exploit this to \nleak contents of kernel stack memory, leading to a loss of privacy. \n(CVE-2011-1080)\n\nNelson Elhage discovered that the epoll subsystem did not correctly handle \ncertain structures. A local attacker could create malicious requests that \nwould hang the system, leading to a denial of service. (CVE-2011-1082)\n\nNeil Horman discovered that NFSv4 did not correctly handle certain orders \nof operation with ACL data. A remote attacker with access to an NFSv4 mount \ncould exploit this to crash the system, leading to a denial of service. \n(CVE-2011-1090)\n\nJohan Hovold discovered that the DCCP network stack did not correctly \nhandle certain packet combinations. A remote attacker could send specially \ncrafted network traffic that would crash the system, leading to a denial of \nservice. (CVE-2011-1093)\n\nPeter Huewe discovered that the TPM device did not correctly initialize \nmemory. A local attacker could exploit this to read kernel heap memory \ncontents, leading to a loss of privacy. (CVE-2011-1160)\n\nTimo Warns discovered that OSF partition parsing routines did not correctly \nclear memory. A local attacker with physical access could plug in a \nspecially crafted block device to read kernel memory, leading to a loss of \nprivacy. (CVE-2011-1163)\n\nDan Rosenberg discovered that some ALSA drivers did not correctly check the \nadapter index during ioctl calls. If this driver was loaded, a local \nattacker could make a specially crafted ioctl call to gain root privileges. \n(CVE-2011-1169)\n\nVasiliy Kulikov discovered that the netfilter code did not check certain \nstrings copied from userspace. A local attacker with netfilter access could \nexploit this to read kernel memory or crash the system, leading to a denial \nof service. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-2534)\n\nVasiliy Kulikov discovered that the Acorn Universal Networking driver did \nnot correctly initialize memory. A remote attacker could send specially \ncrafted traffic to read kernel stack memory, leading to a loss of privacy. \n(CVE-2011-1173)\n\nDan Rosenberg discovered that the IRDA subsystem did not correctly check \ncertain field sizes. If a system was using IRDA, a remote attacker could \nsend specially crafted traffic to crash the system or gain root privileges. \n(CVE-2011-1180)\n\nJulien Tinnes discovered that the kernel did not correctly validate the \nsignal structure from tkill(). A local attacker could exploit this to send \nsignals to arbitrary threads, possibly bypassing expected restrictions. \n(CVE-2011-1182)\n\nDan Rosenberg reported errors in the OSS (Open Sound System) MIDI \ninterface. A local attacker on non-x86 systems might be able to cause a \ndenial of service. (CVE-2011-1476)\n\nDan Rosenberg reported errors in the kernel's OSS (Open Sound System) \ndriver for Yamaha FM synthesizer chips. A local user can exploit this to \ncause memory corruption, causing a denial of service or privilege \nescalation. (CVE-2011-1477)\n\nRyan Sweat discovered that the GRO code did not correctly validate memory. \nIn some configurations on systems using VLANs, a remote attacker could send \nspecially crafted traffic to crash the system, leading to a denial of \nservice. (CVE-2011-1478)\n\nDan Rosenberg discovered that MPT devices did not correctly validate \ncertain values in ioctl calls. If these drivers were loaded, a local \nattacker could exploit this to read arbitrary kernel memory, leading to a \nloss of privacy. (CVE-2011-1494, CVE-2011-1495)\n\nTimo Warns discovered that the GUID partition parsing routines did not \ncorrectly validate certain structures. A local attacker with physical \naccess could plug in a specially crafted block device to crash the system, \nleading to a denial of service. (CVE-2011-1577)\n\nTavis Ormandy discovered that the pidmap function did not correctly handle \nlarge requests. A local attacker could exploit this to crash the system, \nleading to a denial of service. (CVE-2011-1593)\n\nOliver Hartkopp and Dave Jones discovered that the CAN network driver did \nnot correctly validate certain socket structures. If this driver was \nloaded, a local attacker could crash the system, leading to a denial of \nservice. (CVE-2011-1598, CVE-2011-1748)\n\nVasiliy Kulikov discovered that the AGP driver did not check certain ioctl \nvalues. A local attacker with access to the video subsystem could exploit \nthis to crash the system, leading to a denial of service, or possibly gain \nroot privileges. (CVE-2011-1745, CVE-2011-2022)\n\nVasiliy Kulikov discovered that the AGP driver did not check the size of \ncertain memory allocations. A local attacker with access to the video \nsubsystem could exploit this to run the system out of memory, leading to a \ndenial of service. (CVE-2011-1746)\n\nA flaw was found in the b43 driver in the Linux kernel. An attacker could \nuse this flaw to cause a denial of service if the system has an active \nwireless interface using the b43 driver. (CVE-2011-3359)\n\nMaynard Johnson discovered that on POWER7, certain speculative events may \nraise a performance monitor exception. A local attacker could exploit this \nto crash the system, leading to a denial of service. (CVE-2011-4611)\n\nIt was discovered that some import kernel threads can be blocked by a user \nlevel process. An unprivileged local user could exploit this flaw to cause \na denial of service. (CVE-2011-4621)\n\nDan Rosenberg discovered flaws in the linux Rose (X.25 PLP) layer used by \namateur radio. A local user or a remote user on an X.25 network could \nexploit these flaws to execute arbitrary code as root. (CVE-2011-4913)", "edition": 5, "modified": "2011-08-09T00:00:00", "published": "2011-08-09T00:00:00", "id": "USN-1187-1", "href": "https://ubuntu.com/security/notices/USN-1187-1", "title": "Linux kernel (Maverick backport) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-08-08T13:59:09", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1017", "CVE-2010-4529", "CVE-2011-1476", "CVE-2011-1746", "CVE-2011-0695", "CVE-2011-1160", "CVE-2011-1078", "CVE-2011-1494", "CVE-2011-1478", "CVE-2011-1776", "CVE-2011-1598", "CVE-2011-1573", "CVE-2011-1173", "CVE-2011-1759", "CVE-2011-0463", "CVE-2011-4611", "CVE-2011-0711", "CVE-2011-2022", "CVE-2010-4263", "CVE-2011-1180", "CVE-2011-3359", "CVE-2011-1079", "CVE-2011-1770", "CVE-2011-1019", "CVE-2011-1495", "CVE-2010-4243", "CVE-2011-1163", "CVE-2011-3363", "CVE-2011-4913", "CVE-2011-1013", "CVE-2010-4342", "CVE-2011-1016", "CVE-2011-1593", "CVE-2011-1170", "CVE-2011-1172", "CVE-2011-1748", "CVE-2011-1171", "CVE-2011-1477", "CVE-2011-2534", "CVE-2011-0726", "CVE-2011-1745", "CVE-2011-1182", "CVE-2011-1090", "CVE-2010-4565", "CVE-2011-1080"], "description": "Brad Spengler discovered that the kernel did not correctly account for \nuserspace memory allocations during exec() calls. A local attacker could \nexploit this to consume all system memory, leading to a denial of service. \n(CVE-2010-4243)\n\nAlexander Duyck discovered that the Intel Gigabit Ethernet driver did not \ncorrectly handle certain configurations. If such a device was configured \nwithout VLANs, a remote attacker could crash the system, leading to a \ndenial of service. (CVE-2010-4263)\n\nNelson Elhage discovered that Econet did not correctly handle AUN packets \nover UDP. A local attacker could send specially crafted traffic to crash \nthe system, leading to a denial of service. (CVE-2010-4342)\n\nDan Rosenberg discovered that IRDA did not correctly check the size of \nbuffers. On non-x86 systems, a local attacker could exploit this to read \nkernel heap memory, leading to a loss of privacy. (CVE-2010-4529)\n\nDan Rosenburg discovered that the CAN subsystem leaked kernel addresses \ninto the /proc filesystem. A local attacker could use this to increase the \nchances of a successful memory corruption exploit. (CVE-2010-4565)\n\nGoldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly \nclear memory when writing certain file holes. A local attacker could \nexploit this to read uninitialized data from the disk, leading to a loss of \nprivacy. (CVE-2011-0463)\n\nJens Kuehnel discovered that the InfiniBand driver contained a race \ncondition. On systems using InfiniBand, a local attacker could send \nspecially crafted requests to crash the system, leading to a denial of \nservice. (CVE-2011-0695)\n\nDan Rosenberg discovered that XFS did not correctly initialize memory. A \nlocal attacker could make crafted ioctl calls to leak portions of kernel \nstack memory, leading to a loss of privacy. (CVE-2011-0711)\n\nKees Cook reported that /proc/pid/stat did not correctly filter certain \nmemory locations. A local attacker could determine the memory layout of \nprocesses in an attempt to increase the chances of a successful memory \ncorruption exploit. (CVE-2011-0726)\n\nMatthiew Herrb discovered that the drm modeset interface did not correctly \nhandle a signed comparison. A local attacker could exploit this to crash \nthe system or possibly gain root privileges. (CVE-2011-1013)\n\nMarek Ol\u0161\u00e1k discovered that the Radeon GPU drivers did not correctly \nvalidate certain registers. On systems with specific hardware, a local \nattacker could exploit this to write to arbitrary video memory. \n(CVE-2011-1016)\n\nTimo Warns discovered that the LDM disk partition handling code did not \ncorrectly handle certain values. By inserting a specially crafted disk \ndevice, a local attacker could exploit this to gain root privileges. \n(CVE-2011-1017)\n\nVasiliy Kulikov discovered that the CAP_SYS_MODULE capability was not \nneeded to load kernel modules. A local attacker with the CAP_NET_ADMIN \ncapability could load existing kernel modules, possibly increasing the \nattack surface available on the system. (CVE-2011-1019)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly clear \nmemory. A local attacker could exploit this to read kernel stack memory, \nleading to a loss of privacy. (CVE-2011-1078)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly check \nthat device name strings were NULL terminated. A local attacker could \nexploit this to crash the system, leading to a denial of service, or leak \ncontents of kernel stack memory, leading to a loss of privacy. \n(CVE-2011-1079)\n\nVasiliy Kulikov discovered that bridge network filtering did not check that \nname fields were NULL terminated. A local attacker could exploit this to \nleak contents of kernel stack memory, leading to a loss of privacy. \n(CVE-2011-1080)\n\nNeil Horman discovered that NFSv4 did not correctly handle certain orders \nof operation with ACL data. A remote attacker with access to an NFSv4 mount \ncould exploit this to crash the system, leading to a denial of service. \n(CVE-2011-1090)\n\nPeter Huewe discovered that the TPM device did not correctly initialize \nmemory. A local attacker could exploit this to read kernel heap memory \ncontents, leading to a loss of privacy. (CVE-2011-1160)\n\nTimo Warns discovered that OSF partition parsing routines did not correctly \nclear memory. A local attacker with physical access could plug in a \nspecially crafted block device to read kernel memory, leading to a loss of \nprivacy. (CVE-2011-1163)\n\nVasiliy Kulikov discovered that the netfilter code did not check certain \nstrings copied from userspace. A local attacker with netfilter access could \nexploit this to read kernel memory or crash the system, leading to a denial \nof service. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-2534)\n\nVasiliy Kulikov discovered that the Acorn Universal Networking driver did \nnot correctly initialize memory. A remote attacker could send specially \ncrafted traffic to read kernel stack memory, leading to a loss of privacy. \n(CVE-2011-1173)\n\nDan Rosenberg discovered that the IRDA subsystem did not correctly check \ncertain field sizes. If a system was using IRDA, a remote attacker could \nsend specially crafted traffic to crash the system or gain root privileges. \n(CVE-2011-1180)\n\nJulien Tinnes discovered that the kernel did not correctly validate the \nsignal structure from tkill(). A local attacker could exploit this to send \nsignals to arbitrary threads, possibly bypassing expected restrictions. \n(CVE-2011-1182)\n\nDan Rosenberg reported errors in the OSS (Open Sound System) MIDI \ninterface. A local attacker on non-x86 systems might be able to cause a \ndenial of service. (CVE-2011-1476)\n\nDan Rosenberg reported errors in the kernel's OSS (Open Sound System) \ndriver for Yamaha FM synthesizer chips. A local user can exploit this to \ncause memory corruption, causing a denial of service or privilege \nescalation. (CVE-2011-1477)\n\nRyan Sweat discovered that the GRO code did not correctly validate memory. \nIn some configurations on systems using VLANs, a remote attacker could send \nspecially crafted traffic to crash the system, leading to a denial of \nservice. (CVE-2011-1478)\n\nDan Rosenberg discovered that MPT devices did not correctly validate \ncertain values in ioctl calls. If these drivers were loaded, a local \nattacker could exploit this to read arbitrary kernel memory, leading to a \nloss of privacy. (CVE-2011-1494, CVE-2011-1495)\n\nIt was discovered that the Stream Control Transmission Protocol (SCTP) \nimplementation incorrectly calculated lengths. If the net.sctp.addip_enable \nvariable was turned on, a remote attacker could send specially crafted \ntraffic to crash the system. (CVE-2011-1573)\n\nTavis Ormandy discovered that the pidmap function did not correctly handle \nlarge requests. A local attacker could exploit this to crash the system, \nleading to a denial of service. (CVE-2011-1593)\n\nOliver Hartkopp and Dave Jones discovered that the CAN network driver did \nnot correctly validate certain socket structures. If this driver was \nloaded, a local attacker could crash the system, leading to a denial of \nservice. (CVE-2011-1598, CVE-2011-1748)\n\nVasiliy Kulikov discovered that the AGP driver did not check certain ioctl \nvalues. A local attacker with access to the video subsystem could exploit \nthis to crash the system, leading to a denial of service, or possibly gain \nroot privileges. (CVE-2011-1745, CVE-2011-2022)\n\nVasiliy Kulikov discovered that the AGP driver did not check the size of \ncertain memory allocations. A local attacker with access to the video \nsubsystem could exploit this to run the system out of memory, leading to a \ndenial of service. (CVE-2011-1746)\n\nDan Rosenberg reported an error in the old ABI compatibility layer of ARM \nkernels. A local attacker could exploit this flaw to cause a denial of \nservice or gain root privileges. (CVE-2011-1759)\n\nDan Rosenberg discovered that the DCCP stack did not correctly handle \ncertain packet structures. A remote attacker could exploit this to crash \nthe system, leading to a denial of service. (CVE-2011-1770)\n\nTimo Warns discovered that the EFI GUID partition table was not correctly \nparsed. A physically local attacker that could insert mountable devices \ncould exploit this to crash the system or possibly gain root privileges. \n(CVE-2011-1776)\n\nA flaw was found in the b43 driver in the Linux kernel. An attacker could \nuse this flaw to cause a denial of service if the system has an active \nwireless interface using the b43 driver. (CVE-2011-3359)\n\nYogesh Sharma discovered that CIFS did not correctly handle UNCs that had \nno prefixpaths. A local attacker with access to a CIFS partition could \nexploit this to crash the system, leading to a denial of service. \n(CVE-2011-3363)\n\nMaynard Johnson discovered that on POWER7, certain speculative events may \nraise a performance monitor exception. A local attacker could exploit this \nto crash the system, leading to a denial of service. (CVE-2011-4611)\n\nDan Rosenberg discovered flaws in the linux Rose (X.25 PLP) layer used by \namateur radio. A local user or a remote user on an X.25 network could \nexploit these flaws to execute arbitrary code as root. (CVE-2011-4913)", "edition": 6, "modified": "2011-07-13T00:00:00", "published": "2011-07-13T00:00:00", "id": "USN-1159-1", "href": "https://ubuntu.com/security/notices/USN-1159-1", "title": "Linux kernel vulnerabilities (Marvell Dove)", "type": "ubuntu", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-08T23:37:25", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1160", "CVE-2011-1078", "CVE-2011-2492", "CVE-2011-1180", "CVE-2011-1079", "CVE-2011-4913", "CVE-2011-4914", "CVE-2011-1093", "CVE-2011-1020", "CVE-2011-1493", "CVE-2011-1080"], "description": "It was discovered that the /proc filesystem did not correctly handle \npermission changes when programs executed. A local attacker could hold open \nfiles to examine details about programs running with higher privileges, \npotentially increasing the chances of exploiting additional \nvulnerabilities. (CVE-2011-1020)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly clear \nmemory. A local attacker could exploit this to read kernel stack memory, \nleading to a loss of privacy. (CVE-2011-1078)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly check \nthat device name strings were NULL terminated. A local attacker could \nexploit this to crash the system, leading to a denial of service, or leak \ncontents of kernel stack memory, leading to a loss of privacy. \n(CVE-2011-1079)\n\nVasiliy Kulikov discovered that bridge network filtering did not check that \nname fields were NULL terminated. A local attacker could exploit this to \nleak contents of kernel stack memory, leading to a loss of privacy. \n(CVE-2011-1080)\n\nJohan Hovold discovered that the DCCP network stack did not correctly \nhandle certain packet combinations. A remote attacker could send specially \ncrafted network traffic that would crash the system, leading to a denial of \nservice. (CVE-2011-1093)\n\nPeter Huewe discovered that the TPM device did not correctly initialize \nmemory. A local attacker could exploit this to read kernel heap memory \ncontents, leading to a loss of privacy. (CVE-2011-1160)\n\nDan Rosenberg discovered that the IRDA subsystem did not correctly check \ncertain field sizes. If a system was using IRDA, a remote attacker could \nsend specially crafted traffic to crash the system or gain root privileges. \n(CVE-2011-1180)\n\nDan Rosenberg discovered that the X.25 Rose network stack did not correctly \nhandle certain fields. If a system was running with Rose enabled, a remote \nattacker could send specially crafted traffic to gain root privileges. \n(CVE-2011-1493)\n\nIt was discovered that Bluetooth l2cap and rfcomm did not correctly \ninitialize structures. A local attacker could exploit this to read portions \nof the kernel stack, leading to a loss of privacy. (CVE-2011-2492)\n\nDan Rosenberg discovered flaws in the linux Rose (X.25 PLP) layer used by \namateur radio. A local user or a remote user on an X.25 network could \nexploit these flaws to execute arbitrary code as root. (CVE-2011-4913)\n\nBen Hutchings discovered several flaws in the Linux Rose (X.25 PLP) layer. \nA local user or a remote user on an X.25 network could exploit these flaws \nto execute arbitrary code as root. (CVE-2011-4914)", "edition": 5, "modified": "2011-08-19T00:00:00", "published": "2011-08-19T00:00:00", "id": "USN-1189-1", "href": "https://ubuntu.com/security/notices/USN-1189-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-08-08T14:08:14", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1017", "CVE-2010-4529", "CVE-2011-1476", "CVE-2011-1746", "CVE-2011-0695", "CVE-2011-1160", "CVE-2011-1078", "CVE-2011-1494", "CVE-2011-1478", "CVE-2011-1776", "CVE-2011-1598", "CVE-2011-1573", "CVE-2011-1173", "CVE-2011-1759", "CVE-2011-0463", "CVE-2011-4611", "CVE-2011-0711", "CVE-2011-2022", "CVE-2010-4263", "CVE-2011-1180", "CVE-2011-3359", "CVE-2011-1079", "CVE-2011-1770", "CVE-2011-1019", "CVE-2011-1495", "CVE-2010-4243", "CVE-2011-1163", "CVE-2011-3363", "CVE-2011-4913", "CVE-2011-1013", "CVE-2010-4342", "CVE-2011-1016", "CVE-2011-1593", "CVE-2011-1170", "CVE-2011-1172", "CVE-2011-1748", "CVE-2011-1171", "CVE-2011-1477", "CVE-2011-2534", "CVE-2011-0726", "CVE-2011-1745", "CVE-2011-1182", "CVE-2011-1090", "CVE-2010-4565", "CVE-2011-1080"], "description": "Brad Spengler discovered that the kernel did not correctly account for \nuserspace memory allocations during exec() calls. A local attacker could \nexploit this to consume all system memory, leading to a denial of service. \n(CVE-2010-4243)\n\nAlexander Duyck discovered that the Intel Gigabit Ethernet driver did not \ncorrectly handle certain configurations. If such a device was configured \nwithout VLANs, a remote attacker could crash the system, leading to a \ndenial of service. (CVE-2010-4263)\n\nNelson Elhage discovered that Econet did not correctly handle AUN packets \nover UDP. A local attacker could send specially crafted traffic to crash \nthe system, leading to a denial of service. (CVE-2010-4342)\n\nDan Rosenberg discovered that IRDA did not correctly check the size of \nbuffers. On non-x86 systems, a local attacker could exploit this to read \nkernel heap memory, leading to a loss of privacy. (CVE-2010-4529)\n\nDan Rosenburg discovered that the CAN subsystem leaked kernel addresses \ninto the /proc filesystem. A local attacker could use this to increase the \nchances of a successful memory corruption exploit. (CVE-2010-4565)\n\nGoldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly \nclear memory when writing certain file holes. A local attacker could \nexploit this to read uninitialized data from the disk, leading to a loss of \nprivacy. (CVE-2011-0463)\n\nJens Kuehnel discovered that the InfiniBand driver contained a race \ncondition. On systems using InfiniBand, a local attacker could send \nspecially crafted requests to crash the system, leading to a denial of \nservice. (CVE-2011-0695)\n\nDan Rosenberg discovered that XFS did not correctly initialize memory. A \nlocal attacker could make crafted ioctl calls to leak portions of kernel \nstack memory, leading to a loss of privacy. (CVE-2011-0711)\n\nKees Cook reported that /proc/pid/stat did not correctly filter certain \nmemory locations. A local attacker could determine the memory layout of \nprocesses in an attempt to increase the chances of a successful memory \ncorruption exploit. (CVE-2011-0726)\n\nMatthiew Herrb discovered that the drm modeset interface did not correctly \nhandle a signed comparison. A local attacker could exploit this to crash \nthe system or possibly gain root privileges. (CVE-2011-1013)\n\nMarek Ol\u0161\u00e1k discovered that the Radeon GPU drivers did not correctly \nvalidate certain registers. On systems with specific hardware, a local \nattacker could exploit this to write to arbitrary video memory. \n(CVE-2011-1016)\n\nTimo Warns discovered that the LDM disk partition handling code did not \ncorrectly handle certain values. By inserting a specially crafted disk \ndevice, a local attacker could exploit this to gain root privileges. \n(CVE-2011-1017)\n\nVasiliy Kulikov discovered that the CAP_SYS_MODULE capability was not \nneeded to load kernel modules. A local attacker with the CAP_NET_ADMIN \ncapability could load existing kernel modules, possibly increasing the \nattack surface available on the system. (CVE-2011-1019)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly clear \nmemory. A local attacker could exploit this to read kernel stack memory, \nleading to a loss of privacy. (CVE-2011-1078)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly check \nthat device name strings were NULL terminated. A local attacker could \nexploit this to crash the system, leading to a denial of service, or leak \ncontents of kernel stack memory, leading to a loss of privacy. \n(CVE-2011-1079)\n\nVasiliy Kulikov discovered that bridge network filtering did not check that \nname fields were NULL terminated. A local attacker could exploit this to \nleak contents of kernel stack memory, leading to a loss of privacy. \n(CVE-2011-1080)\n\nNeil Horman discovered that NFSv4 did not correctly handle certain orders \nof operation with ACL data. A remote attacker with access to an NFSv4 mount \ncould exploit this to crash the system, leading to a denial of service. \n(CVE-2011-1090)\n\nPeter Huewe discovered that the TPM device did not correctly initialize \nmemory. A local attacker could exploit this to read kernel heap memory \ncontents, leading to a loss of privacy. (CVE-2011-1160)\n\nTimo Warns discovered that OSF partition parsing routines did not correctly \nclear memory. A local attacker with physical access could plug in a \nspecially crafted block device to read kernel memory, leading to a loss of \nprivacy. (CVE-2011-1163)\n\nVasiliy Kulikov discovered that the netfilter code did not check certain \nstrings copied from userspace. A local attacker with netfilter access could \nexploit this to read kernel memory or crash the system, leading to a denial \nof service. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-2534)\n\nVasiliy Kulikov discovered that the Acorn Universal Networking driver did \nnot correctly initialize memory. A remote attacker could send specially \ncrafted traffic to read kernel stack memory, leading to a loss of privacy. \n(CVE-2011-1173)\n\nDan Rosenberg discovered that the IRDA subsystem did not correctly check \ncertain field sizes. If a system was using IRDA, a remote attacker could \nsend specially crafted traffic to crash the system or gain root privileges. \n(CVE-2011-1180)\n\nJulien Tinnes discovered that the kernel did not correctly validate the \nsignal structure from tkill(). A local attacker could exploit this to send \nsignals to arbitrary threads, possibly bypassing expected restrictions. \n(CVE-2011-1182)\n\nDan Rosenberg reported errors in the OSS (Open Sound System) MIDI \ninterface. A local attacker on non-x86 systems might be able to cause a \ndenial of service. (CVE-2011-1476)\n\nDan Rosenberg reported errors in the kernel's OSS (Open Sound System) \ndriver for Yamaha FM synthesizer chips. A local user can exploit this to \ncause memory corruption, causing a denial of service or privilege \nescalation. (CVE-2011-1477)\n\nRyan Sweat discovered that the GRO code did not correctly validate memory. \nIn some configurations on systems using VLANs, a remote attacker could send \nspecially crafted traffic to crash the system, leading to a denial of \nservice. (CVE-2011-1478)\n\nDan Rosenberg discovered that MPT devices did not correctly validate \ncertain values in ioctl calls. If these drivers were loaded, a local \nattacker could exploit this to read arbitrary kernel memory, leading to a \nloss of privacy. (CVE-2011-1494, CVE-2011-1495)\n\nIt was discovered that the Stream Control Transmission Protocol (SCTP) \nimplementation incorrectly calculated lengths. If the net.sctp.addip_enable \nvariable was turned on, a remote attacker could send specially crafted \ntraffic to crash the system. (CVE-2011-1573)\n\nTavis Ormandy discovered that the pidmap function did not correctly handle \nlarge requests. A local attacker could exploit this to crash the system, \nleading to a denial of service. (CVE-2011-1593)\n\nOliver Hartkopp and Dave Jones discovered that the CAN network driver did \nnot correctly validate certain socket structures. If this driver was \nloaded, a local attacker could crash the system, leading to a denial of \nservice. (CVE-2011-1598, CVE-2011-1748)\n\nVasiliy Kulikov discovered that the AGP driver did not check certain ioctl \nvalues. A local attacker with access to the video subsystem could exploit \nthis to crash the system, leading to a denial of service, or possibly gain \nroot privileges. (CVE-2011-1745, CVE-2011-2022)\n\nVasiliy Kulikov discovered that the AGP driver did not check the size of \ncertain memory allocations. A local attacker with access to the video \nsubsystem could exploit this to run the system out of memory, leading to a \ndenial of service. (CVE-2011-1746)\n\nDan Rosenberg reported an error in the old ABI compatibility layer of ARM \nkernels. A local attacker could exploit this flaw to cause a denial of \nservice or gain root privileges. (CVE-2011-1759)\n\nDan Rosenberg discovered that the DCCP stack did not correctly handle \ncertain packet structures. A remote attacker could exploit this to crash \nthe system, leading to a denial of service. (CVE-2011-1770)\n\nTimo Warns discovered that the EFI GUID partition table was not correctly \nparsed. A physically local attacker that could insert mountable devices \ncould exploit this to crash the system or possibly gain root privileges. \n(CVE-2011-1776)\n\nA flaw was found in the b43 driver in the Linux kernel. An attacker could \nuse this flaw to cause a denial of service if the system has an active \nwireless interface using the b43 driver. (CVE-2011-3359)\n\nYogesh Sharma discovered that CIFS did not correctly handle UNCs that had \nno prefixpaths. A local attacker with access to a CIFS partition could \nexploit this to crash the system, leading to a denial of service. \n(CVE-2011-3363)\n\nMaynard Johnson discovered that on POWER7, certain speculative events may \nraise a performance monitor exception. A local attacker could exploit this \nto crash the system, leading to a denial of service. (CVE-2011-4611)\n\nDan Rosenberg discovered flaws in the linux Rose (X.25 PLP) layer used by \namateur radio. A local user or a remote user on an X.25 network could \nexploit these flaws to execute arbitrary code as root. (CVE-2011-4913)", "edition": 6, "modified": "2011-06-29T00:00:00", "published": "2011-06-29T00:00:00", "id": "USN-1162-1", "href": "https://ubuntu.com/security/notices/USN-1162-1", "title": "Linux kernel vulnerabilities (Marvell Dove)", "type": "ubuntu", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:24:05", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3865", "CVE-2011-4621", "CVE-2010-4346", "CVE-2010-4527", "CVE-2010-4083", "CVE-2010-4649", "CVE-2010-3877", "CVE-2010-3875", "CVE-2010-3876", "CVE-2011-0006", "CVE-2010-3698", "CVE-2010-4650", "CVE-2011-1044", "CVE-2010-4248", "CVE-2010-4648", "CVE-2010-4079", "CVE-2010-3880", "CVE-2010-4250", "CVE-2010-4342"], "description": "It was discovered that KVM did not correctly initialize certain CPU \nregisters. A local attacker could exploit this to crash the system, leading \nto a denial of service. (CVE-2010-3698)\n\nThomas Pollet discovered that the RDS network protocol did not check \ncertain iovec buffers. A local attacker could exploit this to crash the \nsystem or possibly execute arbitrary code as the root user. (CVE-2010-3865)\n\nVasiliy Kulikov discovered that the Linux kernel X.25 implementation did \nnot correctly clear kernel memory. A local attacker could exploit this to \nread kernel stack memory, leading to a loss of privacy. (CVE-2010-3875)\n\nVasiliy Kulikov discovered that the Linux kernel sockets implementation did \nnot properly initialize certain structures. A local attacker could exploit \nthis to read kernel stack memory, leading to a loss of privacy. \n(CVE-2010-3876)\n\nVasiliy Kulikov discovered that the TIPC interface did not correctly \ninitialize certain structures. A local attacker could exploit this to read \nkernel stack memory, leading to a loss of privacy. (CVE-2010-3877)\n\nNelson Elhage discovered that the Linux kernel IPv4 implementation did not \nproperly audit certain bytecodes in netlink messages. A local attacker \ncould exploit this to cause the kernel to hang, leading to a denial of \nservice. (CVE-2010-3880)\n\nDan Rosenberg discovered that the ivtv V4L driver did not correctly \ninitialize certian structures. A local attacker could exploit this to read \nkernel stack memory, leading to a loss of privacy. (CVE-2010-4079)\n\nDan Rosenberg discovered that the semctl syscall did not correctly clear \nkernel memory. A local attacker could exploit this to read kernel stack \nmemory, leading to a loss of privacy. (CVE-2010-4083)\n\nIt was discovered that multithreaded exec did not handle CPU timers \ncorrectly. A local attacker could exploit this to crash the system, leading \nto a denial of service. (CVE-2010-4248)\n\nVegard Nossum discovered a leak in the kernel's inotify_init() system call. \nA local, unprivileged user could exploit this to cause a denial of service. \n(CVE-2010-4250)\n\nNelson Elhage discovered that Econet did not correctly handle AUN packets \nover UDP. A local attacker could send specially crafted traffic to crash \nthe system, leading to a denial of service. (CVE-2010-4342)\n\nTavis Ormandy discovered that the install_special_mapping function could \nbypass the mmap_min_addr restriction. A local attacker could exploit this \nto mmap 4096 bytes below the mmap_min_addr area, possibly improving the \nchances of performing NULL pointer dereference attacks. (CVE-2010-4346)\n\nDan Rosenberg discovered that the OSS subsystem did not handle name \ntermination correctly. A local attacker could exploit this crash the system \nor gain root privileges. (CVE-2010-4527)\n\nAn error was reported in the kernel's ORiNOCO wireless driver's handling of \nTKIP countermeasures. This reduces the amount of time an attacker needs \nbreach a wireless network using WPA+TKIP for security. (CVE-2010-4648)\n\nDan Carpenter discovered that the Infiniband driver did not correctly \nhandle certain requests. A local user could exploit this to crash the \nsystem or potentially gain root privileges. (CVE-2010-4649, CVE-2011-1044)\n\nAn error was discovered in the kernel's handling of CUSE (Character device \nin Userspace). A local attacker might exploit this flaw to escalate \nprivilege, if access to /dev/cuse has been modified to allow non-root \nusers. (CVE-2010-4650)\n\nA flaw was found in the kernel's Integrity Measurement Architecture (IMA). \nChanges made by an attacker might not be discovered by IMA, if SELinux was \ndisabled, and a new IMA rule was loaded. (CVE-2011-0006)\n\nIt was discovered that some import kernel threads can be blocked by a user \nlevel process. An unprivileged local user could exploit this flaw to cause \na denial of service. (CVE-2011-4621)", "edition": 5, "modified": "2011-03-02T00:00:00", "published": "2011-03-02T00:00:00", "id": "USN-1081-1", "href": "https://ubuntu.com/security/notices/USN-1081-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-28T13:36:40", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4073", "CVE-2010-4165", "CVE-2010-4649", "CVE-2011-1173", "CVE-2011-2484", "CVE-2011-0711", "CVE-2011-1044", "CVE-2010-4249", "CVE-2011-1010", "CVE-2011-1170", "CVE-2011-1172", "CVE-2010-4238", "CVE-2011-1171", "CVE-2011-2534", "CVE-2011-1090"], "description": "Dan Rosenberg discovered that IPC structures were not correctly initialized \non 64bit systems. A local attacker could exploit this to read kernel stack \nmemory, leading to a loss of privacy. (CVE-2010-4073)\n\nSteve Chen discovered that setsockopt did not correctly check MSS values. A \nlocal attacker could make a specially crafted socket call to crash the \nsystem, leading to a denial of service. (CVE-2010-4165)\n\nVladymyr Denysov discovered that Xen virtual CD-ROM devices were not \nhandled correctly. A local attacker in a guest could make crafted blkback \nrequests that would crash the host, leading to a denial of service. \n(CVE-2010-4238)\n\nVegard Nossum discovered that memory garbage collection was not handled \ncorrectly for active sockets. A local attacker could exploit this to \nallocate all available kernel memory, leading to a denial of service. \n(CVE-2010-4249)\n\nDan Carpenter discovered that the Infiniband driver did not correctly \nhandle certain requests. A local user could exploit this to crash the \nsystem or potentially gain root privileges. (CVE-2010-4649, CVE-2011-1044)\n\nDan Rosenberg discovered that XFS did not correctly initialize memory. A \nlocal attacker could make crafted ioctl calls to leak portions of kernel \nstack memory, leading to a loss of privacy. (CVE-2011-0711)\n\nTimo Warns discovered that MAC partition parsing routines did not correctly \ncalculate block counts. A local attacker with physical access could plug in \na specially crafted block device to crash the system or potentially gain \nroot privileges. (CVE-2011-1010)\n\nNeil Horman discovered that NFSv4 did not correctly handle certain orders \nof operation with ACL data. A remote attacker with access to an NFSv4 mount \ncould exploit this to crash the system, leading to a denial of service. \n(CVE-2011-1090)\n\nVasiliy Kulikov discovered that the netfilter code did not check certain \nstrings copied from userspace. A local attacker with netfilter access could \nexploit this to read kernel memory or crash the system, leading to a denial \nof service. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-2534)\n\nVasiliy Kulikov discovered that the Acorn Universal Networking driver did \nnot correctly initialize memory. A remote attacker could send specially \ncrafted traffic to read kernel stack memory, leading to a loss of privacy. \n(CVE-2011-1173)\n\nVasiliy Kulikov discovered that taskstats listeners were not correctly \nhandled. A local attacker could expoit this to exhaust memory and CPU \nresources, leading to a denial of service. (CVE-2011-2484)", "edition": 6, "modified": "2011-08-09T00:00:00", "published": "2011-08-09T00:00:00", "id": "USN-1186-1", "href": "https://ubuntu.com/security/notices/USN-1186-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:40", "bulletinFamily": "software", "cvelist": ["CVE-2011-0521", "CVE-2010-4529", "CVE-2011-0695", "CVE-2011-1083", "CVE-2011-1012", "CVE-2010-4656", "CVE-2011-0463", "CVE-2010-4263", "CVE-2011-0712", "CVE-2011-1019", "CVE-2010-4243", "CVE-2011-1013", "CVE-2010-4342", "CVE-2011-1010", "CVE-2011-1016", "CVE-2011-1082", "CVE-2011-0726", "CVE-2011-1182", "CVE-2010-4565"], "description": "==========================================================================\r\nUbuntu Security Notice USN-1141-1\r\nMay 31, 2011\r\n\r\nlinux, linux-ec2 vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 10.04 LTS\r\n\r\nSummary:\r\n\r\nMultiple kernel vulnerabilities have been fixed.\r\n\r\nSoftware Description:\r\n- linux: Linux kernel\r\n- linux-ec2: Linux kernel for EC2\r\n\r\nDetails:\r\n\r\nBrad Spengler discovered that the kernel did not correctly account for\r\nuserspace memory allocations during exec&#40;&#41; calls. A local attacker could\r\nexploit this to consume all system memory, leading to a denial of service.\r\n&#40;CVE-2010-4243&#41;\r\n\r\nAlexander Duyck discovered that the Intel Gigabit Ethernet driver did not\r\ncorrectly handle certain configurations. If such a device was configured\r\nwithout VLANs, a remote attacker could crash the system, leading to a\r\ndenial of service. &#40;CVE-2010-4263&#41;\r\n\r\nNelson Elhage discovered that Econet did not correctly handle AUN packets\r\nover UDP. A local attacker could send specially crafted traffic to crash\r\nthe system, leading to a denial of service. &#40;CVE-2010-4342&#41;\r\n\r\nDan Rosenberg discovered that IRDA did not correctly check the size of\r\nbuffers. On non-x86 systems, a local attacker could exploit this to read\r\nkernel heap memory, leading to a loss of privacy. &#40;CVE-2010-4529&#41;\r\n\r\nDan Rosenburg discovered that the CAN subsystem leaked kernel addresses\r\ninto the /proc filesystem. A local attacker could use this to increase\r\nthe chances of a successful memory corruption exploit. &#40;CVE-2010-4565&#41;\r\n\r\nKees Cook discovered that the IOWarrior USB device driver did not\r\ncorrectly check certain size fields. A local attacker with physical\r\naccess could plug in a specially crafted USB device to crash the system\r\nor potentially gain root privileges. &#40;CVE-2010-4656&#41;\r\n\r\nGoldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly\r\nclear memory when writing certain file holes. A local attacker could\r\nexploit this to read uninitialized data from the disk, leading to a loss\r\nof privacy. &#40;CVE-2011-0463&#41;\r\n\r\nDan Carpenter discovered that the TTPCI DVB driver did not check certain\r\nvalues during an ioctl. If the dvb-ttpci module was loaded, a local\r\nattacker could exploit this to crash the system, leading to a denial of\r\nservice, or possibly gain root privileges. &#40;CVE-2011-0521&#41;\r\n\r\nJens Kuehnel discovered that the InfiniBand driver contained a race\r\ncondition. On systems using InfiniBand, a local attacker could send\r\nspecially crafted requests to crash the system, leading to a denial of\r\nservice. &#40;CVE-2011-0695&#41;\r\n\r\nRafael Dominguez Vega discovered that the caiaq Native Instruments USB\r\ndriver did not correctly validate string lengths. A local attacker with\r\nphysical access could plug in a specially crafted USB device to crash\r\nthe system or potentially gain root privileges. &#40;CVE-2011-0712&#41;\r\n\r\nKees Cook reported that /proc/pid/stat did not correctly filter certain\r\nmemory locations. A local attacker could determine the memory layout of\r\nprocesses in an attempt to increase the chances of a successful memory\r\ncorruption exploit. &#40;CVE-2011-0726&#41;\r\n\r\nTimo Warns discovered that MAC partition parsing routines did not\r\ncorrectly calculate block counts. A local attacker with physical access\r\ncould plug in a specially crafted block device to crash the system or\r\npotentially gain root privileges. &#40;CVE-2011-1010&#41;\r\n\r\nTimo Warns discovered that LDM partition parsing routines did not\r\ncorrectly calculate block counts. A local attacker with physical access\r\ncould plug in a specially crafted block device to crash the system, leading\r\nto a denial of service. &#40;CVE-2011-1012&#41;\r\n\r\nMatthiew Herrb discovered that the drm modeset interface did not correctly\r\nhandle a signed comparison. A local attacker could exploit this to crash\r\nthe system or possibly gain root privileges. &#40;CVE-2011-1013&#41;\r\n\r\nMarek Olsak discovered that the Radeon GPU drivers did not correctly\r\nvalidate certain registers. On systems with specific hardware,\r\na local attacker could exploit this to write to arbitrary video\r\nmemory. &#40;CVE-2011-1016&#41;\r\n\r\nVasiliy Kulikov discovered that the CAP_SYS_MODULE capability was not\r\nneeded to load kernel modules. A local attacker with the CAP_NET_ADMIN\r\ncapability could load existing kernel modules, possibly increasing the\r\nattack surface available on the system. &#40;CVE-2011-1019&#41;\r\n\r\nNelson Elhage discovered that the epoll subsystem did not correctly handle\r\ncertain structures. A local attacker could create malicious requests that\r\nwould hang the system, leading to a denial of service. &#40;CVE-2011-1082&#41;\r\n\r\nNelson Elhage discovered that the epoll subsystem did not correctly handle\r\ncertain structures. A local attacker could create malicious requests that\r\nwould consume large amounts of CPU, leading to a denial of service.\r\n&#40;CVE-2011-1083&#41;\r\n\r\nJulien Tinnes discovered that the kernel did not correctly validate\r\nthe signal structure from tkill&#40;&#41;. A local attacker could exploit\r\nthis to send signals to arbitrary threads, possibly bypassing expected\r\nrestrictions. &#40;CVE-2011-1182&#41;\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 10.04 LTS:\r\n linux-image-2.6.32-316-ec2 2.6.32-316.31\r\n linux-image-2.6.32-32-386 2.6.32-32.62\r\n linux-image-2.6.32-32-generic 2.6.32-32.62\r\n linux-image-2.6.32-32-generic-pae 2.6.32-32.62\r\n linux-image-2.6.32-32-ia64 2.6.32-32.62\r\n linux-image-2.6.32-32-lpia 2.6.32-32.62\r\n linux-image-2.6.32-32-powerpc 2.6.32-32.62\r\n linux-image-2.6.32-32-powerpc-smp 2.6.32-32.62\r\n linux-image-2.6.32-32-powerpc64-smp 2.6.32-32.62\r\n linux-image-2.6.32-32-preempt 2.6.32-32.62\r\n linux-image-2.6.32-32-server 2.6.32-32.62\r\n linux-image-2.6.32-32-sparc64 2.6.32-32.62\r\n linux-image-2.6.32-32-sparc64-smp 2.6.32-32.62\r\n linux-image-2.6.32-32-versatile 2.6.32-32.62\r\n linux-image-2.6.32-32-virtual 2.6.32-32.62\r\n\r\nAfter a standard system update you need to reboot your computer to make\r\nall the necessary changes.\r\n\r\nATTENTION: Due to an unavoidable ABI change the kernel updates have\r\nbeen given a new version number, which requires you to recompile and\r\nreinstall all third party kernel modules you might have installed. If\r\nyou use linux-restricted-modules, you have to update that package as\r\nwell to get modules which work with the new kernel version. Unless you\r\nmanually uninstalled the standard kernel metapackages &#40;e.g. linux-generic,\r\nlinux-server, linux-powerpc&#41;, a standard system upgrade will automatically\r\nperform this as well.\r\n\r\nReferences:\r\n CVE-2010-4243, CVE-2010-4263, CVE-2010-4342, CVE-2010-4529,\r\n CVE-2010-4565, CVE-2010-4656, CVE-2011-0463, CVE-2011-0521,\r\n CVE-2011-0695, CVE-2011-0712, CVE-2011-0726, CVE-2011-1010,\r\n CVE-2011-1012, CVE-2011-1013, CVE-2011-1016, CVE-2011-1019,\r\n CVE-2011-1082, CVE-2011-1083, CVE-2011-1182\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/linux/2.6.32-32.62\r\n https://launchpad.net/ubuntu/+source/linux-ec2/2.6.32-316.31\r\n", "edition": 1, "modified": "2011-06-02T00:00:00", "published": "2011-06-02T00:00:00", "id": "SECURITYVULNS:DOC:26447", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26447", "title": "[USN-1141-1] Linux kernel vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T12:04:33", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0521", "CVE-2011-1476", "CVE-2011-1478", "CVE-2011-1573", "CVE-2010-4251", "CVE-2010-4656", "CVE-2011-1180", "CVE-2011-0712", "CVE-2011-1163", "CVE-2011-1013", "CVE-2011-0191", "CVE-2010-3880", "CVE-2011-1093", "CVE-2011-1016", "CVE-2011-1082", "CVE-2011-1477", "CVE-2011-1493", "CVE-2011-1182", "CVE-2011-1090"], "description": "The SUSE Linux Enterprise 11 Service Pack 1 kernel was updated to 2.6.32.36 and fixes various bugs and security issues.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2011-04-28T11:17:40", "published": "2011-04-28T11:17:40", "id": "SUSE-SA:2011:019", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00006.html", "title": "remote denial of service, local privilege in kernel", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:48:25", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0521", "CVE-2011-1476", "CVE-2011-1160", "CVE-2011-1478", "CVE-2011-1012", "CVE-2011-0711", "CVE-2010-4650", "CVE-2011-1180", "CVE-2011-1581", "CVE-2011-0712", "CVE-2011-1163", "CVE-2011-1013", "CVE-2011-0191", "CVE-2011-1093", "CVE-2011-1010", "CVE-2011-1016", "CVE-2011-1082", "CVE-2011-1477", "CVE-2011-1493", "CVE-2011-1182", "CVE-2011-1577"], "description": "The openSUSE 11.4 kernel was updated to 2.6.37.6 fixing lots of bugs and security issues.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2011-04-29T16:52:44", "published": "2011-04-29T16:52:44", "id": "SUSE-SA:2011:021", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00008.html", "type": "suse", "title": "remote denial of service in kernel", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2019-12-20T18:27:16", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1078", "CVE-2011-1494", "CVE-2011-1166", "CVE-2011-1079", "CVE-2011-1495", "CVE-2011-1163", "CVE-2011-1093", "CVE-2011-1170", "CVE-2011-1172", "CVE-2011-1171", "CVE-2011-0726", "CVE-2011-1763", "CVE-2011-1080", "CVE-2011-1577"], "description": "**CentOS Errata and Security Advisory** CESA-2011:0833\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* A flaw in the dccp_rcv_state_process() function could allow a remote\nattacker to cause a denial of service, even when the socket was already\nclosed. (CVE-2011-1093, Important)\n\n* Multiple buffer overflow flaws were found in the Linux kernel's\nManagement Module Support for Message Passing Technology (MPT) based\ncontrollers. A local, unprivileged user could use these flaws to cause a\ndenial of service, an information leak, or escalate their privileges.\n(CVE-2011-1494, CVE-2011-1495, Important)\n\n* A missing validation of a null-terminated string data structure element\nin the bnep_sock_ioctl() function could allow a local user to cause an\ninformation leak or a denial of service. (CVE-2011-1079, Moderate)\n\n* Missing error checking in the way page tables were handled in the Xen\nhypervisor implementation could allow a privileged guest user to cause the\nhost, and the guests, to lock up. (CVE-2011-1166, Moderate)\n\n* A flaw was found in the way the Xen hypervisor implementation checked for\nthe upper boundary when getting a new event channel port. A privileged\nguest user could use this flaw to cause a denial of service or escalate\ntheir privileges. (CVE-2011-1763, Moderate)\n\n* The start_code and end_code values in \"/proc/[pid]/stat\" were not\nprotected. In certain scenarios, this flaw could be used to defeat Address\nSpace Layout Randomization (ASLR). (CVE-2011-0726, Low)\n\n* A missing initialization flaw in the sco_sock_getsockopt() function could\nallow a local, unprivileged user to cause an information leak.\n(CVE-2011-1078, Low)\n\n* A missing validation of a null-terminated string data structure element\nin the do_replace() function could allow a local user who has the\nCAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1080, Low)\n\n* A buffer overflow flaw in the DEC Alpha OSF partition implementation in\nthe Linux kernel could allow a local attacker to cause an information leak\nby mounting a disk that contains specially-crafted partition tables.\n(CVE-2011-1163, Low)\n\n* Missing validations of null-terminated string data structure elements in\nthe do_replace(), compat_do_replace(), do_ipt_get_ctl(), do_ip6t_get_ctl(),\nand do_arpt_get_ctl() functions could allow a local user who has the\nCAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1170,\nCVE-2011-1171, CVE-2011-1172, Low)\n\n* A heap overflow flaw in the Linux kernel's EFI GUID Partition Table (GPT)\nimplementation could allow a local attacker to cause a denial of service\nby mounting a disk that contains specially-crafted partition tables.\n(CVE-2011-1577, Low)\n\nRed Hat would like to thank Dan Rosenberg for reporting CVE-2011-1494 and\nCVE-2011-1495; Vasiliy Kulikov for reporting CVE-2011-1079, CVE-2011-1078,\nCVE-2011-1080, CVE-2011-1170, CVE-2011-1171, and CVE-2011-1172; Kees Cook\nfor reporting CVE-2011-0726; and Timo Warns for reporting CVE-2011-1163\nand CVE-2011-1577.\n\nThis update also fixes several bugs. Documentation for these bug fixes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues, and fix the bugs noted in the Technical\nNotes. The system must be rebooted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-May/029647.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-May/029648.html\n\n**Affected packages:**\nkernel\nkernel-PAE\nkernel-PAE-devel\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-xen\nkernel-xen-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-0833.html", "edition": 3, "modified": "2011-05-31T23:49:25", "published": "2011-05-31T23:49:24", "href": "http://lists.centos.org/pipermail/centos-announce/2011-May/029647.html", "id": "CESA-2011:0833", "title": "kernel security update", "type": "centos", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-12-20T18:27:56", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1746", "CVE-2011-0695", "CVE-2010-4649", "CVE-2011-1776", "CVE-2011-1576", "CVE-2011-1573", "CVE-2011-2492", "CVE-2011-0711", "CVE-2011-2022", "CVE-2011-1044", "CVE-2011-1593", "CVE-2011-1936", "CVE-2011-2213", "CVE-2011-1745", "CVE-2011-1182"], "description": "**CentOS Errata and Security Advisory** CESA-2011:0927\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* An integer overflow flaw in ib_uverbs_poll_cq() could allow a local,\nunprivileged user to cause a denial of service or escalate their\nprivileges. (CVE-2010-4649, Important)\n\n* A race condition in the way new InfiniBand connections were set up could\nallow a remote user to cause a denial of service. (CVE-2011-0695,\nImportant)\n\n* A flaw in the Stream Control Transmission Protocol (SCTP) implementation\ncould allow a remote attacker to cause a denial of service if the sysctl\n\"net.sctp.addip_enable\" variable was turned on (it is off by default).\n(CVE-2011-1573, Important)\n\n* Flaws in the AGPGART driver implementation when handling certain IOCTL\ncommands could allow a local, unprivileged user to cause a denial of\nservice or escalate their privileges. (CVE-2011-1745, CVE-2011-2022,\nImportant)\n\n* An integer overflow flaw in agp_allocate_memory() could allow a local,\nunprivileged user to cause a denial of service or escalate their\nprivileges. (CVE-2011-1746, Important)\n\n* A flaw allowed napi_reuse_skb() to be called on VLAN (virtual LAN)\npackets. An attacker on the local network could trigger this flaw by\nsending specially-crafted packets to a target system, possibly causing a\ndenial of service. (CVE-2011-1576, Moderate)\n\n* An integer signedness error in next_pidmap() could allow a local,\nunprivileged user to cause a denial of service. (CVE-2011-1593, Moderate)\n\n* A flaw in the way the Xen hypervisor implementation handled CPUID\ninstruction emulation during virtual machine exits could allow an\nunprivileged guest user to crash a guest. This only affects systems that\nhave an Intel x86 processor with the Intel VT-x extension enabled.\n(CVE-2011-1936, Moderate)\n\n* A flaw in inet_diag_bc_audit() could allow a local, unprivileged user to\ncause a denial of service (infinite loop). (CVE-2011-2213, Moderate)\n\n* A missing initialization flaw in the XFS file system implementation\ncould lead to an information leak. (CVE-2011-0711, Low)\n\n* A flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to\ncause an information leak. (CVE-2011-1044, Low)\n\n* A missing validation check was found in the signals implementation. A\nlocal, unprivileged user could use this flaw to send signals via the\nsigqueueinfo system call, with the si_code set to SI_TKILL and with spoofed\nprocess and user IDs, to other processes. Note: This flaw does not allow\nexisting permission checks to be bypassed; signals can only be sent if your\nprivileges allow you to already do so. (CVE-2011-1182, Low)\n\n* A heap overflow flaw in the EFI GUID Partition Table (GPT) implementation\ncould allow a local attacker to cause a denial of service by mounting a\ndisk containing specially-crafted partition tables. (CVE-2011-1776, Low)\n\n* Structure padding in two structures in the Bluetooth implementation\nwas not initialized properly before being copied to user-space, possibly\nallowing local, unprivileged users to leak kernel stack memory to\nuser-space. (CVE-2011-2492, Low)\n\nRed Hat would like to thank Jens Kuehnel for reporting CVE-2011-0695;\nVasiliy Kulikov for reporting CVE-2011-1745, CVE-2011-2022, and\nCVE-2011-1746; Ryan Sweat for reporting CVE-2011-1576; Robert Swiecki for\nreporting CVE-2011-1593; Dan Rosenberg for reporting CVE-2011-2213 and\nCVE-2011-0711; Julien Tinnes of the Google Security Team for reporting\nCVE-2011-1182; Timo Warns for reporting CVE-2011-1776; and Marek Kroemeke\nand Filip Palian for reporting CVE-2011-2492.\n\nBug fix documentation will be available shortly from the Technical Notes\ndocument linked to in the References.\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues, and fix the bugs noted in the Technical\nNotes. The system must be rebooted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-July/029684.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-July/029685.html\n\n**Affected packages:**\nkernel\nkernel-PAE\nkernel-PAE-devel\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-xen\nkernel-xen-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-0927.html", "edition": 3, "modified": "2011-07-18T21:33:41", "published": "2011-07-18T21:33:40", "href": "http://lists.centos.org/pipermail/centos-announce/2011-July/029684.html", "id": "CESA-2011:0927", "title": "kernel security update", "type": "centos", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "exploitdb": [{"lastseen": "2016-02-04T00:25:09", "description": "Linux Kernel 2.6.x 'inotify_init()' Memory Leak Local Denial of Service Vulnerability. CVE-2010-4250. Dos exploit for linux platform", "published": "2010-11-24T00:00:00", "type": "exploitdb", "title": "Linux Kernel 2.6.x - 'inotify_init' Memory Leak Local Denial of Service Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-4250"], "modified": "2010-11-24T00:00:00", "id": "EDB-ID:35013", "href": "https://www.exploit-db.com/exploits/35013/", "sourceData": "source: http://www.securityfocus.com/bid/45036/info\r\n\r\nThe Linux kernel is prone to a local denial-of-service vulnerability.\r\n\r\nAttackers can exploit this issue to cause an out-of-memory condition, denying service to legitimate users. \r\n\r\n#include <sys/inotify.h>\r\n#include <unistd.h>\r\n\r\nint main(int argc, char *argv[])\r\n{\r\n int fds[2];\r\n\r\n /* Circumvent max inotify instances limit */\r\n while (pipe(fds) != -1)\r\n ;\r\n\r\n while (1)\r\n inotify_init();\r\n\r\n return 0;\r\n}\r\n\r\n", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/35013/"}], "seebug": [{"lastseen": "2017-11-19T18:06:03", "description": "BUGTRAQ ID: 46073\r\nCVE ID: CVE-2010-4649\r\n\r\nLinux Kernel\u662f\u5f00\u653e\u6e90\u7801\u64cd\u4f5c\u7cfb\u7edfLinux\u6240\u4f7f\u7528\u7684\u5185\u6838\u3002\r\n\r\nLinux Kernel\u7684&quot;ib_uverbs_poll_cq()&quot;\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u4ee5\u63d0\u5347\u7684\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u4f7f\u53d7\u5f71\u54cd\u5185\u6838\u5d29\u6e83\uff0c\u62d2\u7edd\u670d\u52a1\u5408\u6cd5\u7528\u6237\u3002\r\n\r\n\u5982\u679c\u7528\u6237\u7a7a\u95f4\u8ba1\u5165\u8f83\u5927\u7684cmd.ne\uff0cib_uverbs_poll_cq()\u4ee3\u7801\u4f1a\u51fa\u73b0\u6574\u6570\u6ea2\u51fa\u3002\u5bf9kmalloc()\u7684\u8c03\u7528\u5c06\u5206\u914d\u8f83\u5c0f\u7684\u7f13\u51b2\u533a\uff0c\u5bfc\u81f4\u5185\u5b58\u7834\u574f\u3002\u5982\u679c\u6ca1\u6709\u4f7f\u7528\u5b8cresp\uff0c\u4e5f\u4f1a\u9020\u6210\u4fe1\u606f\u6cc4\u9732\u3002\u867d\u7136\u76ee\u524d\u4ec5\u5b58\u5728\u4f7f\u7528\u6b64\u51fd\u6570\u7684RDMA\u8bbe\u5907\uff0c\u65e0\u6743\u9650\u7528\u6237\u7a7a\u95f4\u4e5f\u5c06\u8c03\u7528\u6b64\u51fd\u6570\u3002\n\nDebian Linux 5.0 x\r\nLinux kernel 2.6.x\r\nUbuntu Linux 10.04\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nDebian\r\n------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.debian.org/security/\r\n\r\nLinux\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.kernel.org/", "published": "2011-03-03T00:00:00", "type": "seebug", "title": "Linux Kernel &quot;ib_uverbs_poll_cq()&quot;\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-4649"], "modified": "2011-03-03T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20357", "id": "SSV:20357", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T18:04:00", "description": "Bugtraq ID: 47792\r\nCVE ID\uff1aCVE-2011-1019\r\n\r\nLinux\u662f\u4e00\u6b3e\u5f00\u653e\u6e90\u4ee3\u7801\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\ndev_load()\u5b58\u5728\u4e00\u4e2a\u7f3a\u9677\u5141\u8bb8\u6709CAP_NET_ADMIN capability\u7684\u672c\u5730\u7528\u6237\u4ece&quot;/lib/modules/&quot;\u88c5\u8f7d\u4efb\u610f\u6a21\u5757\uff0c\u800c\u672c\u6765\u53ea\u9650\u88c5\u8f7d\u4e0e\u7f51\u7edc\u76f8\u5173\u7684\u6a21\u5757\u5982netdev\u3002\n\nLinux kernel 2.6.x\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\n\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://bugzilla.redhat.com/show_bug.cgi?id=680360", "published": "2011-05-12T00:00:00", "title": "Linux Kernel 'CAP_NET_ADMIN'\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-1019"], "modified": "2011-05-12T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20537", "id": "SSV:20537", "sourceData": "", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T18:04:28", "description": "Bugtraq ID: 47639\r\nCVE ID\uff1aCVE-2011-1013\r\n\r\nLinux\u662f\u4e00\u6b3e\u5f00\u653e\u6e90\u4ee3\u7801\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\ndrm_modeset_ctl()\u6ca1\u6709\u6b63\u786e\u6821\u9a8c\u8f93\u5165\u53c2\u6570\u3002\u8fd9\u4e2a\u95ee\u9898\u662f\u56e0\u4e3acrtc\u53d8\u91cf\u4e3a\u7b26\u53f7\u7c7b\u578b\uff0c\u5411modeset\u53c2\u6570\u7ed3\u6784\u4f20\u9012\u8db3\u591f\u5927\u7684\u503c\u4f1a\u4ee5\u8d1f\u6570\u5904\u7406\uff0c\u5e76\u4e14\u53ef\u7ed5\u8fc7\u4e4b\u540e\u6b63\u786e\u7684\u8303\u56f4\u68c0\u67e5\u3002\u6b64\u53d8\u91cf\u4e4b\u540e\u7528\u4e8e\u7d22\u5f15\u53d8\u91cf\uff0c\u53ef\u5bfc\u81f4\u8d8a\u754c\u5199\u5165\u96f6\u6574\u6570\u3002\n\nSuSE SUSE Linux Enterprise High Availability Extension 11 SP1\r\n SuSE SUSE Linux Enterprise Desktop 11 SP1\r\n SuSE openSUSE 11.4\r\n OpenBSD OpenBSD -current\r\n Linux kernel 2.6.37\r\n Linux kernel 2.6.37\r\n Linux kernel 2.6.36\r\n Linux kernel 2.6.35\r\n Linux kernel 2.6.35\r\n Linux kernel 2.6.35\r\n Linux kernel 2.6.34\r\n Linux kernel 2.6.34\r\n Linux kernel 2.6.33 .1\r\n Linux kernel 2.6.33\r\n Linux kernel 2.6.32 .9\r\n Linux kernel 2.6.32\r\n Linux kernel 2.6.31 5\r\n Linux kernel 2.6.31 13\r\n Linux kernel 2.6.31 .2\r\n Linux kernel 2.6.31 .11\r\n Linux kernel 2.6.31 -rc7\r\n Linux kernel 2.6.31 -rc6\r\n Linux kernel 2.6.31 -rc3\r\n + Trustix Secure Enterprise Linux 2.0\r\n + Trustix Secure Linux 2.2\r\n + Trustix Secure Linux 2.1\r\n + Trustix Secure Linux 2.0\r\n Linux kernel 2.6.31 -rc1\r\n Linux kernel 2.6.31\r\n Linux kernel 2.6.30 .10\r\n Linux kernel 2.6.30 .1\r\n Linux kernel 2.6.30 -rc6\r\n Linux kernel 2.6.30 -rc5\r\n Linux kernel 2.6.30 -rc3\r\n Linux kernel 2.6.30 -rc2\r\n Linux kernel 2.6.30 -rc1\r\n Linux kernel 2.6.30\r\n Linux kernel 2.6.29 .4\r\n Linux kernel 2.6.29 .1\r\n Linux kernel 2.6.29 -git8\r\n Linux kernel 2.6.29 -git14\r\n Linux kernel 2.6.29 -git1\r\n Linux kernel 2.6.29\r\n Linux kernel 2.6.28 .9\r\n Linux kernel 2.6.28 .8\r\n Linux kernel 2.6.28 .6\r\n Linux kernel 2.6.28 .5\r\n Linux kernel 2.6.28 .3\r\n Linux kernel 2.6.28 .2\r\n Linux kernel 2.6.28 .1\r\n Linux kernel 2.6.28 -rc7\r\n Linux kernel 2.6.28 -rc5\r\n Linux kernel 2.6.28 -rc1\r\n Linux kernel 2.6.28 -git7\r\n Linux kernel 2.6.28\r\n Linux kernel 2.6.27 6\r\n Linux kernel 2.6.27 3\r\n Linux kernel 2.6.27 12\r\n Linux kernel 2.6.27 .8\r\n Linux kernel 2.6.27 .5\r\n Linux kernel 2.6.27 .5\r\n Linux kernel 2.6.27 .46\r\n Linux kernel 2.6.27 .24\r\n Linux kernel 2.6.27 .14\r\n Linux kernel 2.6.27 .13\r\n Linux kernel 2.6.27 .12\r\n Linux kernel 2.6.27 -rc8-git5\r\n Linux kernel 2.6.27 -rc8\r\n Linux kernel 2.6.27 -rc6-git6\r\n Linux kernel 2.6.27 -rc6\r\n Linux kernel 2.6.27 -rc5\r\n Linux kernel 2.6.27 -rc4\r\n Linux kernel 2.6.27 -rc2\r\n Linux kernel 2.6.27 -rc1\r\n Linux kernel 2.6.27\r\n Linux kernel 2.6.26 7\r\n Linux kernel 2.6.26 .6\r\n Linux kernel 2.6.26 .4\r\n Linux kernel 2.6.26 .3\r\n Linux kernel 2.6.26 -rc6\r\n Linux kernel 2.6.26\r\n Linux kernel 2.6.25 19\r\n Linux kernel 2.6.25 .9\r\n Linux kernel 2.6.25 .8\r\n Linux kernel 2.6.25 .7\r\n Linux kernel 2.6.25 .6\r\n Linux kernel 2.6.25 .5\r\n Linux kernel 2.6.25 .15\r\n Linux kernel 2.6.25 .13\r\n Linux kernel 2.6.25 .12\r\n Linux kernel 2.6.25 .11\r\n Linux kernel 2.6.25 .10\r\n Linux kernel 2.6.25\r\n Linux kernel 2.6.24 .2\r\n Linux kernel 2.6.24 .1\r\n Linux kernel 2.6.24 -rc5\r\n Linux kernel 2.6.24 -rc4\r\n Linux kernel 2.6.24 -rc3\r\n Linux kernel 2.6.24 -git13\r\n Linux kernel 2.6.24\r\n Linux kernel 2.6.23 .7\r\n Linux kernel 2.6.23 .7\r\n Linux kernel 2.6.23 .6\r\n Linux kernel 2.6.23 .6\r\n Linux kernel 2.6.23 .5\r\n Linux kernel 2.6.23 .5\r\n Linux kernel 2.6.23 .4\r\n Linux kernel 2.6.23 .4\r\n Linux kernel 2.6.23 .3\r\n Linux kernel 2.6.23 .3\r\n Linux kernel 2.6.23 .2\r\n Linux kernel 2.6.23 .2\r\n Linux kernel 2.6.23 -rc2\r\n Linux kernel 2.6.23 -rc1\r\n Linux kernel 2.6.23\r\n Linux kernel 2.6.23\r\n Linux kernel 2.6.22 rc6\r\n Linux kernel 2.6.22 .8\r\n Linux kernel 2.6.22 .7\r\n Linux kernel 2.6.22 .7\r\n Linux kernel 2.6.22 .6\r\n Linux kernel 2.6.22 .6\r\n Linux kernel 2.6.22 .5\r\n Linux kernel 2.6.22 .5\r\n Linux kernel 2.6.22 .4\r\n Linux kernel 2.6.22 .4\r\n Linux kernel 2.6.22 .3\r\n Linux kernel 2.6.22 .3\r\n Linux kernel 2.6.22 .2\r\n Linux kernel 2.6.22 .17\r\n Linux kernel 2.6.22 .16\r\n Linux kernel 2.6.22 .15\r\n Linux kernel 2.6.22 .14\r\n Linux kernel 2.6.22 .13\r\n Linux kernel 2.6.22 .12\r\n Linux kernel 2.6.22 .11\r\n Linux kernel 2.6.22 .1\r\n Linux kernel 2.6.22\r\n Linux kernel 2.6.22\r\n Linux kernel 2.6.21 rc7\r\n Linux kernel 2.6.21 git5\r\n Linux kernel 2.6.21 git4\r\n Linux kernel 2.6.21 git3\r\n Linux kernel 2.6.21 git2\r\n Linux kernel 2.6.21 git1\r\n Linux kernel 2.6.21 git 7\r\n Linux kernel 2.6.21 git 6\r\n Linux kernel 2.6.21 4\r\n Linux kernel 2.6.21 .7\r\n Linux kernel 2.6.21 .6\r\n Linux kernel 2.6.21 .3\r\n Linux kernel 2.6.21 .2\r\n Linux kernel 2.6.21 .1\r\n Linux kernel 2.6.21 -git8\r\n Linux kernel 2.6.21\r\n Linux kernel 2.6.20 .9\r\n Linux kernel 2.6.20 .8\r\n Linux kernel 2.6.20 .7\r\n Linux kernel 2.6.20 .6\r\n Linux kernel 2.6.20 .5\r\n Linux kernel 2.6.20 .4\r\n Linux kernel 2.6.20 .15\r\n Linux kernel 2.6.20 .14\r\n Linux kernel 2.6.20 .12\r\n Linux kernel 2.6.20 .10\r\n Linux kernel 2.6.20 .1\r\n Linux kernel 2.6.20 -git5\r\n Linux kernel 2.6.20\r\n Linux kernel 2.6.19 .4\r\n Linux kernel 2.6.19 .3\r\n Linux kernel 2.6.19 .2\r\n Linux kernel 2.6.19 .1\r\n Linux kernel 2.6.19 -rc4\r\n Linux kernel 2.6.19 -rc3\r\n Linux kernel 2.6.19 -rc2\r\n Linux kernel 2.6.19 -rc1\r\n Linux kernel 2.6.19\r\n Linux kernel 2.6.18 rc7\r\n Linux kernel 2.6.18 rc6\r\n Linux kernel 2.6.18 rc5\r\n Linux kernel 2.6.18 rc4\r\n Linux kernel 2.6.18 rc3\r\n Linux kernel 2.6.18 rc2\r\n Linux kernel 2.6.18 rc1\r\n Linux kernel 2.6.18 .8\r\n Linux kernel 2.6.18 .7\r\n Linux kernel 2.6.18 .6\r\n Linux kernel 2.6.18 .5\r\n Linux kernel 2.6.18 .4\r\n Linux kernel 2.6.18 .4\r\n Linux kernel 2.6.18 .3\r\n Linux kernel 2.6.18 .3\r\n Linux kernel 2.6.18 .2\r\n Linux kernel 2.6.18 .1\r\n Linux kernel 2.6.17 rc6\r\n Linux kernel 2.6.17 rc4\r\n Linux kernel 2.6.17 rc3\r\n Linux kernel 2.6.17 rc2\r\n Linux kernel 2.6.17 rc1\r\n Linux kernel 2.6.17 .9\r\n Linux kernel 2.6.17 .9\r\n Linux kernel 2.6.17 .8\r\n Linux kernel 2.6.17 .8\r\n Linux kernel 2.6.17 .7\r\n Linux kernel 2.6.17 .7\r\n Linux kernel 2.6.17 .6\r\n Linux kernel 2.6.17 .6\r\n Linux kernel 2.6.17 .5\r\n Linux kernel 2.6.17 .5\r\n Linux kernel 2.6.17 .4\r\n Linux kernel 2.6.17 .4\r\n Linux kernel 2.6.17 .3\r\n Linux kernel 2.6.17 .3\r\n Linux kernel 2.6.17 .2\r\n Linux kernel 2.6.17 .2\r\n Linux kernel 2.6.17 .14\r\n Linux kernel 2.6.17 .14\r\n Linux kernel 2.6.17 .13\r\n Linux kernel 2.6.17 .13\r\n Linux kernel 2.6.17 .12\r\n Linux kernel 2.6.17 .12\r\n Linux kernel 2.6.17 .11\r\n Linux kernel 2.6.17 .11\r\n Linux kernel 2.6.17 .10\r\n Linux kernel 2.6.17 .10\r\n Linux kernel 2.6.17 .1\r\n Linux kernel 2.6.17 .1\r\n Linux kernel 2.6.17 -rc5\r\n Linux kernel 2.6.17\r\n Linux kernel 2.6.17\r\n Linux kernel 2.6.16 rc6\r\n Linux kernel 2.6.16 rc5\r\n Linux kernel 2.6.16 rc4\r\n Linux kernel 2.6.16 rc3\r\n Linux kernel 2.6.16 rc2\r\n Linux kernel 2.6.16 27\r\n Linux kernel 2.6.16 13\r\n Linux kernel 2.6.16 .9\r\n Linux kernel 2.6.16 .8\r\n Linux kernel 2.6.16 .8\r\n Linux kernel 2.6.16 .7\r\n Linux kernel 2.6.16 .6\r\n Linux kernel 2.6.16 .53\r\n Linux kernel 2.6.16 .52\r\n Linux kernel 2.6.16 .51\r\n Linux kernel 2.6.16 .50\r\n Linux kernel 2.6.16 .5\r\n Linux kernel 2.6.16 .5\r\n Linux kernel 2.6.16 .49\r\n Linux kernel 2.6.16 .48\r\n Linux kernel 2.6.16 .47\r\n Linux kernel 2.6.16 .46\r\n Linux kernel 2.6.16 .45\r\n Linux kernel 2.6.16 .44\r\n Linux kernel 2.6.16 .43\r\n Linux kernel 2.6.16 .41\r\n Linux kernel 2.6.16 .40\r\n Linux kernel 2.6.16 .4\r\n Linux kernel 2.6.16 .4\r\n Linux kernel 2.6.16 .39\r\n Linux kernel 2.6.16 .38\r\n Linux kernel 2.6.16 .37\r\n Linux kernel 2.6.16 .36\r\n Linux kernel 2.6.16 .35\r\n Linux kernel 2.6.16 .34\r\n Linux kernel 2.6.16 .33\r\n Linux kernel 2.6.16 .32\r\n Linux kernel 2.6.16 .31\r\n Linux kernel 2.6.16 .30\r\n Linux kernel 2.6.16 .3\r\n Linux kernel 2.6.16 .3\r\n Linux kernel 2.6.16 .29\r\n Linux kernel 2.6.16 .28\r\n Linux kernel 2.6.16 .27\r\n Linux kernel 2.6.16 .26\r\n Linux kernel 2.6.16 .25\r\n Linux kernel 2.6.16 .24\r\n Linux kernel 2.6.16 .23\r\n Linux kernel 2.6.16 .23\r\n Linux kernel 2.6.16 .23\r\n Linux kernel 2.6.16 .22\r\n Linux kernel 2.6.16 .21\r\n Linux kernel 2.6.16 .21\r\n Linux kernel 2.6.16 .20\r\n Linux kernel 2.6.16 .2\r\n Linux kernel 2.6.16 .2\r\n Linux kernel 2.6.16 .19\r\n Linux kernel 2.6.16 .18\r\n Linux kernel 2.6.16 .18\r\n Linux kernel 2.6.16 .17\r\n Linux kernel 2.6.16 .17\r\n Linux kernel 2.6.16 .16\r\n Linux kernel 2.6.16 .16\r\n Linux kernel 2.6.16 .15\r\n Linux kernel 2.6.16 .14\r\n Linux kernel 2.6.16 .12\r\n Linux kernel 2.6.16 .11\r\n Linux kernel 2.6.16 .10\r\n Linux kernel 2.6.16 .1\r\n Linux kernel 2.6.16 -rc1\r\n Linux kernel 2.6.16\r\n Linux kernel 2.6.16\r\n Linux kernel 2.6.15 rc7\r\n Linux kernel 2.6.15 .7\r\n Linux kernel 2.6.15 .6\r\n Linux kernel 2.6.15 .6\r\n Linux kernel 2.6.15 .4\r\n Linux kernel 2.6.15 .3\r\n Linux kernel 2.6.15 .3\r\n Linux kernel 2.6.15 .2\r\n Linux kernel 2.6.15 .1\r\n Linux kernel 2.6.15 .1\r\n Linux kernel 2.6.15 -rc6\r\n Linux kernel 2.6.15 -rc5\r\n Linux kernel 2.6.15 -rc4\r\n Linux kernel 2.6.15 -rc3\r\n Linux kernel 2.6.15 -rc2\r\n Linux kernel 2.6.15 -rc1\r\n Linux kernel 2.6.15\r\n Linux kernel 2.6.15\r\n Linux kernel 2.6.14 .7\r\n Linux kernel 2.6.14 .6\r\n Linux kernel 2.6.14 .5\r\n Linux kernel 2.6.14 .5\r\n Linux kernel 2.6.14 .4\r\n Linux kernel 2.6.14 .4\r\n Linux kernel 2.6.14 .3\r\n Linux kernel 2.6.14 .2\r\n Linux kernel 2.6.14 .1\r\n Linux kernel 2.6.14 -rc5\r\n Linux kernel 2.6.14 -rc4\r\n Linux kernel 2.6.14 -rc3\r\n Linux kernel 2.6.14 -rc2\r\n Linux kernel 2.6.14 -rc1\r\n Linux kernel 2.6.14\r\n Linux kernel 2.6.14\r\n Linux kernel 2.6.13 rc5\r\n Linux kernel 2.6.13 rc3\r\n Linux kernel 2.6.13 rc2\r\n Linux kernel 2.6.13 .5\r\n Linux kernel 2.6.13 .4\r\n Linux kernel 2.6.13 .3\r\n Linux kernel 2.6.13 .2\r\n Linux kernel 2.6.13 .1\r\n Linux kernel 2.6.13 -rc7\r\n Linux kernel 2.6.13 -rc6\r\n Linux kernel 2.6.13 -rc4\r\n Linux kernel 2.6.13 -rc1\r\n Linux kernel 2.6.13\r\n Linux kernel 2.6.13\r\n Linux kernel 2.6.12 rc6\r\n Linux kernel 2.6.12 rc3\r\n Linux kernel 2.6.12 rc2\r\n Linux kernel 2.6.12 .6\r\n Linux kernel 2.6.12 .5\r\n Linux kernel 2.6.12 .4\r\n Linux kernel 2.6.12 .3\r\n Linux kernel 2.6.12 .22\r\n Linux kernel 2.6.12 .2\r\n Linux kernel 2.6.12 .12\r\n Linux kernel 2.6.12 .1\r\n Linux kernel 2.6.12 -rc5\r\n Linux kernel 2.6.12 -rc4\r\n Linux kernel 2.6.12 -rc1\r\n Linux kernel 2.6.12\r\n Linux kernel 2.6.12\r\n Linux kernel 2.6.11 rc5\r\n Linux kernel 2.6.11 rc1\r\n Linux kernel 2.6.11 .9\r\n Linux kernel 2.6.11 .8\r\n Linux kernel 2.6.11 .7\r\n Linux kernel 2.6.11 .6\r\n Linux kernel 2.6.11 .5\r\n Linux kernel 2.6.11 .4\r\n Linux kernel 2.6.11 .3\r\n Linux kernel 2.6.11 .2\r\n Linux kernel 2.6.11 .12\r\n Linux kernel 2.6.11 .11\r\n Linux kernel 2.6.11 .10\r\n Linux kernel 2.6.11 .1\r\n Linux kernel 2.6.11 -rc4\r\n Linux kernel 2.6.11 -rc3\r\n Linux kernel 2.6.11 -rc2\r\n Linux kernel 2.6.11\r\n Linux kernel 2.6.11\r\n Linux kernel 2.6.10 rc3\r\n Linux kernel 2.6.10 rc2\r\n Linux kernel 2.6.10 rc1\r\n Linux kernel 2.6.10\r\n Linux kernel 2.6.10\r\n Linux kernel 2.6.9 rc4\r\n Linux kernel 2.6.9 rc3\r\n Linux kernel 2.6.9 rc2\r\n Linux kernel 2.6.9 rc1\r\n Linux kernel 2.6.9 final\r\n Linux kernel 2.6.9\r\n Linux kernel 2.6.9\r\n Linux kernel 2.6.8 rc4\r\n Linux kernel 2.6.8 rc3\r\n Linux kernel 2.6.8 rc2\r\n Linux kernel 2.6.8 rc1\r\n + Ubuntu Ubuntu Linux 4.1 ppc\r\n + Ubuntu Ubuntu Linux 4.1 ia64\r\n + Ubuntu Ubuntu Linux 4.1 ia32\r\n Linux kernel 2.6.8\r\n Linux kernel 2.6.8\r\n Linux kernel 2.6.7 rc3\r\n Linux kernel 2.6.7 rc2\r\n Linux kernel 2.6.7 rc1\r\n Linux kernel 2.6.7\r\n Linux kernel 2.6.7\r\n Linux kernel 2.6.6 rc3\r\n Linux kernel 2.6.6 rc2\r\n Linux kernel 2.6.6 rc1\r\n Linux kernel 2.6.6\r\n Linux kernel 2.6.6\r\n Linux kernel 2.6.5 rc3\r\n Linux kernel 2.6.5 rc2\r\n Linux kernel 2.6.5 rc1\r\n Linux kernel 2.6.5\r\n Linux kernel 2.6.5\r\n Linux kernel 2.6.4 rc3\r\n Linux kernel 2.6.4 rc2\r\n Linux kernel 2.6.4 rc1\r\n Linux kernel 2.6.4\r\n Linux kernel 2.6.4\r\n Linux kernel 2.6.3 rc4\r\n Linux kernel 2.6.3 rc3\r\n Linux kernel 2.6.3 rc2\r\n Linux kernel 2.6.3 rc1\r\n Linux kernel 2.6.3\r\n Linux kernel 2.6.3\r\n Linux kernel 2.6.2 rc3\r\n Linux kernel 2.6.2 rc2\r\n Linux kernel 2.6.2 rc1\r\n Linux kernel 2.6.2\r\n Linux kernel 2.6.2\r\n Linux kernel 2.6.1 rc3\r\n Linux kernel 2.6.1 0\r\n Linux kernel 2.6.1 -rc2\r\n Linux kernel 2.6.1 -rc1\r\n Linux kernel 2.6.1\r\n Linux kernel 2.6 .10\r\n Linux kernel 2.6 -test9-CVS\r\n Linux kernel 2.6 -test9\r\n Linux kernel 2.6 -test8\r\n Linux kernel 2.6 -test7\r\n Linux kernel 2.6 -test6\r\n Linux kernel 2.6 -test5\r\n Linux kernel 2.6 -test4\r\n Linux kernel 2.6 -test3\r\n Linux kernel 2.6 -test2\r\n Linux kernel 2.6 -test11\r\n Linux kernel 2.6 -test10\r\n Linux kernel 2.6 -test1\r\n Linux kernel 2.6\r\n Linux kernel 2.6.8.1\r\n Linux kernel 2.6.8.1\r\n Linux kernel 2.6.38-rc4\r\n Linux kernel 2.6.38-rc2\r\n Linux kernel 2.6.37rc\r\n Linux kernel 2.6.37-rc7\r\n Linux kernel 2.6.37-rc2\r\n Linux kernel 2.6.37-rc1\r\n Linux kernel 2.6.36.2 (stable)\r\n Linux kernel 2.6.36-rc8\r\n Linux kernel 2.6.36-rc6\r\n Linux kernel 2.6.36-rc5\r\n Linux kernel 2.6.36-rc4\r\n Linux kernel 2.6.36-rc1\r\n Linux kernel 2.6.35.5\r\n Linux kernel 2.6.35.4\r\n Linux kernel 2.6.35.1\r\n Linux kernel 2.6.35.1\r\n Linux kernel 2.6.35-rc6\r\n Linux kernel 2.6.35-rc5-git5\r\n Linux kernel 2.6.35-rc5\r\n Linux kernel 2.6.35-rc4\r\n Linux kernel 2.6.35-rc1\r\n Linux kernel 2.6.34.3\r\n Linux kernel 2.6.34.2\r\n Linux kernel 2.6.34.1\r\n Linux kernel 2.6.34-rc6\r\n Linux kernel 2.6.34-rc5\r\n Linux kernel 2.6.34-rc4\r\n Linux kernel 2.6.34-rc2-git1\r\n Linux kernel 2.6.34-rc2\r\n Linux kernel 2.6.34-rc1\r\n Linux kernel 2.6.33.7\r\n Linux kernel 2.6.33-rc8\r\n Linux kernel 2.6.33-rc7\r\n Linux kernel 2.6.33-rc7\r\n Linux kernel 2.6.33-rc6-git5\r\n Linux kernel 2.6.33-rc6\r\n Linux kernel 2.6.33-rc5\r\n Linux kernel 2.6.33-rc4\r\n Linux kernel 2.6.32.8\r\n Linux kernel 2.6.32.7\r\n Linux kernel 2.6.32.6\r\n Linux kernel 2.6.32.5\r\n Linux kernel 2.6.32.4\r\n Linux kernel 2.6.32.3\r\n Linux kernel 2.6.32.28\r\n Linux kernel 2.6.32.22\r\n Linux kernel 2.6.32.2\r\n Linux kernel 2.6.32.18\r\n Linux kernel 2.6.32.17\r\n Linux kernel 2.6.32.16\r\n Linux kernel 2.6.32.15\r\n Linux kernel 2.6.32.14\r\n Linux kernel 2.6.32.13\r\n Linux kernel 2.6.32.12\r\n Linux kernel 2.6.32.11\r\n Linux kernel 2.6.32.10\r\n Linux kernel 2.6.32.1\r\n Linux kernel 2.6.32-rc8\r\n Linux kernel 2.6.32-rc7\r\n Linux kernel 2.6.32-rc5\r\n + Trustix Secure Enterprise Linux 2.0\r\n + Trustix Secure Linux 2.2\r\n + Trustix Secure Linux 2.1\r\n + Trustix Secure Linux 2.0\r\n Linux kernel 2.6.32-rc4\r\n Linux kernel 2.6.32-rc3\r\n Linux kernel 2.6.32-rc2\r\n Linux kernel 2.6.32-rc1\r\n Linux kernel 2.6.31.6\r\n Linux kernel 2.6.31.4\r\n Linux kernel 2.6.31.1\r\n Linux kernel 2.6.31-rc9\r\n Linux kernel 2.6.31-rc8\r\n Linux kernel 2.6.31-rc5-git3\r\n Linux kernel 2.6.31-rc4\r\n Linux kernel 2.6.31-rc2\r\n Linux kernel 2.6.31-git11\r\n + Trustix Secure Enterprise Linux 2.0\r\n + Trustix Secure Linux 2.2\r\n + Trustix Secure Linux 2.1\r\n + Trustix Secure Linux 2.0\r\n Linux kernel 2.6.30.5\r\n Linux kernel 2.6.30.4\r\n Linux kernel 2.6.30.3\r\n Linux kernel 2.6.29-rc2-git1\r\n Linux kernel 2.6.29-rc2\r\n Linux kernel 2.6.29-rc1\r\n Linux kernel 2.6.28.4\r\n Linux kernel 2.6.28.10\r\n Linux kernel 2.6.28-rc7\r\n Linux kernel 2.6.28-rc6\r\n Linux kernel 2.6.28-rc5\r\n Linux kernel 2.6.28-rc5\r\n Linux kernel 2.6.28-rc4\r\n Linux kernel 2.6.27.54\r\n Linux kernel 2.6.27.51\r\n Linux kernel 2.6.27.49\r\n Linux kernel 2.6.27.26\r\n Linux kernel 2.6.27-git3\r\n Linux kernel 2.6.26.1\r\n Linux kernel 2.6.26-rc5-git1\r\n Linux kernel 2.6.25.4\r\n Linux kernel 2.6.25.3\r\n Linux kernel 2.6.25.2\r\n Linux kernel 2.6.25.1\r\n Linux kernel 2.6.25-rc1\r\n Linux kernel 2.6.24.6\r\n Linux kernel 2.6.24.4\r\n Linux kernel 2.6.24.3\r\n Linux kernel 2.6.24-rc2\r\n Linux kernel 2.6.24-rc1\r\n Linux kernel 2.6.24 Rc3\r\n Linux kernel 2.6.24 Rc2\r\n Linux kernel 2.6.23.14\r\n Linux kernel 2.6.23.10\r\n Linux kernel 2.6.23.1\r\n Linux kernel 2.6.23.1\r\n Linux kernel 2.6.23.09\r\n Linux kernel 2.6.23 Rc2\r\n Linux kernel 2.6.22-rc7\r\n Linux kernel 2.6.22-rc1\r\n Linux kernel 2.6.21-RC6\r\n Linux kernel 2.6.21-RC5\r\n Linux kernel 2.6.21-RC4\r\n Linux kernel 2.6.21-RC3\r\n Linux kernel 2.6.20.3\r\n Linux kernel 2.6.20.2\r\n Linux kernel 2.6.20.13\r\n Linux kernel 2.6.20.11\r\n Linux kernel 2.6.20-rc2\r\n Linux kernel 2.6.20-2\r\n Linux kernel 2.6.19 -rc6\r\n Linux kernel 2.6.18.1\r\n Linux kernel 2.6.18-8.1.8.el5\r\n Linux kernel 2.6.18-53\r\n Linux kernel 2.6.18\r\n Linux kernel 2.6.16.9\r\n Linux kernel 2.6.16.7\r\n Linux kernel 2.6.16.19\r\n Linux kernel 2.6.16.13\r\n Linux kernel 2.6.16.12\r\n Linux kernel 2.6.16.11\r\n Linux kernel 2.6.15.5\r\n Linux kernel 2.6.15.5\r\n Linux kernel 2.6.15.4\r\n Linux kernel 2.6.15.11\r\n Linux kernel 2.6.15-27.48\r\n Linux kernel 2.6.14.3\r\n Linux kernel 2.6.14.2\r\n Linux kernel 2.6.14.1\r\n Linux kernel 2.6.13.4\r\n Linux kernel 2.6.13.3\r\n Linux kernel 2.6.13.2\r\n Linux kernel 2.6.13.1\r\n Linux kernel 2.6.12.6\r\n Linux kernel 2.6.12.5\r\n Linux kernel 2.6.12.4\r\n Linux kernel 2.6.12.3\r\n Linux kernel 2.6.12.2\r\n Linux kernel 2.6.12.1\r\n Linux kernel 2.6.11.8\r\n Linux kernel 2.6.11.7\r\n Linux kernel 2.6.11.6\r\n Linux kernel 2.6.11.5\r\n Linux kernel 2.6.11.4\r\n Linux kernel 2.6.11.12\r\n Linux kernel 2.6.11.11\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\n\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=1922756124ddd53846877416d92ba4a802bc658f", "published": "2011-05-04T00:00:00", "title": "Linux Kernel DRM IOCTL\u672c\u5730\u5185\u5b58\u7834\u574f\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-1013"], "modified": "2011-05-04T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20512", "id": "SSV:20512", "sourceData": "", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T18:03:59", "description": "Bugtraq ID: 47791\r\nCVE ID\uff1aCVE-2011-0726\r\n\r\nLinux\u662f\u4e00\u6b3e\u5f00\u653e\u6e90\u4ee3\u7801\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\u867d\u7136mm-&gt;start_stack\u53d7cross-uid\u67e5\u770b\u4fdd\u62a4\uff0c\u4f46\u662f\u6ca1\u6709\u5bf9start_code\u548cend_code\u8fdb\u884c\u76f8\u5e94\u7684\u4fdd\u62a4\uff0c\u8fd9\u4e2a\u5141\u8bb8\u6cc4\u9732PIE\u4e24\u8fdb\u5236\u7a0b\u5e8f\u7684text.Location\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8fd9\u4e2a\u4fe1\u606f\u7ed5\u8fc7ASLR\u4fdd\u62a4\u3002\n\nLinux kernel 2.6.x\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\n\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://lkml.org/lkml/2011/3/11/380", "published": "2011-05-12T00:00:00", "title": "Linux Kernel '/proc/[pid]/stat'\u672c\u5730\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-0726"], "modified": "2011-05-12T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20536", "id": "SSV:20536", "sourceData": "", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": ""}]}