openSUSE: Security Advisory for kernel (openSUSE-SU-2014:0677-1)
2014-05-26T00:00:00
ID OPENVAS:1361412562310850586 Type openvas Reporter Copyright (C) 2014 Greenbone Networks GmbH Modified 2020-01-31T00:00:00
Description
The remote host is missing an update for the
# Copyright (C) 2014 Greenbone Networks GmbH
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (C) of their respective author(s)
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.850586");
script_version("2020-01-31T08:23:39+0000");
script_tag(name:"last_modification", value:"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)");
script_tag(name:"creation_date", value:"2014-05-26 14:37:15 +0530 (Mon, 26 May 2014)");
script_cve_id("CVE-2013-4254", "CVE-2013-4579", "CVE-2013-6885", "CVE-2014-0101",
"CVE-2014-0196", "CVE-2014-0691", "CVE-2014-1438", "CVE-2014-1444",
"CVE-2014-1445", "CVE-2014-1446", "CVE-2014-1690", "CVE-2014-1737",
"CVE-2014-1738", "CVE-2014-1874", "CVE-2014-2523", "CVE-2014-2672");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_name("openSUSE: Security Advisory for kernel (openSUSE-SU-2014:0677-1)");
script_tag(name:"affected", value:"kernel on openSUSE 12.3");
script_tag(name:"insight", value:"The Linux Kernel was updated to fix various security issues and bugs.
Main security issues fixed:
A security issue in the tty layer that was fixed that could be used by
local attackers for code execution (CVE-2014-0196).
Two security issues in the floppy driver were fixed that could be used by
local attackers on machines with the floppy to crash the kernel or
potentially execute code in the kernel (CVE-2014-1737 CVE-2014-1738).
Other security issues and bugs that were fixed:
- netfilter: nf_nat: fix access to uninitialized buffer in IRC NAT helper
(bnc#860835 CVE-2014-1690).
- net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH
(bnc#866102, CVE-2014-0101).
- n_tty: Fix a n_tty_write crash and code execution when echoing in raw
mode (bnc#871252 bnc#875690 CVE-2014-0196).
- netfilter: nf_ct_sip: support Cisco 7941/7945 IP phones (bnc#873717).
- Update config files: re-enable twofish crypto support Software twofish
crypto support was disabled in several architectures since openSUSE
10.3. For i386 and x86_64 it was on purpose, because
hardware-accelerated alternatives exist. However for all other
architectures it was by accident. Re-enable software twofish crypto
support in arm, ia64 and ppc configuration files, to guarantee that at
least one implementation is always available (bnc#871325).
- Update config files: disable CONFIG_TOUCHSCREEN_W90X900 The w90p910_ts
driver only makes sense on the W90x900 architecture, which we do not
support.
- ath9k: protect tid- sched check (bnc#871148, CVE-2014-2672).
- Fix dst_neigh_lookup/dst_neigh_lookup_skb return value handling bug
(bnc#869898).
- SELinux: Fix kernel BUG on empty security contexts
(bnc#863335, CVE-2014-1874).
- hamradio/yam: fix info leak in ioctl (bnc#858872, CVE-2014-1446).
- wanxl: fix info leak in ioctl (bnc#858870, CVE-2014-1445).
- farsync: fix info leak in ioctl (bnc#858869, CVE-2014-1444).
- ARM: 7809/1: perf: fix event validation for software group leaders
(CVE-2013-4254, bnc#837111).
- netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages
(bnc#868653, CVE-2014-2523).
- ath9k_htc: properly set MAC address and BSSID mask (bnc#851426,
CVE-2013-4579).
- drm/ttm: don't oops if no invalidate_caches() (bnc#869414).
- Apply missing patches.fixes/drm-nouveau-hwmon-rename-fan0-to-fan1.patch
- xfs: growfs: use uncached buffers for new headers (bnc#858233).
- xfs: use btree block initialisation functions in growfs (bnc#858233).
- Revert 'Delete
patches.fixes/xfs-fix-xfs_buf_find-oops-on-blocks-beyond-the-filesyst ...
Description truncated, please see the referenced URL(s) for more information.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"openSUSE-SU", value:"2014:0677-1");
script_tag(name:"summary", value:"The remote host is missing an update for the 'kernel'
package(s) announced via the referenced advisory.");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2014 Greenbone Networks GmbH");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse", "ssh/login/rpms", re:"ssh/login/release=openSUSE12\.3");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "openSUSE12.3") {
if(!isnull(res = isrpmvuln(pkg:"kernel-default", rpm:"kernel-default~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-base", rpm:"kernel-default-base~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-base-debuginfo", rpm:"kernel-default-base-debuginfo~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-debuginfo", rpm:"kernel-default-debuginfo~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-debugsource", rpm:"kernel-default-debugsource~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-devel", rpm:"kernel-default-devel~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-devel-debuginfo", rpm:"kernel-default-devel-debuginfo~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-syms", rpm:"kernel-syms~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-debug", rpm:"kernel-debug~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-debug-base", rpm:"kernel-debug-base~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-debug-base-debuginfo", rpm:"kernel-debug-base-debuginfo~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-debug-debuginfo", rpm:"kernel-debug-debuginfo~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-debug-debugsource", rpm:"kernel-debug-debugsource~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-debug-devel", rpm:"kernel-debug-devel~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-debug-devel-debuginfo", rpm:"kernel-debug-devel-debuginfo~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-desktop", rpm:"kernel-desktop~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-desktop-base", rpm:"kernel-desktop-base~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-desktop-base-debuginfo", rpm:"kernel-desktop-base-debuginfo~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-desktop-debuginfo", rpm:"kernel-desktop-debuginfo~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-desktop-debugsource", rpm:"kernel-desktop-debugsource~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-desktop-devel", rpm:"kernel-desktop-devel~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-desktop-devel-debuginfo", rpm:"kernel-desktop-devel-debuginfo~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-ec2", rpm:"kernel-ec2~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-ec2-base", rpm:"kernel-ec2-base~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-ec2-base-debuginfo", rpm:"kernel-ec2-base-debuginfo~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-ec2-debuginfo", rpm:"kernel-ec2-debuginfo~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-ec2-debugsource", rpm:"kernel-ec2-debugsource~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-ec2-devel", rpm:"kernel-ec2-devel~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-ec2-devel-debuginfo", rpm:"kernel-ec2-devel-debuginfo~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-trace", rpm:"kernel-trace~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-trace-base", rpm:"kernel-trace-base~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-trace-base-debuginfo", rpm:"kernel-trace-base-debuginfo~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-trace-debuginfo", rpm:"kernel-trace-debuginfo~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-trace-debugsource", rpm:"kernel-trace-debugsource~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-trace-devel", rpm:"kernel-trace-devel~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-trace-devel-debuginfo", rpm:"kernel-trace-devel-debuginfo~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-vanilla", rpm:"kernel-vanilla~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-vanilla-debuginfo", rpm:"kernel-vanilla-debuginfo~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-vanilla-debugsource", rpm:"kernel-vanilla-debugsource~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-vanilla-devel", rpm:"kernel-vanilla-devel~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-vanilla-devel-debuginfo", rpm:"kernel-vanilla-devel-debuginfo~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-xen", rpm:"kernel-xen~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-xen-base", rpm:"kernel-xen-base~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-xen-base-debuginfo", rpm:"kernel-xen-base-debuginfo~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-xen-debuginfo", rpm:"kernel-xen-debuginfo~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-xen-debugsource", rpm:"kernel-xen-debugsource~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-xen-devel", rpm:"kernel-xen-devel~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-xen-devel-debuginfo", rpm:"kernel-xen-devel-debuginfo~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-devel", rpm:"kernel-devel~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-docs", rpm:"kernel-docs~3.7.10~1.32.2", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-source", rpm:"kernel-source~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-source-vanilla", rpm:"kernel-source-vanilla~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-pae", rpm:"kernel-pae~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-pae-base", rpm:"kernel-pae-base~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-pae-base-debuginfo", rpm:"kernel-pae-base-debuginfo~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-pae-debuginfo", rpm:"kernel-pae-debuginfo~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-pae-debugsource", rpm:"kernel-pae-debugsource~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-pae-devel", rpm:"kernel-pae-devel~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-pae-devel-debuginfo", rpm:"kernel-pae-devel-debuginfo~3.7.10~1.32.1", rls:"openSUSE12.3"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
{"id": "OPENVAS:1361412562310850586", "type": "openvas", "bulletinFamily": "scanner", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2014:0677-1)", "description": "The remote host is missing an update for the ", "published": "2014-05-26T00:00:00", "modified": "2020-01-31T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850586", "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "references": ["2014:0677-1"], "cvelist": ["CVE-2014-2672", "CVE-2014-1737", "CVE-2014-1874", "CVE-2013-4254", "CVE-2014-1738", "CVE-2014-1446", "CVE-2014-0196", "CVE-2013-4579", "CVE-2014-0691", "CVE-2014-1444", "CVE-2014-1438", "CVE-2013-6885", "CVE-2014-1445", "CVE-2014-2523", "CVE-2014-0101", "CVE-2014-1690"], "lastseen": "2020-01-31T18:39:23", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["UBUNTU_USN-2133-1.NASL", "ORACLELINUX_ELSA-2014-3042.NASL", "EULEROS_SA-2019-1479.NASL", "OPENSUSE-2014-376.NASL", "UBUNTU_USN-2173-1.NASL", "SUSE_11_KERNEL-140513.NASL", "DEBIAN_DSA-2928.NASL", "SUSE_11_COMPAT-WIRELESS-140618.NASL", "REDHAT-RHSA-2014-0520.NASL", "OPENSUSE-2014-375.NASL"]}, {"type": "suse", "idList": ["SUSE-SU-2014:0807-1", "OPENSUSE-SU-2014:0677-1", "SUSE-SU-2014:0667-1", "SUSE-SU-2014:0683-1", "SUSE-SU-2014:0696-1", "OPENSUSE-SU-2014:0678-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310702928", "OPENVAS:1361412562310850807", "OPENVAS:841734", "OPENVAS:1361412562310850587", "OPENVAS:1361412562310841734", "OPENVAS:1361412562310841738", "OPENVAS:702928", "OPENVAS:841738", "OPENVAS:1361412562310851057", "OPENVAS:1361412562311220191479"]}, {"type": "cve", "idList": ["CVE-2014-2523", "CVE-2013-4579", "CVE-2014-2672", "CVE-2014-0691", "CVE-2014-1445", "CVE-2013-4254", "CVE-2014-1874", "CVE-2014-1444", "CVE-2013-6885", "CVE-2014-1446"]}, {"type": "f5", "idList": ["SOL15317", "F5:K15317", "F5:K15319", "SOL15319"]}, {"type": "redhat", "idList": ["RHSA-2014:0520", "RHSA-2014:0439", "RHSA-2014:0557", "RHSA-2014:0801"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2926-1:1D594", "DEBIAN:DSA-2928-1:6623C"]}, {"type": "ubuntu", "idList": ["USN-2228-1", "USN-2173-1", "USN-2134-1", "USN-2227-1", "USN-2223-1", "USN-2133-1", "USN-2174-1", "USN-2224-1"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-3041", "ELSA-2014-3043", "ELSA-2014-3042", "ELSA-2014-3016", "ELSA-2014-0771"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30730", "SECURITYVULNS:DOC:30535", "SECURITYVULNS:DOC:30721"]}], "modified": "2020-01-31T18:39:23", "rev": 2}, "score": {"value": 7.6, "vector": "NONE", "modified": "2020-01-31T18:39:23", "rev": 2}, "vulnersScore": 7.6}, "pluginID": "1361412562310850586", "sourceData": "# Copyright (C) 2014 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850586\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-05-26 14:37:15 +0530 (Mon, 26 May 2014)\");\n script_cve_id(\"CVE-2013-4254\", \"CVE-2013-4579\", \"CVE-2013-6885\", \"CVE-2014-0101\",\n \"CVE-2014-0196\", \"CVE-2014-0691\", \"CVE-2014-1438\", \"CVE-2014-1444\",\n \"CVE-2014-1445\", \"CVE-2014-1446\", \"CVE-2014-1690\", \"CVE-2014-1737\",\n \"CVE-2014-1738\", \"CVE-2014-1874\", \"CVE-2014-2523\", \"CVE-2014-2672\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2014:0677-1)\");\n\n script_tag(name:\"affected\", value:\"kernel on openSUSE 12.3\");\n\n script_tag(name:\"insight\", value:\"The Linux Kernel was updated to fix various security issues and bugs.\n\n Main security issues fixed:\n\n A security issue in the tty layer that was fixed that could be used by\n local attackers for code execution (CVE-2014-0196).\n\n Two security issues in the floppy driver were fixed that could be used by\n local attackers on machines with the floppy to crash the kernel or\n potentially execute code in the kernel (CVE-2014-1737 CVE-2014-1738).\n\n Other security issues and bugs that were fixed:\n\n - netfilter: nf_nat: fix access to uninitialized buffer in IRC NAT helper\n (bnc#860835 CVE-2014-1690).\n\n - net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH\n (bnc#866102, CVE-2014-0101).\n\n - n_tty: Fix a n_tty_write crash and code execution when echoing in raw\n mode (bnc#871252 bnc#875690 CVE-2014-0196).\n\n - netfilter: nf_ct_sip: support Cisco 7941/7945 IP phones (bnc#873717).\n\n - Update config files: re-enable twofish crypto support Software twofish\n crypto support was disabled in several architectures since openSUSE\n 10.3. For i386 and x86_64 it was on purpose, because\n hardware-accelerated alternatives exist. However for all other\n architectures it was by accident. Re-enable software twofish crypto\n support in arm, ia64 and ppc configuration files, to guarantee that at\n least one implementation is always available (bnc#871325).\n\n - Update config files: disable CONFIG_TOUCHSCREEN_W90X900 The w90p910_ts\n driver only makes sense on the W90x900 architecture, which we do not\n support.\n\n - ath9k: protect tid- sched check (bnc#871148, CVE-2014-2672).\n\n - Fix dst_neigh_lookup/dst_neigh_lookup_skb return value handling bug\n (bnc#869898).\n\n - SELinux: Fix kernel BUG on empty security contexts\n (bnc#863335, CVE-2014-1874).\n\n - hamradio/yam: fix info leak in ioctl (bnc#858872, CVE-2014-1446).\n\n - wanxl: fix info leak in ioctl (bnc#858870, CVE-2014-1445).\n\n - farsync: fix info leak in ioctl (bnc#858869, CVE-2014-1444).\n\n - ARM: 7809/1: perf: fix event validation for software group leaders\n (CVE-2013-4254, bnc#837111).\n\n - netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages\n (bnc#868653, CVE-2014-2523).\n\n - ath9k_htc: properly set MAC address and BSSID mask (bnc#851426,\n CVE-2013-4579).\n\n - drm/ttm: don't oops if no invalidate_caches() (bnc#869414).\n\n - Apply missing patches.fixes/drm-nouveau-hwmon-rename-fan0-to-fan1.patch\n\n - xfs: growfs: use uncached buffers for new headers (bnc#858233).\n\n - xfs: use btree block initialisation functions in growfs (bnc#858233).\n\n - Revert 'Delete\n patches.fixes/xfs-fix-xfs_buf_find-oops-on-blocks-beyond-the-filesyst ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"openSUSE-SU\", value:\"2014:0677-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE12\\.3\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE12.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel-debuginfo\", rpm:\"kernel-default-devel-debuginfo~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop\", rpm:\"kernel-desktop~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-base\", rpm:\"kernel-desktop-base~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-base-debuginfo\", rpm:\"kernel-desktop-base-debuginfo~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-debuginfo\", rpm:\"kernel-desktop-debuginfo~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-debugsource\", rpm:\"kernel-desktop-debugsource~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-devel\", rpm:\"kernel-desktop-devel~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-devel-debuginfo\", rpm:\"kernel-desktop-devel-debuginfo~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base-debuginfo\", rpm:\"kernel-ec2-base-debuginfo~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debuginfo\", rpm:\"kernel-ec2-debuginfo~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debugsource\", rpm:\"kernel-ec2-debugsource~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-devel\", rpm:\"kernel-ec2-devel~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-devel-debuginfo\", rpm:\"kernel-ec2-devel-debuginfo~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace\", rpm:\"kernel-trace~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-base\", rpm:\"kernel-trace-base~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-base-debuginfo\", rpm:\"kernel-trace-base-debuginfo~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-debuginfo\", rpm:\"kernel-trace-debuginfo~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-debugsource\", rpm:\"kernel-trace-debugsource~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-devel\", rpm:\"kernel-trace-devel~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-devel-debuginfo\", rpm:\"kernel-trace-devel-debuginfo~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel-debuginfo\", rpm:\"kernel-vanilla-devel-debuginfo~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base-debuginfo\", rpm:\"kernel-xen-base-debuginfo~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel-debuginfo\", rpm:\"kernel-xen-devel-debuginfo~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~3.7.10~1.32.2\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base-debuginfo\", rpm:\"kernel-pae-base-debuginfo~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debuginfo\", rpm:\"kernel-pae-debuginfo~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debugsource\", rpm:\"kernel-pae-debugsource~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-devel-debuginfo\", rpm:\"kernel-pae-devel-debuginfo~3.7.10~1.32.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "naslFamily": "SuSE Local Security Checks"}
{"nessus": [{"lastseen": "2021-01-20T12:27:38", "description": "The Linux Kernel was updated to fix various security issues and bugs.\n\nMain security issues fixed :\n\nA security issue in the tty layer that was fixed that could be used by\nlocal attackers for code execution (CVE-2014-0196).\n\nTwo security issues in the floppy driver were fixed that could be used\nby local attackers on machines with the floppy to crash the kernel or\npotentially execute code in the kernel (CVE-2014-1737 CVE-2014-1738).\n\nOther security issues and bugs that were fixed :\n\n - netfilter: nf_nat: fix access to uninitialized buffer in\n IRC NAT helper (bnc#860835 CVE-2014-1690).\n\n - net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer\n is AUTH (bnc#866102, CVE-2014-0101).\n\n - n_tty: Fix a n_tty_write crash and code execution when\n echoing in raw mode (bnc#871252 bnc#875690\n CVE-2014-0196).\n\n - netfilter: nf_ct_sip: support Cisco 7941/7945 IP phones\n (bnc#873717).\n\n - Update config files: re-enable twofish crypto support\n Software twofish crypto support was disabled in several\n architectures since openSUSE 10.3. For i386 and x86_64\n it was on purpose, because hardware-accelerated\n alternatives exist. However for all other architectures\n it was by accident. Re-enable software twofish crypto\n support in arm, ia64 and ppc configuration files, to\n guarantee that at least one implementation is always\n available (bnc#871325).\n\n - Update config files: disable CONFIG_TOUCHSCREEN_W90X900\n The w90p910_ts driver only makes sense on the W90x900\n architecture, which we do not support.\n\n - ath9k: protect tid->sched check\n (bnc#871148,CVE-2014-2672).\n\n - Fix dst_neigh_lookup/dst_neigh_lookup_skb return value\n handling bug (bnc#869898).\n\n - SELinux: Fix kernel BUG on empty security contexts\n (bnc#863335,CVE-2014-1874).\n\n - hamradio/yam: fix info leak in ioctl (bnc#858872,\n CVE-2014-1446).\n\n - wanxl: fix info leak in ioctl (bnc#858870,\n CVE-2014-1445).\n\n - farsync: fix info leak in ioctl (bnc#858869,\n CVE-2014-1444).\n\n - ARM: 7809/1: perf: fix event validation for software\n group leaders (CVE-2013-4254, bnc#837111).\n\n - netfilter: nf_conntrack_dccp: fix skb_header_pointer API\n usages (bnc#868653, CVE-2014-2523).\n\n - ath9k_htc: properly set MAC address and BSSID mask\n (bnc#851426, CVE-2013-4579).\n\n - drm/ttm: don't oops if no invalidate_caches()\n (bnc#869414).\n\n - Apply missing\n patches.fixes/drm-nouveau-hwmon-rename-fan0-to-fan1.patc\n h\n\n - xfs: growfs: use uncached buffers for new headers\n (bnc#858233).\n\n - xfs: use btree block initialisation functions in growfs\n (bnc#858233).\n\n - Revert 'Delete\n patches.fixes/xfs-fix-xfs_buf_find-oops-on-blocks-beyond\n -the-filesystem-end.' (bnc#858233) Put back again the\n patch\n patches.fixes/xfs-fix-xfs_buf_find-oops-on-blocks-beyond\n -the-filesystem-end back as there is a better fix than\n reverting the affecting patch.\n\n - Delete\n patches.fixes/xfs-fix-xfs_buf_find-oops-on-blocks-beyond\n -the-filesystem-end. It turned out that this patch\n causes regressions (bnc#858233) The upstream 3.7.x also\n reverted it in the end (commit c3793e0d94af2).\n\n - tcp: syncookies: reduce cookie lifetime to 128 seconds\n (bnc#833968).\n\n - tcp: syncookies: reduce mss table to four values\n (bnc#833968).\n\n - x86, cpu, amd: Add workaround for family 16h, erratum\n 793 (bnc#852967 CVE-2013-6885).\n\n - cifs: ensure that uncached writes handle unmapped areas\n correctly (bnc#864025 CVE-2014-0691).\n\n - x86, fpu, amd: Clear exceptions in AMD FXSAVE workaround\n (bnc#858638 CVE-2014-1438).\n\n - xencons: generalize use of add_preferred_console()\n (bnc#733022, bnc#852652).\n\n - balloon: don't crash in HVM-with-PoD guests.\n\n - hwmon: (coretemp) Fix truncated name of alarm\n attributes.\n\n - NFS: Avoid PUTROOTFH when managing leases (bnc#811746).\n\n - cifs: delay super block destruction until all\n cifsFileInfo objects are gone (bnc#862145).", "edition": 20, "cvss3": {"score": 7.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : kernel (openSUSE-SU-2014:0677-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-2672", "CVE-2014-1737", "CVE-2014-1874", "CVE-2013-4254", "CVE-2014-1738", "CVE-2014-1446", "CVE-2014-0196", "CVE-2013-4579", "CVE-2014-0691", "CVE-2014-1444", "CVE-2014-1438", "CVE-2013-6885", "CVE-2014-1445", "CVE-2014-2523", "CVE-2014-0101", "CVE-2014-1690"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debuginfo", "cpe:/o:novell:opensuse:12.3", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-trace", "p-cpe:/a:novell:opensuse:kernel-ec2-base", "p-cpe:/a:novell:opensuse:kernel-ec2", "p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debugsource", "p-cpe:/a:novell:opensuse:kernel-xen-devel", "p-cpe:/a:novell:opensuse:kernel-trace-base", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-base", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-base", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-ec2-debugsource", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:kernel-pae-devel", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-base", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-xen-debugsource", "p-cpe:/a:novell:opensuse:kernel-trace-devel", "p-cpe:/a:novell:opensuse:kernel-trace-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-ec2-devel", "p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-desktop-devel", "p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop", "p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-trace-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo"], "id": "OPENSUSE-2014-376.NASL", "href": "https://www.tenable.com/plugins/nessus/75364", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-376.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75364);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-4254\", \"CVE-2013-4579\", \"CVE-2013-6885\", \"CVE-2014-0101\", \"CVE-2014-0196\", \"CVE-2014-0691\", \"CVE-2014-1438\", \"CVE-2014-1444\", \"CVE-2014-1445\", \"CVE-2014-1446\", \"CVE-2014-1690\", \"CVE-2014-1737\", \"CVE-2014-1738\", \"CVE-2014-1874\", \"CVE-2014-2523\", \"CVE-2014-2672\");\n\n script_name(english:\"openSUSE Security Update : kernel (openSUSE-SU-2014:0677-1)\");\n script_summary(english:\"Check for the openSUSE-2014-376 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Linux Kernel was updated to fix various security issues and bugs.\n\nMain security issues fixed :\n\nA security issue in the tty layer that was fixed that could be used by\nlocal attackers for code execution (CVE-2014-0196).\n\nTwo security issues in the floppy driver were fixed that could be used\nby local attackers on machines with the floppy to crash the kernel or\npotentially execute code in the kernel (CVE-2014-1737 CVE-2014-1738).\n\nOther security issues and bugs that were fixed :\n\n - netfilter: nf_nat: fix access to uninitialized buffer in\n IRC NAT helper (bnc#860835 CVE-2014-1690).\n\n - net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer\n is AUTH (bnc#866102, CVE-2014-0101).\n\n - n_tty: Fix a n_tty_write crash and code execution when\n echoing in raw mode (bnc#871252 bnc#875690\n CVE-2014-0196).\n\n - netfilter: nf_ct_sip: support Cisco 7941/7945 IP phones\n (bnc#873717).\n\n - Update config files: re-enable twofish crypto support\n Software twofish crypto support was disabled in several\n architectures since openSUSE 10.3. For i386 and x86_64\n it was on purpose, because hardware-accelerated\n alternatives exist. However for all other architectures\n it was by accident. Re-enable software twofish crypto\n support in arm, ia64 and ppc configuration files, to\n guarantee that at least one implementation is always\n available (bnc#871325).\n\n - Update config files: disable CONFIG_TOUCHSCREEN_W90X900\n The w90p910_ts driver only makes sense on the W90x900\n architecture, which we do not support.\n\n - ath9k: protect tid->sched check\n (bnc#871148,CVE-2014-2672).\n\n - Fix dst_neigh_lookup/dst_neigh_lookup_skb return value\n handling bug (bnc#869898).\n\n - SELinux: Fix kernel BUG on empty security contexts\n (bnc#863335,CVE-2014-1874).\n\n - hamradio/yam: fix info leak in ioctl (bnc#858872,\n CVE-2014-1446).\n\n - wanxl: fix info leak in ioctl (bnc#858870,\n CVE-2014-1445).\n\n - farsync: fix info leak in ioctl (bnc#858869,\n CVE-2014-1444).\n\n - ARM: 7809/1: perf: fix event validation for software\n group leaders (CVE-2013-4254, bnc#837111).\n\n - netfilter: nf_conntrack_dccp: fix skb_header_pointer API\n usages (bnc#868653, CVE-2014-2523).\n\n - ath9k_htc: properly set MAC address and BSSID mask\n (bnc#851426, CVE-2013-4579).\n\n - drm/ttm: don't oops if no invalidate_caches()\n (bnc#869414).\n\n - Apply missing\n patches.fixes/drm-nouveau-hwmon-rename-fan0-to-fan1.patc\n h\n\n - xfs: growfs: use uncached buffers for new headers\n (bnc#858233).\n\n - xfs: use btree block initialisation functions in growfs\n (bnc#858233).\n\n - Revert 'Delete\n patches.fixes/xfs-fix-xfs_buf_find-oops-on-blocks-beyond\n -the-filesystem-end.' (bnc#858233) Put back again the\n patch\n patches.fixes/xfs-fix-xfs_buf_find-oops-on-blocks-beyond\n -the-filesystem-end back as there is a better fix than\n reverting the affecting patch.\n\n - Delete\n patches.fixes/xfs-fix-xfs_buf_find-oops-on-blocks-beyond\n -the-filesystem-end. It turned out that this patch\n causes regressions (bnc#858233) The upstream 3.7.x also\n reverted it in the end (commit c3793e0d94af2).\n\n - tcp: syncookies: reduce cookie lifetime to 128 seconds\n (bnc#833968).\n\n - tcp: syncookies: reduce mss table to four values\n (bnc#833968).\n\n - x86, cpu, amd: Add workaround for family 16h, erratum\n 793 (bnc#852967 CVE-2013-6885).\n\n - cifs: ensure that uncached writes handle unmapped areas\n correctly (bnc#864025 CVE-2014-0691).\n\n - x86, fpu, amd: Clear exceptions in AMD FXSAVE workaround\n (bnc#858638 CVE-2014-1438).\n\n - xencons: generalize use of add_preferred_console()\n (bnc#733022, bnc#852652).\n\n - balloon: don't crash in HVM-with-PoD guests.\n\n - hwmon: (coretemp) Fix truncated name of alarm\n attributes.\n\n - NFS: Avoid PUTROOTFH when managing leases (bnc#811746).\n\n - cifs: delay super block destruction until all\n cifsFileInfo objects are gone (bnc#862145).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=733022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=811746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=833968\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=837111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=851426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=852652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=852967\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=858233\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=858638\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=858869\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=858870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=858872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=860835\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=862145\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=863335\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=864025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=866102\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=868653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=869414\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=869898\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=871148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=871252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=871325\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=873717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=875690\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=875798\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-05/msg00055.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"kernel-default-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"kernel-default-base-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"kernel-default-base-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"kernel-default-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"kernel-default-debugsource-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"kernel-default-devel-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"kernel-default-devel-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"kernel-devel-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"kernel-source-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"kernel-source-vanilla-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"kernel-syms-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-debug-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-debug-base-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-debug-base-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-debug-debugsource-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-debug-devel-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-debug-devel-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-desktop-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-desktop-base-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-desktop-base-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-desktop-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-desktop-debugsource-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-desktop-devel-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-desktop-devel-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-ec2-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-ec2-base-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-ec2-base-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-ec2-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-ec2-debugsource-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-ec2-devel-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-ec2-devel-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-pae-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-pae-base-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-pae-base-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-pae-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-pae-debugsource-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-pae-devel-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-pae-devel-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-trace-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-trace-base-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-trace-base-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-trace-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-trace-debugsource-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-trace-devel-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-trace-devel-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-vanilla-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-vanilla-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-vanilla-debugsource-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-vanilla-devel-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-vanilla-devel-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-xen-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-xen-base-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-xen-base-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-xen-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-xen-debugsource-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-xen-devel-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-xen-devel-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-debug-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-debug-base-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-debug-base-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-debug-debugsource-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-debug-devel-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-desktop-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-desktop-base-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-desktop-base-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-desktop-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-desktop-debugsource-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-desktop-devel-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-desktop-devel-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-ec2-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-ec2-base-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-ec2-base-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-ec2-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-ec2-debugsource-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-pae-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-pae-base-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-pae-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-pae-debugsource-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-pae-devel-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-trace-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-trace-base-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-trace-base-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-trace-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-trace-debugsource-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-trace-devel-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-trace-devel-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-vanilla-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-vanilla-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-vanilla-debugsource-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-vanilla-devel-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-vanilla-devel-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-xen-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-xen-devel-debuginfo-3.7.10-1.32.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:27:38", "description": "This Linux kernel security update fixes various security issues and\nbugs.\n\nThe Linux Kernel was updated to fix various security issues and bugs.\n\nMain security issues fixed :\n\nA security issue in the tty layer that was fixed that could be used by\nlocal attackers for code execution (CVE-2014-0196).\n\nTwo security issues in the floppy driver were fixed that could be used\nby local attackers on machines with the floppy to crash the kernel or\npotentially execute code in the kernel (CVE-2014-1737 CVE-2014-1738).\n\nOther security issues and bugfixes :\n\n - netfilter: nf_nat: fix access to uninitialized buffer in\n IRC NAT helper (bnc#860835 CVE-2014-1690).\n\n - net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer\n is AUTH (bnc#866102, CVE-2014-0101).\n\n - [media] ivtv: Fix Oops when no firmware is loaded\n (bnc#875440).\n\n - ALSA: hda - Add dock pin setups for Thinkpad T440\n (bnc#876699).\n\n - ip6tnl: fix double free of fb_tnl_dev on exit\n (bnc#876531).\n\n - Update arm config files: Enable all USB-to-serial\n drivers Specifically, enable USB_SERIAL_WISHBONE and\n USB_SERIAL_QT2 on all arm flavors.\n\n - mei: limit the number of consecutive resets\n (bnc#821619,bnc#852656).\n\n - mei: revamp mei reset state machine\n (bnc#821619,bnc#852656).\n\n - mei: use hbm idle state to prevent spurious resets\n (bnc#821619).\n\n - mei: do not run reset flow from the interrupt thread\n (bnc#821619,bnc#852656).\n\n - mei: don't get stuck in select during reset\n (bnc#821619).\n\n - mei: wake also writers on reset (bnc#821619).\n\n - mei: remove flash_work_queue (bnc#821619,bnc#852656).\n\n - mei: me: do not load the driver if the FW doesn't\n support MEI interface (bnc#821619).\n\n - Update ec2 config files: Disable CONFIG_CAN CAN support\n is disabled everywhere else, so disable it in ec2 too.\n\n - Refresh Xen patches (bnc#851244).\n\n - Update arm/exynos config file: disable AHCI_IMX This\n driver is only used on Freescale i.MX systems so it\n isn't needed on Exynos.\n\n - drm: Prefer noninterlace cmdline mode unless explicitly\n specified (bnc#853350).\n\n - kabi/severities: add exception for irda. The changes\n resulted in a 4x performance increase. Any external\n users of this API will also want to rebuild their\n modules.\n\n - i7core_edac: Fix PCI device reference count.\n\n - KABI: revert tcp: TSO packets automatic sizing.\n\n - KABI: revert tcp: TSQ can use a dynamic limit.\n\n - kabi: add exceptions for kvm and l2tp\n\n -\n patches.fixes/sunrpc-add-an-info-file-for-the-dummy-gssd\n -pipe.patch: Move include of utsname.h to where it's\n needed to avoid kABI breakage due to utsname becoming\n defined.\n\n - Update kabi files. The kABI references were never\n establishd at release.\n\n - Refresh patches.rpmify/chipidea-clean-up-dependencies\n Replace OF_DEVICE by OF (OF_DEVICE does not exist\n anymore.)\n\n - inet: fix addr_len/msg->msg_namelen assignment in\n recv_error and rxpmtu functions (bnc#857643\n CVE-2013-7263 CVE-2013-7264 CVE-2013-7265).\n\n - inet: prevent leakage of uninitialized memory to user in\n recv syscalls (bnc#857643 CVE-2013-7263 CVE-2013-7264\n CVE-2013-7265 CVE-2013-7281).\n\n - Update config files: re-enable twofish crypto support\n Software twofish crypto support was disabled in several\n architectures since openSUSE 10.3. For i386 and x86_64\n it was on purpose, because hardware-accelerated\n alternatives exist. However for all other architectures\n it was by accident. Re-enable software twofish crypto\n support in arm, ia64 and ppc configuration files, to\n guarantee that at least one implementation is always\n available (bnc#871325).\n\n - kvm: optimize away THP checks in kvm_is_mmio_pfn()\n (bnc#871160).\n\n - Update patches.fixes/mm-close-PageTail-race.patch\n (bnc#871160).\n\n - Update\n patches.fixes/mm-hugetlbfs-fix-hugetlbfs-optimization.pa\n tch (bnc#871160).\n\n - mm: close PageTail race (bnc#81660).\n\n - mm: hugetlbfs: fix hugetlbfs optimization (bnc#81660).\n\n - Update config files: disable CONFIG_TOUCHSCREEN_W90X900\n The w90p910_ts driver only makes sense on the W90x900\n architecture, which we do not support.\n\n - ath9k: protect tid->sched check\n (bnc#871148,CVE-2014-2672).\n\n - Update ec2 config files: disable CONFIG_INPUT_FF_MEMLESS\n This helper module is useless on EC2.\n\n - SELinux: Fix kernel BUG on empty security contexts\n (bnc#863335,CVE-2014-1874).\n\n - hamradio/yam: fix info leak in ioctl\n (bnc#858872,CVE-2014-1446).\n\n - netfilter: nf_conntrack_dccp: fix skb_header_pointer API\n usages (bnc#868653 CVE-2014-2523).\n\n - ath9k_htc: properly set MAC address and BSSID mask\n (bnc#851426,CVE-2013-4579).\n\n - drm/ttm: don't oops if no invalidate_caches()\n (bnc#869414).\n\n - Btrfs: do not bug_on if we try to cow a free space cache\n inode (bnc#863235).\n\n - Update vanilla config files: enable console rotation\n It's enabled in all other kernel flavors so it should be\n enabled in vanilla too.\n\n - Update config files. (CONFIG_EFIVAR_FS=m) Due to systemd\n can auto-load efivarfs.ko, so wet CONFIG_EFIVAR_FS to\n module on x86_64.\n\n - libata, freezer: avoid block device removal while system\n is frozen (bnc#849334).\n\n - Enable CONFIG_IRDA_FAST_RR=y (bnc#860502)\n\n - [media] bttv: don't setup the controls if there are no\n video devices (bnc#861750).\n\n - drm/i915/dp: add native aux defer retry limit\n (bnc#867718).\n\n - drm/i915/dp: increase native aux defer retry timeout\n (bnc#867718).\n\n - rpc_pipe: fix cleanup of dummy gssd directory when\n notification fails (bnc#862746).\n\n - sunrpc: add an 'info' file for the dummy gssd pipe\n (bnc#862746).\n\n - rpc_pipe: remove the clntXX dir if creating the pipe\n fails (bnc#862746).\n\n - Delete rpm/_constraints after mismerge\n\nSat Mar 8 00:41:07 CET 2014 - jbohac@suse.cz\n\n - Refresh\n patches.fixes/tcp-syncookies-reduce-cookie-lifetime-to-1\n 28-seconds.patch.\n\n - tcp: syncookies: reduce cookie lifetime to 128 seconds\n (bnc#833968).\n\n - tcp: syncookies: reduce mss table to four values\n (bnc#833968).\n\n - rpm/mkspec: Generate a per-architecture per-package\n _constraints file\n\n - rpm/mkspec: Remove dead code\n\n - Refresh\n patches.fixes/rtc-cmos-add-an-alarm-disable-quirk.patch.\n\n - rtc-cmos: Add an alarm disable quirk (bnc#812592).\n\n - Refresh patches.xen/xen-x86-EFI.\n\n - Refresh\n patches.apparmor/apparmor-compatibility-patch-for-v5-net\n work-control.\n patches.drivers/pstore_disable_efi_backend_by_default.pa\n tch. patches.fixes/dm-table-switch-to-readonly.\n patches.fixes/kvm-ioapic.patch.\n patches.fixes/kvm-macos.patch.\n patches.fixes/remount-no-shrink-dcache.\n patches.fixes/scsi-dh-queuedata-accessors.\n patches.suse/0001-vfs-Hooks-for-more-fine-grained-direct\n ory-permission.patch.\n patches.suse/ovl01-vfs-add-i_op-dentry_open.patch.\n patches.suse/sd_init.mark_majors_busy.patch.\n\n - rpm/mkspec: Fix whitespace in NoSource lines\n\n - rpm/kernel-binary.spec.in: Do not zero modules.dep\n before using it (bnc#866075)\n\n - rpm/kernel-obs-build.spec: Drop useless ExclusiveArch\n statement\n\n - Update config files. Set CONFIG_EFIVAR_FS to build-in\n for MOK support Update config files. Set\n CONFIG_EFIVAR_FS to build-in for MOK support\n\n - nfs: always make sure page is up-to-date before\n extending a write to cover the entire page (bnc#864867\n bnc#865075).\n\n - x86, cpu, amd: Add workaround for family 16h, erratum\n 793 (bnc#852967 CVE-2013-6885).\n\n - Refresh patches.xen/xen3-patch-3.10.\n\n - cifs: ensure that uncached writes handle unmapped areas\n correctly (bnc#864025 CVE-2014-0069).\n\n - x86, fpu, amd: Clear exceptions in AMD FXSAVE workaround\n (bnc#858638 CVE-2014-1438).\n\n - rpm/kernel-obs-build.spec: Do not mount /sys, the build\n script does it\n\n - Update config files: Disable TS5500-specific drivers\n These drivers are useless without TS5500 board support:\n mtd-ts5500, gpio-ts5500 and max197.\n\n - balloon: don't crash in HVM-with-PoD guests.\n\n - usbback: fix after c/s 1232:8806dfb939d4 (bnc#842553).\n\n - hwmon: (coretemp) Fix truncated name of alarm\n attributes.\n\n - rpm/kernel-obs-build.spec: Fix for ppc64le\n\n - Scripts: .nosrc.rpm should contain only the specfile\n (bnc #639379)\n\n - config: update arm7hl/exynos\n\n - Enhances exynos support :\n\n - Add USB support\n\n - Add sound support\n\n - Add devices (accelerometer, etc.) on arndale board\n\n - drm/cirrus: Fix cirrus drm driver for fbdev + qemu\n (bnc#856760).\n\n - Spec: zeroing modules.dep to get identical builds among\n different machines\n\n - doc/README.SUSE: Update to match the current package\n layout\n\n - Add the README.SUSE file to the packaging branch\n\n - lockd: send correct lock when granting a delayed lock\n (bnc#859342).\n\n - mm/page-writeback.c: do not count anon pages as\n dirtyable memory (reclaim stalls).\n\n - mm/page-writeback.c: fix dirty_balance_reserve\n subtraction from dirtyable memory (reclaim stalls).", "edition": 19, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : kernel (openSUSE-SU-2014:0678-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-2672", "CVE-2013-7265", "CVE-2014-1737", "CVE-2014-1874", "CVE-2014-1738", "CVE-2013-7264", "CVE-2014-1446", "CVE-2014-0196", "CVE-2013-4579", "CVE-2013-7263", "CVE-2014-1438", "CVE-2013-6885", "CVE-2013-7281", "CVE-2014-2523", "CVE-2014-0101", "CVE-2014-0069", "CVE-2014-1690"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:hdjmod-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:xen-doc-html", "p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:hdjmod-kmp-default", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-pae", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-tools", "p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:crash-eppic", "p-cpe:/a:novell:opensuse:kernel-pae-debuginfo", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-xen", "p-cpe:/a:novell:opensuse:pcfclock-debuginfo", "p-cpe:/a:novell:opensuse:xen-devel", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-trace", "p-cpe:/a:novell:opensuse:kernel-ec2-base", "p-cpe:/a:novell:opensuse:ipset-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-debugsource", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-pae", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop", "p-cpe:/a:novell:opensuse:virtualbox-qt", "p-cpe:/a:novell:opensuse:kernel-ec2", "p-cpe:/a:novell:opensuse:hdjmod-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debugsource", "p-cpe:/a:novell:opensuse:cloop-kmp-xen", "p-cpe:/a:novell:opensuse:virtualbox-debugsource", "p-cpe:/a:novell:opensuse:ndiswrapper-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-default", "p-cpe:/a:novell:opensuse:kernel-xen-devel", "p-cpe:/a:novell:opensuse:xen-kmp-desktop", "p-cpe:/a:novell:opensuse:kernel-trace-base", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:python-virtualbox", "p-cpe:/a:novell:opensuse:pcfclock-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:xen-kmp-pae", "p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo", "p-cpe:/a:novell:opensuse:ipset-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch", "p-cpe:/a:novell:opensuse:libipset3-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo", "p-cpe:/a:novell:opensuse:xen", "p-cpe:/a:novell:opensuse:iscsitarget", "p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch-pki", "p-cpe:/a:novell:opensuse:ipset-kmp-xen", "p-cpe:/a:novell:opensuse:crash-gcore-debuginfo", "p-cpe:/a:novell:opensuse:crash-eppic-debuginfo", "p-cpe:/a:novell:opensuse:cloop-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae", "p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop", "p-cpe:/a:novell:opensuse:crash-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-desktop", "p-cpe:/a:novell:opensuse:cloop-debugsource", "p-cpe:/a:novell:opensuse:xen-tools-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:crash-kmp-pae", "p-cpe:/a:novell:opensuse:openvswitch-switch-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo", "p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-base", "p-cpe:/a:novell:opensuse:pcfclock-debugsource", "p-cpe:/a:novell:opensuse:ndiswrapper-debugsource", "p-cpe:/a:novell:opensuse:pcfclock-kmp-pae", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default", "p-cpe:/a:novell:opensuse:iscsitarget-debugsource", "p-cpe:/a:novell:opensuse:kernel-xen-base", "p-cpe:/a:novell:opensuse:openvswitch-controller-debuginfo", "p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default", "p-cpe:/a:novell:opensuse:openvswitch-switch", "p-cpe:/a:novell:opensuse:xtables-addons", "p-cpe:/a:novell:opensuse:crash-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch-debugsource", "p-cpe:/a:novell:opensuse:openvswitch-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debugsource", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-desktop", "p-cpe:/a:novell:opensuse:xen-libs", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo", "p-cpe:/a:novell:opensuse:crash-debugsource", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-devel", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:ipset-devel", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:cloop-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo", "p-cpe:/a:novell:opensuse:crash-kmp-xen", "p-cpe:/a:novell:opensuse:cloop-kmp-pae", "p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-base", "p-cpe:/a:novell:opensuse:cloop-debuginfo", "p-cpe:/a:novell:opensuse:cloop-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock-kmp-default", "p-cpe:/a:novell:opensuse:crash-devel", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch-debuginfo", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:crash-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-32bit", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:ipset-kmp-default", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-xen-debugsource", "p-cpe:/a:novell:opensuse:kernel-trace-devel", "p-cpe:/a:novell:opensuse:kernel-trace-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:openvswitch-test", "p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:crash-kmp-desktop", "p-cpe:/a:novell:opensuse:crash-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-devel", "p-cpe:/a:novell:opensuse:hdjmod-kmp-pae", "p-cpe:/a:novell:opensuse:xen-debugsource", "p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop", "p-cpe:/a:novell:opensuse:crash-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:openvswitch-kmp-pae", "p-cpe:/a:novell:opensuse:virtualbox-websrv", "p-cpe:/a:novell:opensuse:cloop-kmp-default", "p-cpe:/a:novell:opensuse:pcfclock", "p-cpe:/a:novell:opensuse:libipset3", "p-cpe:/a:novell:opensuse:crash", "p-cpe:/a:novell:opensuse:kernel-desktop-devel", "p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo", "p-cpe:/a:novell:opensuse:xen-tools", "p-cpe:/a:novell:opensuse:cloop", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-default", "p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop", "p-cpe:/a:novell:opensuse:openvswitch-controller", "p-cpe:/a:novell:opensuse:virtualbox-guest-x11", "p-cpe:/a:novell:opensuse:python-openvswitch", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae", "p-cpe:/a:novell:opensuse:kernel-xen-debuginfo", "p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch-kmp-desktop", "p-cpe:/a:novell:opensuse:cloop-kmp-desktop", "p-cpe:/a:novell:opensuse:ipset-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-pae", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:python-openvswitch-test", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:ndiswrapper", "p-cpe:/a:novell:opensuse:openvswitch-kmp-default", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-default", "p-cpe:/a:novell:opensuse:xen-tools-domU", "p-cpe:/a:novell:opensuse:kernel-desktop", "p-cpe:/a:novell:opensuse:xen-kmp-default", "p-cpe:/a:novell:opensuse:hdjmod-kmp-xen", "p-cpe:/a:novell:opensuse:openvswitch-kmp-xen", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae", "p-cpe:/a:novell:opensuse:hdjmod-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:xtables-addons-debuginfo", "p-cpe:/a:novell:opensuse:ipset-debugsource", "p-cpe:/a:novell:opensuse:kernel-trace-debugsource", "p-cpe:/a:novell:opensuse:iscsitarget-debuginfo", "p-cpe:/a:novell:opensuse:crash-gcore", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:virtualbox-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-desktop", "p-cpe:/a:novell:opensuse:cloop-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:xen-xend-tools", "p-cpe:/a:novell:opensuse:virtualbox-devel", "p-cpe:/a:novell:opensuse:xen-xend-tools-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox", "p-cpe:/a:novell:opensuse:kernel-default-base", "cpe:/o:novell:opensuse:13.1", "p-cpe:/a:novell:opensuse:ipset", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-debugsource", "p-cpe:/a:novell:opensuse:crash-kmp-default", "p-cpe:/a:novell:opensuse:kernel-desktop-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo"], "id": "OPENSUSE-2014-375.NASL", "href": "https://www.tenable.com/plugins/nessus/75363", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-375.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75363);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-4579\", \"CVE-2013-6885\", \"CVE-2013-7263\", \"CVE-2013-7264\", \"CVE-2013-7265\", \"CVE-2013-7281\", \"CVE-2014-0069\", \"CVE-2014-0101\", \"CVE-2014-0196\", \"CVE-2014-1438\", \"CVE-2014-1446\", \"CVE-2014-1690\", \"CVE-2014-1737\", \"CVE-2014-1738\", \"CVE-2014-1874\", \"CVE-2014-2523\", \"CVE-2014-2672\");\n\n script_name(english:\"openSUSE Security Update : kernel (openSUSE-SU-2014:0678-1)\");\n script_summary(english:\"Check for the openSUSE-2014-375 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This Linux kernel security update fixes various security issues and\nbugs.\n\nThe Linux Kernel was updated to fix various security issues and bugs.\n\nMain security issues fixed :\n\nA security issue in the tty layer that was fixed that could be used by\nlocal attackers for code execution (CVE-2014-0196).\n\nTwo security issues in the floppy driver were fixed that could be used\nby local attackers on machines with the floppy to crash the kernel or\npotentially execute code in the kernel (CVE-2014-1737 CVE-2014-1738).\n\nOther security issues and bugfixes :\n\n - netfilter: nf_nat: fix access to uninitialized buffer in\n IRC NAT helper (bnc#860835 CVE-2014-1690).\n\n - net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer\n is AUTH (bnc#866102, CVE-2014-0101).\n\n - [media] ivtv: Fix Oops when no firmware is loaded\n (bnc#875440).\n\n - ALSA: hda - Add dock pin setups for Thinkpad T440\n (bnc#876699).\n\n - ip6tnl: fix double free of fb_tnl_dev on exit\n (bnc#876531).\n\n - Update arm config files: Enable all USB-to-serial\n drivers Specifically, enable USB_SERIAL_WISHBONE and\n USB_SERIAL_QT2 on all arm flavors.\n\n - mei: limit the number of consecutive resets\n (bnc#821619,bnc#852656).\n\n - mei: revamp mei reset state machine\n (bnc#821619,bnc#852656).\n\n - mei: use hbm idle state to prevent spurious resets\n (bnc#821619).\n\n - mei: do not run reset flow from the interrupt thread\n (bnc#821619,bnc#852656).\n\n - mei: don't get stuck in select during reset\n (bnc#821619).\n\n - mei: wake also writers on reset (bnc#821619).\n\n - mei: remove flash_work_queue (bnc#821619,bnc#852656).\n\n - mei: me: do not load the driver if the FW doesn't\n support MEI interface (bnc#821619).\n\n - Update ec2 config files: Disable CONFIG_CAN CAN support\n is disabled everywhere else, so disable it in ec2 too.\n\n - Refresh Xen patches (bnc#851244).\n\n - Update arm/exynos config file: disable AHCI_IMX This\n driver is only used on Freescale i.MX systems so it\n isn't needed on Exynos.\n\n - drm: Prefer noninterlace cmdline mode unless explicitly\n specified (bnc#853350).\n\n - kabi/severities: add exception for irda. The changes\n resulted in a 4x performance increase. Any external\n users of this API will also want to rebuild their\n modules.\n\n - i7core_edac: Fix PCI device reference count.\n\n - KABI: revert tcp: TSO packets automatic sizing.\n\n - KABI: revert tcp: TSQ can use a dynamic limit.\n\n - kabi: add exceptions for kvm and l2tp\n\n -\n patches.fixes/sunrpc-add-an-info-file-for-the-dummy-gssd\n -pipe.patch: Move include of utsname.h to where it's\n needed to avoid kABI breakage due to utsname becoming\n defined.\n\n - Update kabi files. The kABI references were never\n establishd at release.\n\n - Refresh patches.rpmify/chipidea-clean-up-dependencies\n Replace OF_DEVICE by OF (OF_DEVICE does not exist\n anymore.)\n\n - inet: fix addr_len/msg->msg_namelen assignment in\n recv_error and rxpmtu functions (bnc#857643\n CVE-2013-7263 CVE-2013-7264 CVE-2013-7265).\n\n - inet: prevent leakage of uninitialized memory to user in\n recv syscalls (bnc#857643 CVE-2013-7263 CVE-2013-7264\n CVE-2013-7265 CVE-2013-7281).\n\n - Update config files: re-enable twofish crypto support\n Software twofish crypto support was disabled in several\n architectures since openSUSE 10.3. For i386 and x86_64\n it was on purpose, because hardware-accelerated\n alternatives exist. However for all other architectures\n it was by accident. Re-enable software twofish crypto\n support in arm, ia64 and ppc configuration files, to\n guarantee that at least one implementation is always\n available (bnc#871325).\n\n - kvm: optimize away THP checks in kvm_is_mmio_pfn()\n (bnc#871160).\n\n - Update patches.fixes/mm-close-PageTail-race.patch\n (bnc#871160).\n\n - Update\n patches.fixes/mm-hugetlbfs-fix-hugetlbfs-optimization.pa\n tch (bnc#871160).\n\n - mm: close PageTail race (bnc#81660).\n\n - mm: hugetlbfs: fix hugetlbfs optimization (bnc#81660).\n\n - Update config files: disable CONFIG_TOUCHSCREEN_W90X900\n The w90p910_ts driver only makes sense on the W90x900\n architecture, which we do not support.\n\n - ath9k: protect tid->sched check\n (bnc#871148,CVE-2014-2672).\n\n - Update ec2 config files: disable CONFIG_INPUT_FF_MEMLESS\n This helper module is useless on EC2.\n\n - SELinux: Fix kernel BUG on empty security contexts\n (bnc#863335,CVE-2014-1874).\n\n - hamradio/yam: fix info leak in ioctl\n (bnc#858872,CVE-2014-1446).\n\n - netfilter: nf_conntrack_dccp: fix skb_header_pointer API\n usages (bnc#868653 CVE-2014-2523).\n\n - ath9k_htc: properly set MAC address and BSSID mask\n (bnc#851426,CVE-2013-4579).\n\n - drm/ttm: don't oops if no invalidate_caches()\n (bnc#869414).\n\n - Btrfs: do not bug_on if we try to cow a free space cache\n inode (bnc#863235).\n\n - Update vanilla config files: enable console rotation\n It's enabled in all other kernel flavors so it should be\n enabled in vanilla too.\n\n - Update config files. (CONFIG_EFIVAR_FS=m) Due to systemd\n can auto-load efivarfs.ko, so wet CONFIG_EFIVAR_FS to\n module on x86_64.\n\n - libata, freezer: avoid block device removal while system\n is frozen (bnc#849334).\n\n - Enable CONFIG_IRDA_FAST_RR=y (bnc#860502)\n\n - [media] bttv: don't setup the controls if there are no\n video devices (bnc#861750).\n\n - drm/i915/dp: add native aux defer retry limit\n (bnc#867718).\n\n - drm/i915/dp: increase native aux defer retry timeout\n (bnc#867718).\n\n - rpc_pipe: fix cleanup of dummy gssd directory when\n notification fails (bnc#862746).\n\n - sunrpc: add an 'info' file for the dummy gssd pipe\n (bnc#862746).\n\n - rpc_pipe: remove the clntXX dir if creating the pipe\n fails (bnc#862746).\n\n - Delete rpm/_constraints after mismerge\n\nSat Mar 8 00:41:07 CET 2014 - jbohac@suse.cz\n\n - Refresh\n patches.fixes/tcp-syncookies-reduce-cookie-lifetime-to-1\n 28-seconds.patch.\n\n - tcp: syncookies: reduce cookie lifetime to 128 seconds\n (bnc#833968).\n\n - tcp: syncookies: reduce mss table to four values\n (bnc#833968).\n\n - rpm/mkspec: Generate a per-architecture per-package\n _constraints file\n\n - rpm/mkspec: Remove dead code\n\n - Refresh\n patches.fixes/rtc-cmos-add-an-alarm-disable-quirk.patch.\n\n - rtc-cmos: Add an alarm disable quirk (bnc#812592).\n\n - Refresh patches.xen/xen-x86-EFI.\n\n - Refresh\n patches.apparmor/apparmor-compatibility-patch-for-v5-net\n work-control.\n patches.drivers/pstore_disable_efi_backend_by_default.pa\n tch. patches.fixes/dm-table-switch-to-readonly.\n patches.fixes/kvm-ioapic.patch.\n patches.fixes/kvm-macos.patch.\n patches.fixes/remount-no-shrink-dcache.\n patches.fixes/scsi-dh-queuedata-accessors.\n patches.suse/0001-vfs-Hooks-for-more-fine-grained-direct\n ory-permission.patch.\n patches.suse/ovl01-vfs-add-i_op-dentry_open.patch.\n patches.suse/sd_init.mark_majors_busy.patch.\n\n - rpm/mkspec: Fix whitespace in NoSource lines\n\n - rpm/kernel-binary.spec.in: Do not zero modules.dep\n before using it (bnc#866075)\n\n - rpm/kernel-obs-build.spec: Drop useless ExclusiveArch\n statement\n\n - Update config files. Set CONFIG_EFIVAR_FS to build-in\n for MOK support Update config files. Set\n CONFIG_EFIVAR_FS to build-in for MOK support\n\n - nfs: always make sure page is up-to-date before\n extending a write to cover the entire page (bnc#864867\n bnc#865075).\n\n - x86, cpu, amd: Add workaround for family 16h, erratum\n 793 (bnc#852967 CVE-2013-6885).\n\n - Refresh patches.xen/xen3-patch-3.10.\n\n - cifs: ensure that uncached writes handle unmapped areas\n correctly (bnc#864025 CVE-2014-0069).\n\n - x86, fpu, amd: Clear exceptions in AMD FXSAVE workaround\n (bnc#858638 CVE-2014-1438).\n\n - rpm/kernel-obs-build.spec: Do not mount /sys, the build\n script does it\n\n - Update config files: Disable TS5500-specific drivers\n These drivers are useless without TS5500 board support:\n mtd-ts5500, gpio-ts5500 and max197.\n\n - balloon: don't crash in HVM-with-PoD guests.\n\n - usbback: fix after c/s 1232:8806dfb939d4 (bnc#842553).\n\n - hwmon: (coretemp) Fix truncated name of alarm\n attributes.\n\n - rpm/kernel-obs-build.spec: Fix for ppc64le\n\n - Scripts: .nosrc.rpm should contain only the specfile\n (bnc #639379)\n\n - config: update arm7hl/exynos\n\n - Enhances exynos support :\n\n - Add USB support\n\n - Add sound support\n\n - Add devices (accelerometer, etc.) on arndale board\n\n - drm/cirrus: Fix cirrus drm driver for fbdev + qemu\n (bnc#856760).\n\n - Spec: zeroing modules.dep to get identical builds among\n different machines\n\n - doc/README.SUSE: Update to match the current package\n layout\n\n - Add the README.SUSE file to the packaging branch\n\n - lockd: send correct lock when granting a delayed lock\n (bnc#859342).\n\n - mm/page-writeback.c: do not count anon pages as\n dirtyable memory (reclaim stalls).\n\n - mm/page-writeback.c: fix dirty_balance_reserve\n subtraction from dirtyable memory (reclaim stalls).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=639379\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=812592\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=81660\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=821619\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=833968\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=842553\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=849334\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=851244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=851426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=852656\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=852967\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=853350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=856760\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=857643\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=858638\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=858872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=859342\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=860502\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=860835\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=861750\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=862746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=863235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=863335\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=864025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=864867\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=865075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=866075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=866102\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=867718\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=868653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=869414\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=871148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=871160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=871252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=871325\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=875440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=875690\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=875798\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=876531\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=876699\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-05/msg00056.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-eppic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-eppic-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-gcore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-gcore-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libipset3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libipset3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-controller\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-controller-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-pki\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-switch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-switch-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-openvswitch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-openvswitch-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-websrv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-xend-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-xend-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-2.639-11.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-debuginfo-2.639-11.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-debugsource-2.639-11.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-default-2.639_k3.11.10_11-11.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-default-debuginfo-2.639_k3.11.10_11-11.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-desktop-2.639_k3.11.10_11-11.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-desktop-debuginfo-2.639_k3.11.10_11-11.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-pae-2.639_k3.11.10_11-11.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-pae-debuginfo-2.639_k3.11.10_11-11.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-xen-2.639_k3.11.10_11-11.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-xen-debuginfo-2.639_k3.11.10_11-11.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-7.0.2-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-debuginfo-7.0.2-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-debugsource-7.0.2-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-devel-7.0.2-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-eppic-7.0.2-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-eppic-debuginfo-7.0.2-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-gcore-7.0.2-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-gcore-debuginfo-7.0.2-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-default-7.0.2_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-default-debuginfo-7.0.2_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-desktop-7.0.2_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-desktop-debuginfo-7.0.2_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-pae-7.0.2_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-pae-debuginfo-7.0.2_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-xen-7.0.2_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-xen-debuginfo-7.0.2_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-debugsource-1.28-16.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-default-1.28_k3.11.10_11-16.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-default-debuginfo-1.28_k3.11.10_11-16.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-desktop-1.28_k3.11.10_11-16.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-desktop-debuginfo-1.28_k3.11.10_11-16.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-pae-1.28_k3.11.10_11-16.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-pae-debuginfo-1.28_k3.11.10_11-16.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-xen-1.28_k3.11.10_11-16.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-xen-debuginfo-1.28_k3.11.10_11-16.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-6.19-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-debuginfo-6.19-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-debugsource-6.19-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-devel-6.19-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-default-6.19_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-default-debuginfo-6.19_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-desktop-6.19_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-desktop-debuginfo-6.19_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-pae-6.19_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-pae-debuginfo-6.19_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-xen-6.19_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-xen-debuginfo-6.19_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-1.4.20.3-13.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-debuginfo-1.4.20.3-13.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-debugsource-1.4.20.3-13.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-default-1.4.20.3_k3.11.10_11-13.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-default-debuginfo-1.4.20.3_k3.11.10_11-13.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-desktop-1.4.20.3_k3.11.10_11-13.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-desktop-debuginfo-1.4.20.3_k3.11.10_11-13.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-pae-1.4.20.3_k3.11.10_11-13.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-pae-debuginfo-1.4.20.3_k3.11.10_11-13.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-xen-1.4.20.3_k3.11.10_11-13.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-xen-debuginfo-1.4.20.3_k3.11.10_11-13.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-base-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-base-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-debugsource-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-devel-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-devel-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-devel-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-source-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-source-vanilla-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-syms-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libipset3-6.19-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libipset3-debuginfo-6.19-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-1.58-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-debuginfo-1.58-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-debugsource-1.58-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-default-1.58_k3.11.10_11-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-default-debuginfo-1.58_k3.11.10_11-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-desktop-1.58_k3.11.10_11-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-desktop-debuginfo-1.58_k3.11.10_11-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-pae-1.58_k3.11.10_11-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-pae-debuginfo-1.58_k3.11.10_11-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-1.11.0-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-controller-1.11.0-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-controller-debuginfo-1.11.0-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-debuginfo-1.11.0-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-debugsource-1.11.0-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-default-1.11.0_k3.11.10_11-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-default-debuginfo-1.11.0_k3.11.10_11-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-desktop-1.11.0_k3.11.10_11-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-desktop-debuginfo-1.11.0_k3.11.10_11-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-pae-1.11.0_k3.11.10_11-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-pae-debuginfo-1.11.0_k3.11.10_11-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-xen-1.11.0_k3.11.10_11-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-xen-debuginfo-1.11.0_k3.11.10_11-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-pki-1.11.0-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-switch-1.11.0-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-switch-debuginfo-1.11.0-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-test-1.11.0-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-0.44-258.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-debuginfo-0.44-258.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-debugsource-0.44-258.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-default-0.44_k3.11.10_11-258.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-default-debuginfo-0.44_k3.11.10_11-258.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-desktop-0.44_k3.11.10_11-258.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-desktop-debuginfo-0.44_k3.11.10_11-258.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-pae-0.44_k3.11.10_11-258.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-pae-debuginfo-0.44_k3.11.10_11-258.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-openvswitch-1.11.0-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-openvswitch-test-1.11.0-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-virtualbox-4.2.18-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-virtualbox-debuginfo-4.2.18-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-4.2.18-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-debuginfo-4.2.18-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-debugsource-4.2.18-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-devel-4.2.18-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-default-4.2.18_k3.11.10_11-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-default-debuginfo-4.2.18_k3.11.10_11-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-desktop-4.2.18_k3.11.10_11-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-desktop-debuginfo-4.2.18_k3.11.10_11-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-pae-4.2.18_k3.11.10_11-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-pae-debuginfo-4.2.18_k3.11.10_11-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-tools-4.2.18-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-tools-debuginfo-4.2.18-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-x11-4.2.18-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-x11-debuginfo-4.2.18-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-default-4.2.18_k3.11.10_11-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-default-debuginfo-4.2.18_k3.11.10_11-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-desktop-4.2.18_k3.11.10_11-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-desktop-debuginfo-4.2.18_k3.11.10_11-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-pae-4.2.18_k3.11.10_11-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-pae-debuginfo-4.2.18_k3.11.10_11-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-qt-4.2.18-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-qt-debuginfo-4.2.18-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-websrv-4.2.18-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-websrv-debuginfo-4.2.18-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-debugsource-4.3.2_01-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-devel-4.3.2_01-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-default-4.3.2_01_k3.11.10_11-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-default-debuginfo-4.3.2_01_k3.11.10_11-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-desktop-4.3.2_01_k3.11.10_11-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-desktop-debuginfo-4.3.2_01_k3.11.10_11-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-pae-4.3.2_01_k3.11.10_11-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-pae-debuginfo-4.3.2_01_k3.11.10_11-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-libs-4.3.2_01-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-libs-debuginfo-4.3.2_01-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-tools-domU-4.3.2_01-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-tools-domU-debuginfo-4.3.2_01-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-2.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-debuginfo-2.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-debugsource-2.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-default-2.3_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-default-debuginfo-2.3_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-desktop-2.3_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-desktop-debuginfo-2.3_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-pae-2.3_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-pae-debuginfo-2.3_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-xen-2.3_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-xen-debuginfo-2.3_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-base-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-base-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-debugsource-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-devel-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-devel-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-base-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-base-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-debugsource-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-devel-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-devel-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-base-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-base-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-debugsource-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-devel-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-devel-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-base-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-base-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-debugsource-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-devel-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-devel-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-base-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-base-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-debugsource-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-devel-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-devel-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-vanilla-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-vanilla-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-vanilla-debugsource-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-vanilla-devel-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-vanilla-devel-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-base-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-base-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-debugsource-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-devel-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-devel-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-debugsource-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-base-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-base-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-debugsource-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-devel-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-devel-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debugsource-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-debugsource-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-devel-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-base-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-base-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-debugsource-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-devel-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-devel-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debugsource-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-devel-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-devel-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-4.3.2_01-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-doc-html-4.3.2_01-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.3.2_01-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.3.2_01-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-tools-4.3.2_01-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.3.2_01-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-xend-tools-4.3.2_01-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-xend-tools-debuginfo-4.3.2_01-15.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T15:26:49", "description": "Mathy Vanhoef discovered an error in the the way the ath9k driver was\nhandling the BSSID masking. A remote attacker could exploit this error\nto discover the original MAC address after a spoofing atack.\n(CVE-2013-4579)\n\nAndrew Honig reported an error in the Linux Kernel's Kernel Virtual\nMachine (KVM) VAPIC synchronization operation. A local user could\nexploit this flaw to gain privileges or cause a denial of service\n(system crash). (CVE-2013-6368)\n\nhalfdog reported an error in the AMD K7 and K8 platform support in the\nLinux kernel. An unprivileged local user could exploit this flaw on\nAMD based systems to cause a denial of service (task kill) or possibly\ngain privileges via a crafted application. (CVE-2014-1438)\n\nAn information leak was discovered in the Linux kernel's hamradio YAM\ndriver for AX.25 packet radio. A local user with the CAP_NET_ADMIN\ncapability could exploit this flaw to obtain sensitive information\nfrom kernel memory. (CVE-2014-1446)\n\nMatthew Thode reported a denial of service vulnerability in the Linux\nkernel when SELinux support is enabled. A local user with the\nCAP_MAC_ADMIN capability (and the SELinux mac_admin permission if\nrunning in enforcing mode) could exploit this flaw to cause a denial\nof service (kernel crash). (CVE-2014-1874).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 16, "published": "2014-03-10T00:00:00", "title": "Ubuntu 12.04 LTS : linux vulnerabilities (USN-2133-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1874", "CVE-2014-1446", "CVE-2013-6368", "CVE-2013-4579", "CVE-2014-1438"], "modified": "2014-03-10T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-2133-1.NASL", "href": "https://www.tenable.com/plugins/nessus/72897", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2133-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72897);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-4579\", \"CVE-2013-6368\", \"CVE-2014-1438\", \"CVE-2014-1446\", \"CVE-2014-1874\");\n script_xref(name:\"USN\", value:\"2133-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux vulnerabilities (USN-2133-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mathy Vanhoef discovered an error in the the way the ath9k driver was\nhandling the BSSID masking. A remote attacker could exploit this error\nto discover the original MAC address after a spoofing atack.\n(CVE-2013-4579)\n\nAndrew Honig reported an error in the Linux Kernel's Kernel Virtual\nMachine (KVM) VAPIC synchronization operation. A local user could\nexploit this flaw to gain privileges or cause a denial of service\n(system crash). (CVE-2013-6368)\n\nhalfdog reported an error in the AMD K7 and K8 platform support in the\nLinux kernel. An unprivileged local user could exploit this flaw on\nAMD based systems to cause a denial of service (task kill) or possibly\ngain privileges via a crafted application. (CVE-2014-1438)\n\nAn information leak was discovered in the Linux kernel's hamradio YAM\ndriver for AX.25 packet radio. A local user with the CAP_NET_ADMIN\ncapability could exploit this flaw to obtain sensitive information\nfrom kernel memory. (CVE-2014-1446)\n\nMatthew Thode reported a denial of service vulnerability in the Linux\nkernel when SELinux support is enabled. A local user with the\nCAP_MAC_ADMIN capability (and the SELinux mac_admin permission if\nrunning in enforcing mode) could exploit this flaw to cause a denial\nof service (kernel crash). (CVE-2014-1874).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2133-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-4579\", \"CVE-2013-6368\", \"CVE-2014-1438\", \"CVE-2014-1446\", \"CVE-2014-1874\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2133-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-60-generic\", pkgver:\"3.2.0-60.91\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-60-generic-pae\", pkgver:\"3.2.0-60.91\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-60-highbank\", pkgver:\"3.2.0-60.91\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-60-virtual\", pkgver:\"3.2.0-60.91\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.2-generic / linux-image-3.2-generic-pae / etc\");\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T08:56:09", "description": "According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - The n_tty_write function in drivers/tty/n_tty.c in the\n Linux kernel through 3.14.3 does not properly manage\n tty driver access in the 'LECHO i1/4+ !OPOST' case, which\n allows local users to cause a denial of service (memory\n corruption and system crash) or gain privileges by\n triggering a race condition involving read and write\n operations with long strings.(CVE-2014-0196)\n\n - Array index error in the aio_read_events_ring function\n in fs/aio.c in the Linux kernel through 3.15.1 allows\n local users to obtain sensitive information from kernel\n memory via a large head value.(CVE-2014-0206)\n\n - The fst_get_iface function in drivers/net/wan/farsync.c\n in the Linux kernel before 3.11.7 does not properly\n initialize a certain data structure, which allows local\n users to obtain sensitive information from kernel\n memory by leveraging the CAP_NET_ADMIN capability for\n an SIOCWANDEV ioctl call.(CVE-2014-1444)\n\n - The wanxl_ioctl function in drivers/net/wan/wanxl.c in\n the Linux kernel before 3.11.7 does not properly\n initialize a certain data structure, which allows local\n users to obtain sensitive information from kernel\n memory via an ioctl call.(CVE-2014-1445)\n\n - The yam_ioctl function in drivers/net/hamradio/yam.c in\n the Linux kernel before 3.12.8 does not initialize a\n certain structure member, which allows local users to\n obtain sensitive information from kernel memory by\n leveraging the CAP_NET_ADMIN capability for an\n SIOCYAMGCFG ioctl call.(CVE-2014-1446)\n\n - The help function in net/netfilter/nf_nat_irc.c in the\n Linux kernel before 3.12.8 allows remote attackers to\n obtain sensitive information from kernel memory by\n establishing an IRC DCC session in which incorrect\n packet data is transmitted during use of the NAT mangle\n feature.(CVE-2014-1690)\n\n - A flaw was found in the way the Linux kernel's floppy\n driver handled user space provided data in certain\n error code paths while processing FDRAWCMD IOCTL\n commands. A local user with write access to /dev/fdX\n could use this flaw to free (using the kfree()\n function) arbitrary kernel memory. (CVE-2014-1737,\n Important)\n\n - It was found that the Linux kernel's floppy driver\n leaked internal kernel memory addresses to user space\n during the processing of the FDRAWCMD IOCTL command. A\n local user with write access to /dev/fdX could use this\n flaw to obtain information about the kernel heap\n arrangement. (CVE-2014-1738, Low)\n\n - Note: A local user with write access to /dev/fdX could\n use these two flaws (CVE-2014-1737 in combination with\n CVE-2014-1738) to escalate their privileges on the\n system.(CVE-2014-1737)\n\n - A flaw was found in the way the Linux kernel's floppy\n driver handled user space provided data in certain\n error code paths while processing FDRAWCMD IOCTL\n commands. A local user with write access to /dev/fdX\n could use this flaw to free (using the kfree()\n function) arbitrary kernel memory. (CVE-2014-1737,\n Important)\n\n - It was found that the Linux kernel's floppy driver\n leaked internal kernel memory addresses to user space\n during the processing of the FDRAWCMD IOCTL command. A\n local user with write access to /dev/fdX could use this\n flaw to obtain information about the kernel heap\n arrangement. (CVE-2014-1738, Low)\n\n - Note: A local user with write access to /dev/fdX could\n use these two flaws (CVE-2014-1737 in combination with\n CVE-2014-1738) to escalate their privileges on the\n system.(CVE-2014-1738)\n\n - An information leak flaw was found in the way the Linux\n kernel handled media device enumerate entities IOCTL\n requests. A local user able to access the /dev/media0\n device file could use this flaw to leak kernel memory\n bytes.(CVE-2014-1739)\n\n - The security_context_to_sid_core function in\n security/selinux/ss/services.c in the Linux kernel\n before 3.13.4 allows local users to cause a denial of\n service (system crash) by leveraging the CAP_MAC_ADMIN\n capability to set a zero-length security\n context.(CVE-2014-1874)\n\n - The nfs_can_extend_write function in fs/nfs/write.c in\n the Linux kernel before 3.13.3 relies on a write\n delegation to extend a write operation without a\n certain up-to-date verification, which allows local\n users to obtain sensitive information from kernel\n memory in opportunistic circumstances by writing to a\n file in an NFS filesystem and then reading the same\n file.(CVE-2014-2038)\n\n - The ip6_route_add function in net/ipv6/route.c in the\n Linux kernel through 3.13.6 does not properly count the\n addition of routes, which allows remote attackers to\n cause a denial of service (memory consumption) via a\n flood of ICMPv6 Router Advertisement\n packets.(CVE-2014-2309)\n\n - net/netfilter/nf_conntrack_proto_dccp.c in the Linux\n kernel through 3.13.6 uses a DCCP header pointer\n incorrectly, which allows remote attackers to cause a\n denial of service (system crash) or possibly execute\n arbitrary code via a DCCP packet that triggers a call\n to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error\n function.(CVE-2014-2523)\n\n - Use-after-free vulnerability in the nfqnl_zcopy\n function in net/netfilter/nfnetlink_queue_core.c in the\n Linux kernel through 3.13.6 allows attackers to obtain\n sensitive information from kernel memory by leveraging\n the absence of a certain orphaning operation. NOTE: the\n affected code was moved to the skb_zerocopy function in\n net/core/skbuff.c before the vulnerability was\n announced.(CVE-2014-2568)\n\n - It was found that a remote attacker could use a race\n condition flaw in the ath_tx_aggr_sleep() function to\n crash the system by creating large network traffic on\n the system's Atheros 9k wireless network\n adapter.(CVE-2014-2672)\n\n - A flaw was found in the way the Linux kernel performed\n forking inside of a transaction. A local, unprivileged\n user on a PowerPC system that supports transactional\n memory could use this flaw to crash the\n system.(CVE-2014-2673)\n\n - A race condition flaw was found in the way the Linux\n kernel's mac80211 subsystem implementation handled\n synchronization between TX and STA wake-up code paths.\n A remote attacker could use this flaw to crash the\n system.(CVE-2014-2706)\n\n - A use-after-free flaw was found in the way the\n ping_init_sock() function of the Linux kernel handled\n the group_info reference counter. A local, unprivileged\n user could use this flaw to crash the system or,\n potentially, escalate their privileges on the\n system.(CVE-2014-2851)\n\n - It was found that the try_to_unmap_cluster() function\n in the Linux kernel's Memory Managment subsystem did\n not properly handle page locking in certain cases,\n which could potentially trigger the BUG_ON() macro in\n the mlock_vma_page() function. A local, unprivileged\n user could use this flaw to crash the\n system.(CVE-2014-3122)\n\n - The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST\n extension implementations in the sk_run_filter function\n in net/core/filter.c in the Linux kernel through 3.14.3\n do not check whether a certain length value is\n sufficiently large, which allows local users to cause a\n denial of service (integer underflow and system crash)\n via crafted BPF instructions. NOTE: the affected code\n was moved to the __skb_get_nlattr and\n __skb_get_nlattr_nest functions before the\n vulnerability was announced.(CVE-2014-3144)\n\n - The BPF_S_ANC_NLATTR_NEST extension implementation in\n the sk_run_filter function in net/core/filter.c in the\n Linux kernel through 3.14.3 uses the reverse order in a\n certain subtraction, which allows local users to cause\n a denial of service (over-read and system crash) via\n crafted BPF instructions. NOTE: the affected code was\n moved to the __skb_get_nlattr_nest function before the\n vulnerability was announced.(CVE-2014-3145)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 10, "published": "2019-05-13T00:00:00", "title": "EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1479)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3122", "CVE-2014-2672", "CVE-2014-1737", "CVE-2014-1739", "CVE-2014-1874", "CVE-2014-1738", "CVE-2014-2568", "CVE-2014-0206", "CVE-2014-3145", "CVE-2014-1446", "CVE-2014-2038", "CVE-2014-0196", "CVE-2014-2851", "CVE-2014-2673", "CVE-2014-2309", "CVE-2014-3144", "CVE-2014-1444", "CVE-2014-1445", "CVE-2014-2523", "CVE-2014-2706", "CVE-2014-1690"], "modified": "2019-05-13T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-devel", "cpe:/o:huawei:euleros:uvp:3.0.1.0", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:kernel-tools-libs"], "id": "EULEROS_SA-2019-1479.NASL", "href": "https://www.tenable.com/plugins/nessus/124803", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124803);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2014-0196\",\n \"CVE-2014-0206\",\n \"CVE-2014-1444\",\n \"CVE-2014-1445\",\n \"CVE-2014-1446\",\n \"CVE-2014-1690\",\n \"CVE-2014-1737\",\n \"CVE-2014-1738\",\n \"CVE-2014-1739\",\n \"CVE-2014-1874\",\n \"CVE-2014-2038\",\n \"CVE-2014-2309\",\n \"CVE-2014-2523\",\n \"CVE-2014-2568\",\n \"CVE-2014-2672\",\n \"CVE-2014-2673\",\n \"CVE-2014-2706\",\n \"CVE-2014-2851\",\n \"CVE-2014-3122\",\n \"CVE-2014-3144\",\n \"CVE-2014-3145\"\n );\n script_bugtraq_id(\n 64952,\n 64953,\n 64954,\n 65180,\n 65459,\n 65688,\n 66095,\n 66279,\n 66348,\n 66477,\n 66492,\n 66591,\n 66779,\n 67162,\n 67199,\n 67282,\n 67300,\n 67302,\n 67309,\n 67321,\n 68048,\n 68176\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1479)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - The n_tty_write function in drivers/tty/n_tty.c in the\n Linux kernel through 3.14.3 does not properly manage\n tty driver access in the 'LECHO i1/4+ !OPOST' case, which\n allows local users to cause a denial of service (memory\n corruption and system crash) or gain privileges by\n triggering a race condition involving read and write\n operations with long strings.(CVE-2014-0196)\n\n - Array index error in the aio_read_events_ring function\n in fs/aio.c in the Linux kernel through 3.15.1 allows\n local users to obtain sensitive information from kernel\n memory via a large head value.(CVE-2014-0206)\n\n - The fst_get_iface function in drivers/net/wan/farsync.c\n in the Linux kernel before 3.11.7 does not properly\n initialize a certain data structure, which allows local\n users to obtain sensitive information from kernel\n memory by leveraging the CAP_NET_ADMIN capability for\n an SIOCWANDEV ioctl call.(CVE-2014-1444)\n\n - The wanxl_ioctl function in drivers/net/wan/wanxl.c in\n the Linux kernel before 3.11.7 does not properly\n initialize a certain data structure, which allows local\n users to obtain sensitive information from kernel\n memory via an ioctl call.(CVE-2014-1445)\n\n - The yam_ioctl function in drivers/net/hamradio/yam.c in\n the Linux kernel before 3.12.8 does not initialize a\n certain structure member, which allows local users to\n obtain sensitive information from kernel memory by\n leveraging the CAP_NET_ADMIN capability for an\n SIOCYAMGCFG ioctl call.(CVE-2014-1446)\n\n - The help function in net/netfilter/nf_nat_irc.c in the\n Linux kernel before 3.12.8 allows remote attackers to\n obtain sensitive information from kernel memory by\n establishing an IRC DCC session in which incorrect\n packet data is transmitted during use of the NAT mangle\n feature.(CVE-2014-1690)\n\n - A flaw was found in the way the Linux kernel's floppy\n driver handled user space provided data in certain\n error code paths while processing FDRAWCMD IOCTL\n commands. A local user with write access to /dev/fdX\n could use this flaw to free (using the kfree()\n function) arbitrary kernel memory. (CVE-2014-1737,\n Important)\n\n - It was found that the Linux kernel's floppy driver\n leaked internal kernel memory addresses to user space\n during the processing of the FDRAWCMD IOCTL command. A\n local user with write access to /dev/fdX could use this\n flaw to obtain information about the kernel heap\n arrangement. (CVE-2014-1738, Low)\n\n - Note: A local user with write access to /dev/fdX could\n use these two flaws (CVE-2014-1737 in combination with\n CVE-2014-1738) to escalate their privileges on the\n system.(CVE-2014-1737)\n\n - A flaw was found in the way the Linux kernel's floppy\n driver handled user space provided data in certain\n error code paths while processing FDRAWCMD IOCTL\n commands. A local user with write access to /dev/fdX\n could use this flaw to free (using the kfree()\n function) arbitrary kernel memory. (CVE-2014-1737,\n Important)\n\n - It was found that the Linux kernel's floppy driver\n leaked internal kernel memory addresses to user space\n during the processing of the FDRAWCMD IOCTL command. A\n local user with write access to /dev/fdX could use this\n flaw to obtain information about the kernel heap\n arrangement. (CVE-2014-1738, Low)\n\n - Note: A local user with write access to /dev/fdX could\n use these two flaws (CVE-2014-1737 in combination with\n CVE-2014-1738) to escalate their privileges on the\n system.(CVE-2014-1738)\n\n - An information leak flaw was found in the way the Linux\n kernel handled media device enumerate entities IOCTL\n requests. A local user able to access the /dev/media0\n device file could use this flaw to leak kernel memory\n bytes.(CVE-2014-1739)\n\n - The security_context_to_sid_core function in\n security/selinux/ss/services.c in the Linux kernel\n before 3.13.4 allows local users to cause a denial of\n service (system crash) by leveraging the CAP_MAC_ADMIN\n capability to set a zero-length security\n context.(CVE-2014-1874)\n\n - The nfs_can_extend_write function in fs/nfs/write.c in\n the Linux kernel before 3.13.3 relies on a write\n delegation to extend a write operation without a\n certain up-to-date verification, which allows local\n users to obtain sensitive information from kernel\n memory in opportunistic circumstances by writing to a\n file in an NFS filesystem and then reading the same\n file.(CVE-2014-2038)\n\n - The ip6_route_add function in net/ipv6/route.c in the\n Linux kernel through 3.13.6 does not properly count the\n addition of routes, which allows remote attackers to\n cause a denial of service (memory consumption) via a\n flood of ICMPv6 Router Advertisement\n packets.(CVE-2014-2309)\n\n - net/netfilter/nf_conntrack_proto_dccp.c in the Linux\n kernel through 3.13.6 uses a DCCP header pointer\n incorrectly, which allows remote attackers to cause a\n denial of service (system crash) or possibly execute\n arbitrary code via a DCCP packet that triggers a call\n to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error\n function.(CVE-2014-2523)\n\n - Use-after-free vulnerability in the nfqnl_zcopy\n function in net/netfilter/nfnetlink_queue_core.c in the\n Linux kernel through 3.13.6 allows attackers to obtain\n sensitive information from kernel memory by leveraging\n the absence of a certain orphaning operation. NOTE: the\n affected code was moved to the skb_zerocopy function in\n net/core/skbuff.c before the vulnerability was\n announced.(CVE-2014-2568)\n\n - It was found that a remote attacker could use a race\n condition flaw in the ath_tx_aggr_sleep() function to\n crash the system by creating large network traffic on\n the system's Atheros 9k wireless network\n adapter.(CVE-2014-2672)\n\n - A flaw was found in the way the Linux kernel performed\n forking inside of a transaction. A local, unprivileged\n user on a PowerPC system that supports transactional\n memory could use this flaw to crash the\n system.(CVE-2014-2673)\n\n - A race condition flaw was found in the way the Linux\n kernel's mac80211 subsystem implementation handled\n synchronization between TX and STA wake-up code paths.\n A remote attacker could use this flaw to crash the\n system.(CVE-2014-2706)\n\n - A use-after-free flaw was found in the way the\n ping_init_sock() function of the Linux kernel handled\n the group_info reference counter. A local, unprivileged\n user could use this flaw to crash the system or,\n potentially, escalate their privileges on the\n system.(CVE-2014-2851)\n\n - It was found that the try_to_unmap_cluster() function\n in the Linux kernel's Memory Managment subsystem did\n not properly handle page locking in certain cases,\n which could potentially trigger the BUG_ON() macro in\n the mlock_vma_page() function. A local, unprivileged\n user could use this flaw to crash the\n system.(CVE-2014-3122)\n\n - The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST\n extension implementations in the sk_run_filter function\n in net/core/filter.c in the Linux kernel through 3.14.3\n do not check whether a certain length value is\n sufficiently large, which allows local users to cause a\n denial of service (integer underflow and system crash)\n via crafted BPF instructions. NOTE: the affected code\n was moved to the __skb_get_nlattr and\n __skb_get_nlattr_nest functions before the\n vulnerability was announced.(CVE-2014-3144)\n\n - The BPF_S_ANC_NLATTR_NEST extension implementation in\n the sk_run_filter function in net/core/filter.c in the\n Linux kernel through 3.14.3 uses the reverse order in a\n certain subtraction, which allows local users to cause\n a denial of service (over-read and system crash) via\n crafted BPF instructions. NOTE: the affected code was\n moved to the __skb_get_nlattr_nest function before the\n vulnerability was announced.(CVE-2014-3145)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1479\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7d6a0a29\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.6_42\",\n \"kernel-devel-3.10.0-862.14.1.6_42\",\n \"kernel-headers-3.10.0-862.14.1.6_42\",\n \"kernel-tools-3.10.0-862.14.1.6_42\",\n \"kernel-tools-libs-3.10.0-862.14.1.6_42\",\n \"kernel-tools-libs-devel-3.10.0-862.14.1.6_42\",\n \"perf-3.10.0-862.14.1.6_42\",\n \"python-perf-3.10.0-862.14.1.6_42\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:14:24", "description": "Updated kernel packages that fix two security issues and one bug are\nnow available for Red Hat Enterprise Linux 6.2 Extended Update\nSupport.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel processed an\nauthenticated COOKIE_ECHO chunk during the initialization of an SCTP\nconnection. A remote attacker could use this flaw to crash the system\nby initiating a specially crafted SCTP handshake in order to trigger a\nNULL pointer dereference on the system. (CVE-2014-0101, Important)\n\n* A race condition flaw, leading to heap-based buffer overflows, was\nfound in the way the Linux kernel's N_TTY line discipline (LDISC)\nimplementation handled concurrent processing of echo output and TTY\nwrite operations originating from user space when the underlying TTY\ndriver was PTY. An unprivileged, local user could use this flaw to\ncrash the system or, potentially, escalate their privileges on the\nsystem. (CVE-2014-0196, Important)\n\nRed Hat would like to thank Nokia Siemens Networks for reporting\nCVE-2014-0101.\n\nThis update also fixes the following bug :\n\n* Prior to this update, a guest-provided value was used as the head\nlength of the socket buffer allocated on the host. If the host was\nunder heavy memory load and the guest-provided value was too large,\nthe allocation could have failed, resulting in stalls and packet drops\nin the guest's Tx path. With this update, the guest-provided value has\nbeen limited to a reasonable size so that socket buffer allocations on\nthe host succeed regardless of the memory load on the host, and guests\ncan send packets without experiencing packet drops or stalls.\n(BZ#1092349)\n\nAll kernel users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The system\nmust be rebooted for this update to take effect.", "edition": 24, "published": "2014-11-08T00:00:00", "title": "RHEL 6 : kernel (RHSA-2014:0520)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0196", "CVE-2014-2523", "CVE-2014-0101"], "modified": "2014-11-08T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel", "cpe:/o:redhat:enterprise_linux:6.2", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:kernel-doc"], "id": "REDHAT-RHSA-2014-0520.NASL", "href": "https://www.tenable.com/plugins/nessus/79021", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0520. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79021);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0101\", \"CVE-2014-0196\", \"CVE-2014-2523\");\n script_xref(name:\"RHSA\", value:\"2014:0520\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2014:0520)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix two security issues and one bug are\nnow available for Red Hat Enterprise Linux 6.2 Extended Update\nSupport.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel processed an\nauthenticated COOKIE_ECHO chunk during the initialization of an SCTP\nconnection. A remote attacker could use this flaw to crash the system\nby initiating a specially crafted SCTP handshake in order to trigger a\nNULL pointer dereference on the system. (CVE-2014-0101, Important)\n\n* A race condition flaw, leading to heap-based buffer overflows, was\nfound in the way the Linux kernel's N_TTY line discipline (LDISC)\nimplementation handled concurrent processing of echo output and TTY\nwrite operations originating from user space when the underlying TTY\ndriver was PTY. An unprivileged, local user could use this flaw to\ncrash the system or, potentially, escalate their privileges on the\nsystem. (CVE-2014-0196, Important)\n\nRed Hat would like to thank Nokia Siemens Networks for reporting\nCVE-2014-0101.\n\nThis update also fixes the following bug :\n\n* Prior to this update, a guest-provided value was used as the head\nlength of the socket buffer allocated on the host. If the host was\nunder heavy memory load and the guest-provided value was too large,\nthe allocation could have failed, resulting in stalls and packet drops\nin the guest's Tx path. With this update, the guest-provided value has\nbeen limited to a reasonable size so that socket buffer allocations on\nthe host succeed regardless of the memory load on the host, and guests\ncan send packets without experiencing packet drops or stalls.\n(BZ#1092349)\n\nAll kernel users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The system\nmust be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0520\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2523\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0196\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6\\.2([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.2\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-0101\", \"CVE-2014-0196\", \"CVE-2014-2523\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2014:0520\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0520\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-2.6.32-220.51.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-220.51.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-220.51.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-220.51.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-220.51.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-220.51.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-220.51.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", reference:\"kernel-doc-2.6.32-220.51.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", reference:\"kernel-firmware-2.6.32-220.51.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-220.51.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"perf-2.6.32-220.51.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-220.51.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"python-perf-2.6.32-220.51.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-2.6.32-220.51.1.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debug / kernel-debug-debuginfo / kernel-debug-devel / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T09:48:34", "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service, information leak or privilege\nescalation. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2014-0196\n Jiri Slaby discovered a race condition in the pty layer,\n which could lead to a denial of service or privilege\n escalation.\n\n - CVE-2014-1737 CVE-2014-1738\n Matthew Daley discovered an information leak and missing\n input sanitising in the FDRAWCMD ioctl of the floppy\n driver. This could result in a privilege escalation.", "edition": 15, "published": "2014-05-16T00:00:00", "title": "Debian DSA-2928-1 : linux-2.6 - privilege escalation/denial of service/information leak", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1737", "CVE-2014-1738", "CVE-2014-0196"], "modified": "2014-05-16T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:linux-2.6"], "id": "DEBIAN_DSA-2928.NASL", "href": "https://www.tenable.com/plugins/nessus/74027", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2928. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74027);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-0196\", \"CVE-2014-1737\", \"CVE-2014-1738\");\n script_bugtraq_id(67199, 67300, 67302);\n script_xref(name:\"DSA\", value:\"2928\");\n\n script_name(english:\"Debian DSA-2928-1 : linux-2.6 - privilege escalation/denial of service/information leak\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service, information leak or privilege\nescalation. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2014-0196\n Jiri Slaby discovered a race condition in the pty layer,\n which could lead to a denial of service or privilege\n escalation.\n\n - CVE-2014-1737 CVE-2014-1738\n Matthew Daley discovered an information leak and missing\n input sanitising in the FDRAWCMD ioctl of the floppy\n driver. This could result in a privilege escalation.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-0196\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1737\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/linux-2.6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-2928\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux-2.6 and user-mode-linux packages.\n\nFor the oldstable distribution (squeeze), this problem has been fixed\nin version 2.6.32-48squeeze6.\n\nThe following matrix lists additional source packages that were\nrebuilt for compatibility with or to take advantage of this update :\n\n Debian 6.0 (squeeze) \n user-mode-linux 2.6.32-1um-4+48squeeze6 \nNote: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or 'leap-frog' fashion.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"firmware-linux-free\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-base\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-doc-2.6.32\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-486\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-4kc-malta\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-5kc-malta\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-686\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-686-bigmem\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-amd64\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-armel\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-i386\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-ia64\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-mips\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-mipsel\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-powerpc\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-s390\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-sparc\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-amd64\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-openvz\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-vserver\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-xen\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-iop32x\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-itanium\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-ixp4xx\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-kirkwood\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-mckinley\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-openvz-686\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-openvz-amd64\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-orion5x\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc-smp\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc64\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r4k-ip22\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r5k-cobalt\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r5k-ip32\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-s390x\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sb1-bcm91250a\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sb1a-bcm91480b\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sparc64\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sparc64-smp\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-versatile\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-686\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-686-bigmem\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-amd64\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-itanium\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-mckinley\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-powerpc\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-powerpc64\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-s390x\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-sparc64\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-486\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-4kc-malta\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-5kc-malta\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686-bigmem\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686-bigmem-dbg\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-amd64\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-amd64-dbg\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-iop32x\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-itanium\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-ixp4xx\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-kirkwood\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-mckinley\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-686\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-686-dbg\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-amd64\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-amd64-dbg\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-orion5x\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc-smp\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc64\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r4k-ip22\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r5k-cobalt\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r5k-ip32\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-s390x\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-s390x-tape\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sb1-bcm91250a\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sb1a-bcm91480b\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sparc64\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sparc64-smp\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-versatile\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686-bigmem\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686-bigmem-dbg\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-amd64\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-amd64-dbg\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-itanium\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-mckinley\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-powerpc\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-powerpc64\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-s390x\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-sparc64\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-686-dbg\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-amd64-dbg\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-libc-dev\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-manual-2.6.32\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-patch-debian-2.6.32\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-source-2.6.32\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-support-2.6.32-5\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-tools-2.6.32\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-linux-system-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-linux-system-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T14:40:43", "description": "The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix\nthe following severe security issues :\n\n - The raw_cmd_copyin function in drivers/block/floppy.c in\n the Linux kernel through 3.14.3 does not properly handle\n error conditions during processing of an FDRAWCMD ioctl\n call, which allows local users to trigger kfree\n operations and gain privileges by leveraging write\n access to a /dev/fd device. (bnc#875798).\n (CVE-2014-1737)\n\n - The raw_cmd_copyout function in drivers/block/floppy.c\n in the Linux kernel through 3.14.3 does not properly\n restrict access to certain pointers during processing of\n an FDRAWCMD ioctl call, which allows local users to\n obtain sensitive information from kernel heap memory by\n leveraging write access to a /dev/fd device.\n (bnc#875798). (CVE-2014-1738)\n\n - The n_tty_write function in drivers/tty/n_tty.c in the\n Linux kernel through 3.14.3 does not properly manage tty\n driver access in the 'LECHO & !OPOST' case, which\n allows local users to cause a denial of service (memory\n corruption and system crash) or gain privileges by\n triggering a race condition involving read and write\n operations with long strings. (bnc#875690).\n (CVE-2014-0196)", "edition": 19, "published": "2014-05-16T00:00:00", "title": "SuSE 11.3 Security Update : Linux Kernel (SAT Patch Numbers 9233 / 9236 / 9237)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1737", "CVE-2014-1738", "CVE-2014-0196"], "modified": "2014-05-16T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:11:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:11:kernel-source", "p-cpe:/a:novell:suse_linux:11:kernel-ec2-devel", "p-cpe:/a:novell:suse_linux:11:kernel-ec2", "p-cpe:/a:novell:suse_linux:11:kernel-trace-base", "p-cpe:/a:novell:suse_linux:11:kernel-default-base", "p-cpe:/a:novell:suse_linux:11:kernel-pae-base", "p-cpe:/a:novell:suse_linux:11:kernel-pae", "p-cpe:/a:novell:suse_linux:11:kernel-xen-base", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:kernel-xen", "p-cpe:/a:novell:suse_linux:11:kernel-trace", "p-cpe:/a:novell:suse_linux:11:kernel-syms", "p-cpe:/a:novell:suse_linux:11:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:11:kernel-pae-extra", "p-cpe:/a:novell:suse_linux:11:kernel-xen-extra", "p-cpe:/a:novell:suse_linux:11:kernel-default-devel", "p-cpe:/a:novell:suse_linux:11:kernel-default-man", "p-cpe:/a:novell:suse_linux:11:xen-kmp-pae", "p-cpe:/a:novell:suse_linux:11:kernel-default-extra", "p-cpe:/a:novell:suse_linux:11:kernel-default", "p-cpe:/a:novell:suse_linux:11:kernel-xen-devel", "p-cpe:/a:novell:suse_linux:11:xen-kmp-default"], "id": "SUSE_11_KERNEL-140513.NASL", "href": "https://www.tenable.com/plugins/nessus/74033", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74033);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-0196\", \"CVE-2014-1737\", \"CVE-2014-1738\");\n\n script_name(english:\"SuSE 11.3 Security Update : Linux Kernel (SAT Patch Numbers 9233 / 9236 / 9237)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix\nthe following severe security issues :\n\n - The raw_cmd_copyin function in drivers/block/floppy.c in\n the Linux kernel through 3.14.3 does not properly handle\n error conditions during processing of an FDRAWCMD ioctl\n call, which allows local users to trigger kfree\n operations and gain privileges by leveraging write\n access to a /dev/fd device. (bnc#875798).\n (CVE-2014-1737)\n\n - The raw_cmd_copyout function in drivers/block/floppy.c\n in the Linux kernel through 3.14.3 does not properly\n restrict access to certain pointers during processing of\n an FDRAWCMD ioctl call, which allows local users to\n obtain sensitive information from kernel heap memory by\n leveraging write access to a /dev/fd device.\n (bnc#875798). (CVE-2014-1738)\n\n - The n_tty_write function in drivers/tty/n_tty.c in the\n Linux kernel through 3.14.3 does not properly manage tty\n driver access in the 'LECHO & !OPOST' case, which\n allows local users to cause a denial of service (memory\n corruption and system crash) or gain privileges by\n triggering a race condition involving read and write\n operations with long strings. (bnc#875690).\n (CVE-2014-0196)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=875690\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=875798\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0196.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1737.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1738.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 9233 / 9236 / 9237 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-default-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-default-base-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-default-devel-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-default-extra-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-pae-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-pae-base-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-pae-devel-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-pae-extra-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-source-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-syms-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-trace-devel-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-xen-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-xen-base-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-xen-devel-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-xen-extra-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"xen-kmp-default-4.2.4_02_3.0.101_0.29-0.7.24\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"xen-kmp-pae-4.2.4_02_3.0.101_0.29-0.7.24\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"kernel-default-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"kernel-default-base-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"kernel-default-devel-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"kernel-default-extra-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"kernel-source-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"kernel-syms-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"kernel-trace-devel-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"kernel-xen-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"kernel-xen-extra-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"xen-kmp-default-4.2.4_02_3.0.101_0.29-0.7.24\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"kernel-default-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"kernel-default-base-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"kernel-default-devel-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"kernel-source-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"kernel-syms-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"kernel-trace-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"kernel-trace-base-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"kernel-trace-devel-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"kernel-ec2-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"kernel-ec2-base-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"kernel-ec2-devel-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"kernel-pae-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"kernel-pae-base-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"kernel-pae-devel-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"kernel-xen-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"kernel-xen-base-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"kernel-xen-devel-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"xen-kmp-default-4.2.4_02_3.0.101_0.29-0.7.24\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"xen-kmp-pae-4.2.4_02_3.0.101_0.29-0.7.24\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"kernel-default-man-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"kernel-ec2-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"kernel-ec2-base-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"kernel-xen-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.101-0.29.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"xen-kmp-default-4.2.4_02_3.0.101_0.29-0.7.24\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:49:28", "description": "Description of changes:\n\n[2.6.39-400.215.3.el6uek]\n- SELinux: Fix kernel BUG on empty security contexts. (Stephen Smalley) \n[Orabug: 19028380] {CVE-2014-1874}\n- floppy: don't write kernel-only members to FDRAWCMD ioctl output \n(Matthew Daley) [Orabug: 19028444] {CVE-2014-1738}\n- floppy: ignore kernel-only members in FDRAWCMD ioctl input (Matthew \nDaley) [Orabug: 19028438] {CVE-2014-1737}\n- libertas: potential oops in debugfs (Dan Carpenter) [Orabug: \n19028416] {CVE-2013-6378}", "edition": 22, "published": "2014-06-23T00:00:00", "title": "Oracle Linux 5 / 6 : unbreakable enterprise kernel (ELSA-2014-3042)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1737", "CVE-2013-6378", "CVE-2014-1874", "CVE-2014-1738"], "modified": "2014-06-23T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-debug"], "id": "ORACLELINUX_ELSA-2014-3042.NASL", "href": "https://www.tenable.com/plugins/nessus/76185", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2014-3042.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76185);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-6378\", \"CVE-2014-1737\", \"CVE-2014-1738\", \"CVE-2014-1874\");\n script_bugtraq_id(63886, 65459, 67300, 67302);\n\n script_name(english:\"Oracle Linux 5 / 6 : unbreakable enterprise kernel (ELSA-2014-3042)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[2.6.39-400.215.3.el6uek]\n- SELinux: Fix kernel BUG on empty security contexts. (Stephen Smalley) \n[Orabug: 19028380] {CVE-2014-1874}\n- floppy: don't write kernel-only members to FDRAWCMD ioctl output \n(Matthew Daley) [Orabug: 19028444] {CVE-2014-1738}\n- floppy: ignore kernel-only members in FDRAWCMD ioctl input (Matthew \nDaley) [Orabug: 19028438] {CVE-2014-1737}\n- libertas: potential oops in debugfs (Dan Carpenter) [Orabug: \n19028416] {CVE-2013-6378}\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-June/004200.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-June/004201.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-6378\", \"CVE-2014-1737\", \"CVE-2014-1738\", \"CVE-2014-1874\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2014-3042\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-2.6.39-400.215.3.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-2.6.39-400.215.3.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-devel-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-devel-2.6.39-400.215.3.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-devel-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-devel-2.6.39-400.215.3.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-doc-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-doc-2.6.39-400.215.3.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-firmware-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-firmware-2.6.39-400.215.3.el5uek\")) flag++;\n\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-2.6.39-400.215.3.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-2.6.39-400.215.3.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-devel-2.6.39-400.215.3.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-devel-2.6.39-400.215.3.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-doc-2.6.39-400.215.3.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-firmware-2.6.39-400.215.3.el6uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T14:37:42", "description": "This update for the compat-wireless kernel modules provides many fixes\nand enhancements :\n\n - Fix potential crash problem in ath9k. (CVE-2014-2672,\n bnc#871148)\n\n - Fix improper updates of MAC addresses in ath9k_htc.\n (bnc#851426, CVE-2013-4579)\n\n - Fix stability issues in iwlwifi. (bnc#865475)\n\n - Improve support for Intel 7625 cards in iwlwifi.\n (bnc#51021) Installation notes :\n\nNew driver modules may conflict with old modules, which are\nautomatically loaded from the initrd file after reboot. To apply this\nmaintenance update correctly, the following steps need to be executed\non a SLEPOS system :\n\n - Rebuild image\n\n - Create specific scDistributionContainer with newly built\n initrd and kernel\n\n - Put the updated system image in it as a scPosImage\n object Alternatively, you can use a kernel parameter to\n enforce using the kernel from the system image :\n\n - Rebuild image\n\n - Set the kernel parameter FORCE_KEXEC, by adding the\n scPxeFileTemplate object under the relevant scPosImage\n object, with the scKernelParameters attribute containing\n 'FORCE_KEXEC=yes'.", "edition": 18, "published": "2014-06-24T00:00:00", "title": "SuSE 11.3 Security Update : compat-wireless, compat-wireless-debuginfo, etc (SAT Patch Number 9414)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-2672", "CVE-2013-4579"], "modified": "2014-06-24T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:compat-wireless-kmp-xen", "p-cpe:/a:novell:suse_linux:11:compat-wireless-kmp-default", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:compat-wireless-kmp-pae"], "id": "SUSE_11_COMPAT-WIRELESS-140618.NASL", "href": "https://www.tenable.com/plugins/nessus/76198", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76198);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-4579\", \"CVE-2014-2672\");\n\n script_name(english:\"SuSE 11.3 Security Update : compat-wireless, compat-wireless-debuginfo, etc (SAT Patch Number 9414)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the compat-wireless kernel modules provides many fixes\nand enhancements :\n\n - Fix potential crash problem in ath9k. (CVE-2014-2672,\n bnc#871148)\n\n - Fix improper updates of MAC addresses in ath9k_htc.\n (bnc#851426, CVE-2013-4579)\n\n - Fix stability issues in iwlwifi. (bnc#865475)\n\n - Improve support for Intel 7625 cards in iwlwifi.\n (bnc#51021) Installation notes :\n\nNew driver modules may conflict with old modules, which are\nautomatically loaded from the initrd file after reboot. To apply this\nmaintenance update correctly, the following steps need to be executed\non a SLEPOS system :\n\n - Rebuild image\n\n - Create specific scDistributionContainer with newly built\n initrd and kernel\n\n - Put the updated system image in it as a scPosImage\n object Alternatively, you can use a kernel parameter to\n enforce using the kernel from the system image :\n\n - Rebuild image\n\n - Set the kernel parameter FORCE_KEXEC, by adding the\n scPxeFileTemplate object under the relevant scPosImage\n object, with the scKernelParameters attribute containing\n 'FORCE_KEXEC=yes'.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=851021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=851426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=865475\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=871148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=883209\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4579.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-2672.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 9414.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:compat-wireless-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:compat-wireless-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:compat-wireless-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"compat-wireless-kmp-default-3.13_3.0.101_0.31-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"compat-wireless-kmp-pae-3.13_3.0.101_0.31-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"compat-wireless-kmp-xen-3.13_3.0.101_0.31-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"compat-wireless-kmp-default-3.13_3.0.101_0.31-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"compat-wireless-kmp-xen-3.13_3.0.101_0.31-0.9.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-17T12:49:28", "description": "Description of changes:\n\nkernel-uek\n[2.6.32-400.36.3.el6uek]\n- fix autofs/afs/etc. magic mountpoint breakage (Al Viro) [Orabug: \n19028505] {CVE-2014-0203}\n- SELinux: Fix kernel BUG on empty security contexts. (Stephen \nSmalley) [Orabug: 19028381] {CVE-2014-1874}\n- floppy: don't write kernel-only members to FDRAWCMD ioctl output \n(Matthew Daley) [Orabug: 19028446] {CVE-2014-1738}\n- floppy: ignore kernel-only members in FDRAWCMD ioctl input (Matthew \nDaley) [Orabug: 19028439] {CVE-2014-1737}\n- libertas: potential oops in debugfs (Dan Carpenter) [Orabug: \n19028417] {CVE-2013-6378}", "edition": 22, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2014-06-23T00:00:00", "title": "Oracle Linux 5 / 6 : unbreakable enterprise kernel (ELSA-2014-3043)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1737", "CVE-2013-6378", "CVE-2014-1874", "CVE-2014-1738", "CVE-2014-0203"], "modified": "2014-06-23T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.36.3.el6uek", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:ofa-2.6.32-400.36.3.el6uekdebug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.36.3.el5uek", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:ofa-2.6.32-400.36.3.el5uekdebug", "p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.36.3.el5uekdebug", "p-cpe:/a:oracle:linux:ofa-2.6.32-400.36.3.el5uek", "p-cpe:/a:oracle:linux:kernel-uek-headers", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.36.3.el6uekdebug", "p-cpe:/a:oracle:linux:ofa-2.6.32-400.36.3.el6uek"], "id": "ORACLELINUX_ELSA-2014-3043.NASL", "href": "https://www.tenable.com/plugins/nessus/76186", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2014-3043.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76186);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-6378\", \"CVE-2014-0203\", \"CVE-2014-1737\", \"CVE-2014-1738\", \"CVE-2014-1874\");\n script_bugtraq_id(63886, 65459, 67300, 67302, 68125);\n\n script_name(english:\"Oracle Linux 5 / 6 : unbreakable enterprise kernel (ELSA-2014-3043)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Description of changes:\n\nkernel-uek\n[2.6.32-400.36.3.el6uek]\n- fix autofs/afs/etc. magic mountpoint breakage (Al Viro) [Orabug: \n19028505] {CVE-2014-0203}\n- SELinux: Fix kernel BUG on empty security contexts. (Stephen \nSmalley) [Orabug: 19028381] {CVE-2014-1874}\n- floppy: don't write kernel-only members to FDRAWCMD ioctl output \n(Matthew Daley) [Orabug: 19028446] {CVE-2014-1738}\n- floppy: ignore kernel-only members in FDRAWCMD ioctl input (Matthew \nDaley) [Orabug: 19028439] {CVE-2014-1737}\n- libertas: potential oops in debugfs (Dan Carpenter) [Orabug: \n19028417] {CVE-2013-6378}\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-June/004204.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-June/004205.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.36.3.el5uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.36.3.el5uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.36.3.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.36.3.el6uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-400.36.3.el5uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-400.36.3.el5uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-400.36.3.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-400.36.3.el6uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-6378\", \"CVE-2014-0203\", \"CVE-2014-1737\", \"CVE-2014-1738\", \"CVE-2014-1874\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2014-3043\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-2.6.32\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-2.6.32-400.36.3.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-2.6.32\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-2.6.32-400.36.3.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-devel-2.6.32\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-devel-2.6.32-400.36.3.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-devel-2.6.32\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-devel-2.6.32-400.36.3.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-doc-2.6.32\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-doc-2.6.32-400.36.3.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-firmware-2.6.32\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-firmware-2.6.32-400.36.3.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-headers-2.6.32\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-headers-2.6.32-400.36.3.el5uek\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"mlnx_en-2.6.32-400.36.3.el5uek-1.5.7-2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"mlnx_en-2.6.32-400.36.3.el5uekdebug-1.5.7-2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"ofa-2.6.32-400.36.3.el5uek-1.5.1-4.0.58\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"ofa-2.6.32-400.36.3.el5uekdebug-1.5.1-4.0.58\")) flag++;\n\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-2.6.32-400.36.3.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-2.6.32-400.36.3.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-devel-2.6.32-400.36.3.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-devel-2.6.32-400.36.3.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-doc-2.6.32-400.36.3.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-firmware-2.6.32-400.36.3.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-headers-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-headers-2.6.32-400.36.3.el6uek\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"mlnx_en-2.6.32-400.36.3.el6uek-1.5.7-0.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"mlnx_en-2.6.32-400.36.3.el6uekdebug-1.5.7-0.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"ofa-2.6.32-400.36.3.el6uek-1.5.1-4.0.58\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"ofa-2.6.32-400.36.3.el6uekdebug-1.5.1-4.0.58\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:26:04", "bulletinFamily": "unix", "cvelist": ["CVE-2014-2672", "CVE-2014-1737", "CVE-2014-1874", "CVE-2013-4254", "CVE-2014-1738", "CVE-2014-1446", "CVE-2014-0196", "CVE-2013-4579", "CVE-2014-1444", "CVE-2014-1438", "CVE-2013-6885", "CVE-2014-1445", "CVE-2014-2523", "CVE-2014-0101", "CVE-2014-0069", "CVE-2014-1690"], "description": "The Linux Kernel was updated to fix various security issues and bugs.\n\n Main security issues fixed:\n\n A security issue in the tty layer that was fixed that could be used by\n local attackers for code execution (CVE-2014-0196).\n\n Two security issues in the floppy driver were fixed that could be used by\n local attackers on machines with the floppy to crash the kernel or\n potentially execute code in the kernel (CVE-2014-1737 CVE-2014-1738).\n\n Other security issues and bugs that were fixed:\n - netfilter: nf_nat: fix access to uninitialized buffer in IRC NAT helper\n (bnc#860835 CVE-2014-1690).\n\n - net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH\n (bnc#866102, CVE-2014-0101).\n\n - n_tty: Fix a n_tty_write crash and code execution when echoing in raw\n mode (bnc#871252 bnc#875690 CVE-2014-0196).\n\n - netfilter: nf_ct_sip: support Cisco 7941/7945 IP phones (bnc#873717).\n\n - Update config files: re-enable twofish crypto support Software twofish\n crypto support was disabled in several architectures since openSUSE\n 10.3. For i386 and x86_64 it was on purpose, because\n hardware-accelerated alternatives exist. However for all other\n architectures it was by accident. Re-enable software twofish crypto\n support in arm, ia64 and ppc configuration files, to guarantee that at\n least one implementation is always available (bnc#871325).\n\n - Update config files: disable CONFIG_TOUCHSCREEN_W90X900 The w90p910_ts\n driver only makes sense on the W90x900 architecture, which we do not\n support.\n\n - ath9k: protect tid->sched check (bnc#871148,CVE-2014-2672).\n\n - Fix dst_neigh_lookup/dst_neigh_lookup_skb return value handling bug\n (bnc#869898).\n\n - SELinux: Fix kernel BUG on empty security contexts\n (bnc#863335,CVE-2014-1874).\n\n - hamradio/yam: fix info leak in ioctl (bnc#858872, CVE-2014-1446).\n\n - wanxl: fix info leak in ioctl (bnc#858870, CVE-2014-1445).\n\n - farsync: fix info leak in ioctl (bnc#858869, CVE-2014-1444).\n\n - ARM: 7809/1: perf: fix event validation for software group leaders\n (CVE-2013-4254, bnc#837111).\n\n - netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages\n (bnc#868653, CVE-2014-2523).\n\n - ath9k_htc: properly set MAC address and BSSID mask (bnc#851426,\n CVE-2013-4579).\n\n - drm/ttm: don't oops if no invalidate_caches() (bnc#869414).\n\n - Apply missing patches.fixes/drm-nouveau-hwmon-rename-fan0-to-fan1.patch\n\n - xfs: growfs: use uncached buffers for new headers (bnc#858233).\n\n - xfs: use btree block initialisation functions in growfs (bnc#858233).\n\n - Revert "Delete\n patches.fixes/xfs-fix-xfs_buf_find-oops-on-blocks-beyond-the-filesystem-end\n ." (bnc#858233) Put back again the patch\n patches.fixes/xfs-fix-xfs_buf_find-oops-on-blocks-beyond-the-filesystem-end\n back as there is a better fix than reverting the affecting patch.\n\n - Delete\n patches.fixes/xfs-fix-xfs_buf_find-oops-on-blocks-beyond-the-filesystem-end\n . It turned out that this patch causes regressions (bnc#858233) The\n upstream 3.7.x also reverted it in the end (commit c3793e0d94af2).\n\n - tcp: syncookies: reduce cookie lifetime to 128 seconds (bnc#833968).\n - tcp: syncookies: reduce mss table to four values (bnc#833968).\n\n - x86, cpu, amd: Add workaround for family 16h, erratum 793 (bnc#852967\n CVE-2013-6885).\n\n - cifs: ensure that uncached writes handle unmapped areas correctly\n (bnc#864025 CVE-2014-0069).\n\n - x86, fpu, amd: Clear exceptions in AMD FXSAVE workaround (bnc#858638\n CVE-2014-1438).\n\n - xencons: generalize use of add_preferred_console() (bnc#733022,\n bnc#852652).\n - balloon: don't crash in HVM-with-PoD guests.\n - hwmon: (coretemp) Fix truncated name of alarm attributes.\n\n - NFS: Avoid PUTROOTFH when managing leases (bnc#811746).\n\n - cifs: delay super block destruction until all cifsFileInfo objects are\n gone (bnc#862145).\n\n", "edition": 1, "modified": "2014-05-19T14:04:14", "published": "2014-05-19T14:04:14", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00009.html", "id": "OPENSUSE-SU-2014:0677-1", "title": "kernel: security and bugfix update (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:59:17", "bulletinFamily": "unix", "cvelist": ["CVE-2014-2672", "CVE-2013-7265", "CVE-2014-1737", "CVE-2014-1874", "CVE-2014-1738", "CVE-2013-7264", "CVE-2014-1446", "CVE-2014-0196", "CVE-2013-4579", "CVE-2013-7263", "CVE-2014-1438", "CVE-2013-6885", "CVE-2013-7281", "CVE-2014-2523", "CVE-2014-0101", "CVE-2014-0069", "CVE-2014-1690"], "description": "This Linux kernel security update fixes various security issues and bugs.\n\n The Linux Kernel was updated to fix various security issues and bugs.\n\n Main security issues fixed:\n\n A security issue in the tty layer that was fixed that could be used by\n local attackers for code execution (CVE-2014-0196).\n\n Two security issues in the floppy driver were fixed that could be used by\n local attackers on machines with the floppy to crash the kernel or\n potentially execute code in the kernel (CVE-2014-1737 CVE-2014-1738).\n\n Other security issues and bugfixes:\n - netfilter: nf_nat: fix access to uninitialized buffer in IRC NAT helper\n (bnc#860835 CVE-2014-1690).\n\n - net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH\n (bnc#866102, CVE-2014-0101).\n\n - [media] ivtv: Fix Oops when no firmware is loaded (bnc#875440).\n\n - ALSA: hda - Add dock pin setups for Thinkpad T440 (bnc#876699).\n\n - ip6tnl: fix double free of fb_tnl_dev on exit (bnc#876531).\n\n - Update arm config files: Enable all USB-to-serial drivers Specifically,\n enable USB_SERIAL_WISHBONE and USB_SERIAL_QT2 on all arm flavors.\n\n - mei: limit the number of consecutive resets (bnc#821619,bnc#852656).\n - mei: revamp mei reset state machine (bnc#821619,bnc#852656).\n - mei: use hbm idle state to prevent spurious resets (bnc#821619).\n - mei: do not run reset flow from the interrupt thread\n (bnc#821619,bnc#852656).\n - mei: don't get stuck in select during reset (bnc#821619).\n - mei: wake also writers on reset (bnc#821619).\n - mei: remove flash_work_queue (bnc#821619,bnc#852656).\n\n - mei: me: do not load the driver if the FW doesn't support MEI interface\n (bnc#821619).\n\n - Update ec2 config files: Disable CONFIG_CAN CAN support is disabled\n everywhere else, so disable it in ec2 too.\n\n - Refresh Xen patches (bnc#851244).\n\n - Update arm/exynos config file: disable AHCI_IMX This driver is only used\n on Freescale i.MX systems so it isn't needed on Exynos.\n\n - drm: Prefer noninterlace cmdline mode unless explicitly specified\n (bnc#853350).\n\n - kabi/severities: add exception for irda. The changes resulted in a 4x\n performance increase. Any external users of this API will also want to\n rebuild their modules.\n\n - i7core_edac: Fix PCI device reference count.\n\n - KABI: revert tcp: TSO packets automatic sizing.\n - KABI: revert tcp: TSQ can use a dynamic limit.\n\n - kabi: add exceptions for kvm and l2tp\n\n - patches.fixes/sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch:\n Move include of utsname.h to where it's needed to avoid kABI breakage\n due to utsname becoming defined.\n\n - Update kabi files. The kABI references were never establishd at release.\n\n - Refresh patches.rpmify/chipidea-clean-up-dependencies Replace OF_DEVICE\n by OF (OF_DEVICE does not exist anymore.)\n\n - inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu\n functions (bnc#857643 CVE-2013-7263 CVE-2013-7264 CVE-2013-7265).\n - inet: prevent leakage of uninitialized memory to user in recv syscalls\n (bnc#857643 CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 CVE-2013-7281).\n\n - Update config files: re-enable twofish crypto support Software twofish\n crypto support was disabled in several architectures since openSUSE\n 10.3. For i386 and x86_64 it was on purpose, because\n hardware-accelerated alternatives exist. However for all other\n architectures it was by accident. Re-enable software twofish crypto\n support in arm, ia64 and ppc configuration files, to guarantee that at\n least one implementation is always available (bnc#871325).\n\n - kvm: optimize away THP checks in kvm_is_mmio_pfn() (bnc#871160).\n - Update patches.fixes/mm-close-PageTail-race.patch (bnc#871160).\n - Update patches.fixes/mm-hugetlbfs-fix-hugetlbfs-optimization.patch\n (bnc#871160).\n\n - mm: close PageTail race (bnc#81660).\n - mm: hugetlbfs: fix hugetlbfs optimization (bnc#81660).\n\n - Update config files: disable CONFIG_TOUCHSCREEN_W90X900 The w90p910_ts\n driver only makes sense on the W90x900 architecture, which we do not\n support.\n\n - ath9k: protect tid->sched check (bnc#871148,CVE-2014-2672).\n\n - Update ec2 config files: disable CONFIG_INPUT_FF_MEMLESS This helper\n module is useless on EC2.\n\n - SELinux: Fix kernel BUG on empty security contexts\n (bnc#863335,CVE-2014-1874).\n\n - hamradio/yam: fix info leak in ioctl (bnc#858872,CVE-2014-1446).\n\n - netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages\n (bnc#868653 CVE-2014-2523).\n\n - ath9k_htc: properly set MAC address and BSSID mask\n (bnc#851426,CVE-2013-4579).\n\n - drm/ttm: don't oops if no invalidate_caches() (bnc#869414).\n\n - Btrfs: do not bug_on if we try to cow a free space cache inode\n (bnc#863235).\n\n - Update vanilla config files: enable console rotation It's enabled in all\n other kernel flavors so it should be enabled in vanilla too.\n\n - Update config files. (CONFIG_EFIVAR_FS=m) Due to systemd can auto-load\n efivarfs.ko, so wet CONFIG_EFIVAR_FS to module on x86_64.\n\n - libata, freezer: avoid block device removal while system is frozen\n (bnc#849334).\n\n - Enable CONFIG_IRDA_FAST_RR=y (bnc#860502)\n\n - [media] bttv: don't setup the controls if there are no video devices\n (bnc#861750).\n\n - drm/i915/dp: add native aux defer retry limit (bnc#867718).\n - drm/i915/dp: increase native aux defer retry timeout (bnc#867718).\n\n - rpc_pipe: fix cleanup of dummy gssd directory when notification fails\n (bnc#862746).\n - sunrpc: add an "info" file for the dummy gssd pipe (bnc#862746).\n - rpc_pipe: remove the clntXX dir if creating the pipe fails (bnc#862746).\n\n - Delete rpm/_constraints after mismerge\n\n Sat Mar 8 00:41:07 CET 2014 - jbohac@xxxxxxx\n\n - Refresh\n patches.fixes/tcp-syncookies-reduce-cookie-lifetime-to-128-seconds.patch.\n\n - tcp: syncookies: reduce cookie lifetime to 128 seconds (bnc#833968).\n - tcp: syncookies: reduce mss table to four values (bnc#833968).\n\n - rpm/mkspec: Generate a per-architecture per-package _constraints file\n\n - rpm/mkspec: Remove dead code\n\n - Refresh patches.fixes/rtc-cmos-add-an-alarm-disable-quirk.patch.\n\n - rtc-cmos: Add an alarm disable quirk (bnc#812592).\n - Refresh patches.xen/xen-x86-EFI.\n\n - Refresh\n patches.apparmor/apparmor-compatibility-patch-for-v5-network-control.\n patches.drivers/pstore_disable_efi_backend_by_default.patch.\n patches.fixes/dm-table-switch-to-readonly.\n patches.fixes/kvm-ioapic.patch. patches.fixes/kvm-macos.patch.\n patches.fixes/remount-no-shrink-dcache.\n patches.fixes/scsi-dh-queuedata-accessors.\n patches.suse/0001-vfs-Hooks-for-more-fine-grained-directory-permission.patc\n h. patches.suse/ovl01-vfs-add-i_op-dentry_open.patch.\n patches.suse/sd_init.mark_majors_busy.patch.\n\n - rpm/mkspec: Fix whitespace in NoSource lines\n\n - rpm/kernel-binary.spec.in: Do not zero modules.dep before using it\n (bnc#866075)\n\n - rpm/kernel-obs-build.spec: Drop useless ExclusiveArch statement\n\n - Update config files. Set CONFIG_EFIVAR_FS to build-in for MOK support\n Update config files. Set CONFIG_EFIVAR_FS to build-in for MOK support\n\n - nfs: always make sure page is up-to-date before extending a write to\n cover the entire page (bnc#864867 bnc#865075).\n\n - x86, cpu, amd: Add workaround for family 16h, erratum 793 (bnc#852967\n CVE-2013-6885).\n - Refresh patches.xen/xen3-patch-3.10.\n\n - cifs: ensure that uncached writes handle unmapped areas correctly\n (bnc#864025 CVE-2014-0069).\n\n - x86, fpu, amd: Clear exceptions in AMD FXSAVE workaround (bnc#858638\n CVE-2014-1438).\n\n - rpm/kernel-obs-build.spec: Do not mount /sys, the build script does it\n\n - Update config files: Disable TS5500-specific drivers These drivers are\n useless without TS5500 board support: mtd-ts5500, gpio-ts5500 and max197.\n\n - balloon: don't crash in HVM-with-PoD guests.\n - usbback: fix after c/s 1232:8806dfb939d4 (bnc#842553).\n - hwmon: (coretemp) Fix truncated name of alarm attributes.\n\n - rpm/kernel-obs-build.spec: Fix for ppc64le\n\n - Scripts: .nosrc.rpm should contain only the specfile (bnc #639379)\n\n - config: update arm7hl/exynos\n - Enhances exynos support:\n * Add USB support\n * Add sound support\n * Add devices (accelerometer, etc.) on arndale board\n\n - drm/cirrus: Fix cirrus drm driver for fbdev + qemu (bnc#856760).\n\n - Spec: zeroing modules.dep to get identical builds among different\n machines\n\n - doc/README.SUSE: Update to match the current package layout\n\n - Add the README.SUSE file to the packaging branch\n\n - lockd: send correct lock when granting a delayed lock (bnc#859342).\n\n - mm/page-writeback.c: do not count anon pages as dirtyable memory\n (reclaim stalls).\n - mm/page-writeback.c: fix dirty_balance_reserve subtraction from\n dirtyable memory (reclaim stalls).\n\n", "edition": 1, "modified": "2014-05-19T14:10:36", "published": "2014-05-19T14:10:36", "id": "OPENSUSE-SU-2014:0678-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00010.html", "type": "suse", "title": "kernel: security and bugfix update (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:57:50", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3122", "CVE-2013-7265", "CVE-2014-1737", "CVE-2014-1874", "CVE-2014-1738", "CVE-2013-7264", "CVE-2014-1446", "CVE-2013-7339", "CVE-2014-0196", "CVE-2014-2678", "CVE-2013-6382", "CVE-2014-2039", "CVE-2013-4579", "CVE-2013-7263", "CVE-2014-1444", "CVE-2013-6885", "CVE-2014-1445", "CVE-2013-4470", "CVE-2014-2523", "CVE-2014-0101", "CVE-2014-0069"], "edition": 1, "description": "The SUSE Linux Enterprise Server 11 SP2 LTSS kernel received a roll-up\n update to fix security and non-security issues.\n\n The following security bugs have been fixed:\n\n *\n\n CVE-2013-4470: The Linux kernel before 3.12, when UDP Fragmentation\n Offload (UFO) is enabled, does not properly initialize certain data\n structures, which allows local users to cause a denial of service (memory\n corruption and system crash) or possibly gain privileges via a crafted\n application that uses the UDP_CORK option in a setsockopt system call and\n sends both short and long packets, related to the ip_ufo_append_data\n function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in\n net/ipv6/ip6_output.c. (bnc#847672)\n\n *\n\n CVE-2013-4579: The ath9k_htc_set_bssid_mask function in\n drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through\n 3.12 uses a BSSID masking approach to determine the set of MAC addresses\n on which a Wi-Fi device is listening, which allows remote attackers to\n discover the original MAC address after spoofing by sending a series of\n packets to MAC addresses with certain bit manipulations. (bnc#851426)\n\n *\n\n CVE-2013-6382: Multiple buffer underflows in the XFS implementation\n in the Linux kernel through 3.12.1 allow local users to cause a denial of\n service (memory corruption) or possibly have unspecified\n other impact by leveraging the CAP_SYS_ADMIN capability for a (1)\n XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call\n with a crafted length value, related to the xfs_attrlist_by_handle\n function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle\n function in fs/xfs/xfs_ioctl32.c. (bnc#852553)\n\n *\n\n CVE-2013-6885: The microcode on AMD 16h 00h through 0Fh processors\n does not properly handle the interaction between locked instructions and\n write-combined memory types, which allows local users to cause a denial of\n service (system hang) via a crafted application, aka the errata 793 issue.\n (bnc#852967)\n\n *\n\n CVE-2013-7263: The Linux kernel before 3.12.4 updates certain length\n values before ensuring that associated data structures have been\n initialized, which allows local users to obtain sensitive information from\n kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg\n system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c,\n net/ipv6/raw.c, and net/ipv6/udp.c. (bnc#857643)\n\n *\n\n CVE-2013-7264: The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in\n the Linux kernel before 3.12.4 updates a certain length value before\n ensuring that an associated data structure has been initialized, which\n allows local users to obtain sensitive information from kernel stack\n memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.\n (bnc#857643)\n\n *\n\n CVE-2013-7265: The pn_recvmsg function in net/phonet/datagram.c in\n the Linux kernel before 3.12.4 updates a certain length value before\n ensuring that an associated data structure has been initialized, which\n allows local users to obtain sensitive information from kernel stack\n memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.\n (bnc#857643)\n\n *\n\n CVE-2013-7339: The rds_ib_laddr_check function in net/rds/ib.c in\n the Linux kernel before 3.12.8 allows local users to cause a denial of\n service (NULL pointer dereference and system crash) or possibly have\n unspecified other impact via a bind system call for an RDS socket on a\n system that lacks RDS transports. (bnc#869563)\n\n *\n\n CVE-2014-0069: The cifs_iovec_write function in fs/cifs/file.c in\n the Linux kernel through 3.13.5 does not properly handle uncached write\n operations that copy fewer than the requested number of bytes, which\n allows local users to obtain sensitive information from kernel memory,\n cause a denial of service (memory corruption and system crash), or\n possibly gain privileges via a writev system call with a crafted pointer.\n (bnc#864025)\n\n *\n\n CVE-2014-0101: The sctp_sf_do_5_1D_ce function in\n net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not\n validate certain auth_enable and auth_capable fields before making an\n sctp_sf_authenticate call, which allows remote attackers to cause a denial\n of service (NULL pointer dereference and system crash) via an SCTP\n handshake with a modified INIT chunk and a crafted AUTH chunk before a\n COOKIE_ECHO chunk. (bnc#866102)\n\n *\n\n CVE-2014-0196: The n_tty_write function in drivers/tty/n_tty.c in\n the Linux kernel through 3.14.3 does not properly manage tty driver access\n in the "LECHO & !OPOST" case, which allows local users to cause a denial\n of service (memory corruption and system crash) or gain privileges by\n triggering a race condition involving read and write operations with long\n strings. (bnc#875690)\n\n *\n\n CVE-2014-1444: The fst_get_iface function in\n drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not\n properly initialize a certain data structure, which allows local users to\n obtain sensitive information from kernel memory by leveraging the\n CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call. (bnc#858869)\n\n *\n\n CVE-2014-1445: The wanxl_ioctl function in drivers/net/wan/wanxl.c\n in the Linux kernel before 3.11.7 does not properly initialize a certain\n data structure, which allows local users to obtain sensitive information\n from kernel memory via an ioctl call. (bnc#858870)\n\n *\n\n CVE-2014-1446: The yam_ioctl function in drivers/net/hamradio/yam.c\n in the Linux kernel before 3.12.8 does not initialize a certain structure\n member, which allows local users to obtain sensitive information from\n kernel memory by leveraging the CAP_NET_ADMIN capability for an\n SIOCYAMGCFG ioctl call. (bnc#858872)\n\n *\n\n CVE-2014-1737: The raw_cmd_copyin function in drivers/block/floppy.c\n in the Linux kernel through 3.14.3 does not properly handle error\n conditions during processing of an FDRAWCMD ioctl call, which allows local\n users to trigger kfree operations and gain privileges by leveraging write\n access to a /dev/fd device. (bnc#875798)\n\n *\n\n CVE-2014-1738: The raw_cmd_copyout function in\n drivers/block/floppy.c in the Linux kernel through 3.14.3 does not\n properly restrict access to certain pointers during processing of an\n FDRAWCMD ioctl call, which allows local users to obtain sensitive\n information from kernel heap memory by leveraging write access to a\n /dev/fd device. (bnc#875798)\n\n *\n\n CVE-2014-1874: The security_context_to_sid_core function in\n security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows\n local users to cause a denial of service (system crash) by leveraging the\n CAP_MAC_ADMIN capability to set a zero-length security context.\n (bnc#863335)\n\n *\n\n CVE-2014-2039: arch/s390/kernel/head64.S in the Linux kernel before\n 3.13.5 on the s390 platform does not properly handle attempted use of the\n linkage stack, which allows local users to cause a denial of service\n (system crash) by executing a crafted instruction. (bnc#865307)\n\n *\n\n CVE-2014-2523: net/netfilter/nf_conntrack_proto_dccp.c in the Linux\n kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows\n remote attackers to cause a denial of service (system crash)\n or possibly execute arbitrary code via a DCCP packet that triggers a\n call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.\n (bnc#868653)\n\n *\n\n CVE-2014-2678: The rds_iw_laddr_check function in net/rds/iw.c in\n the Linux kernel through 3.14 allows local users to cause a denial of\n service (NULL pointer dereference and system crash) or possibly have\n unspecified other impact via a bind system call for an RDS socket on a\n system that lacks RDS transports. (bnc#871561)\n\n *\n\n CVE-2014-3122: The try_to_unmap_cluster function in mm/rmap.c in the\n Linux kernel before 3.14.3 does not properly consider which pages must be\n locked, which allows local users to cause a denial of service (system\n crash) by triggering a memory-usage pattern that requires removal of\n page-table mappings. (bnc#876102)\n\n Also the following non-security bugs have been fixed:\n\n * kabi: protect symbols modified by bnc#864833 fix (bnc#864833).\n * arch: Fix incorrect config symbol in #ifdef (bnc#844513).\n * ACPICA: Add a lock to the internal object reference count mechanism\n (bnc#857499).\n * x86/PCI: reduce severity of host bridge window conflict warnings\n (bnc#858534).\n * ia64: Change default PSR.ac from "1" to "0" (Fix erratum #237)\n (bnc#874108).\n * timer: Prevent overflow in apply_slack (bnc#873061).\n * xen: Close a race condition in Xen nested spinlock (bnc#858280,\n bnc#819351).\n * storvsc: NULL pointer dereference fix (bnc#865330).\n * sched: Make scale_rt_power() deal with backward clocks (bnc#865310).\n * sched: Use CPUPRI_NR_PRIORITIES instead of MAX_RT_PRIO in cpupri\n check (bnc#871861).\n *\n\n sched: update_rq_clock() must skip ONE update (bnc#868528,\n bnc#869033).\n\n *\n\n md: Change handling of save_raid_disk and metadata update during\n recovery (bnc#849364).\n\n * dm-mpath: Fixup race condition in activate_path() (bnc#708296).\n * dm-mpath: do not detach stale hardware handler (bnc#708296).\n * dm-multipath: Improve logging (bnc#708296).\n * scsi_dh_alua: Simplify state machine (bnc#854025).\n * scsi_dh_alua: endless STPG retries for a failed LUN (bnc#865342).\n *\n\n scsi_dh_alua: fixup RTPG retry delay miscalculation (bnc#854025).\n\n *\n\n vfs,proc: guarantee unique inodes in /proc.\n\n * FS-Cache: Handle removal of unadded object to the\n fscache_object_list rb tree (bnc#855885).\n * NFSD/sunrpc: avoid deadlock on TCP connection due to memory pressure\n (bnc#853455).\n * NFS: Avoid occasional hang with NFS (bnc#852488).\n * NFS: do not try to use lock state when we hold a delegation\n (bnc#831029) - add to series.conf\n * btrfs: do not loop on large offsets in readdir (bnc#863300).\n * btrfs: restrict snapshotting to own subvolumes (bnc#736697).\n * btrfs: fix extent boundary check in bio_readpage_error.\n *\n\n btrfs: fix extent_map block_len after merging.\n\n *\n\n net: add missing bh_unlock_sock() calls (bnc#862429).\n\n * inet: Pass inetpeer root into inet_getpeer*() interfaces\n (bnc#864833).\n * inet: Hide route peer accesses behind helpers (bnc#864833).\n * inet: Avoid potential NULL peer dereference (bnc#864833).\n * inet: handle rt{,6}_bind_peer() failure correctly (bnc#870801).\n * inetpeer: prevent unlinking from unused list twice (bnc#867953).\n * net/mlx4_en: Fix pages never dma unmapped on rx (bnc#858604).\n * tcp: clear xmit timers in tcp_v4_syn_recv_sock() (bnc#862429).\n * ipv6: fix race condition regarding dst->expires and dst->from\n (bnc#843185).\n *\n\n ipv6 routing, NLM_F_* flag support: REPLACE and EXCL flags support,\n warn about missing CREATE flag (bnc#865783).\n\n *\n\n mpt2sas: Do not check DIF for unwritten blocks (bnc#746500,\n bnc#836347).\n\n * mpt2sas: Add a module parameter that permits overriding protection\n capabilities (bnc#746500).\n *\n\n mpt2sas: Return the correct sense key for DIF errors (bnc#746500).\n\n *\n\n s390/cio: Delay scan for newly available I/O devices (bnc#855347,\n bnc#814788, bnc#856083).\n\n * s390/cio: More efficient handling of CHPID availability events\n (bnc#855347, bnc#814788, bnc#856083).\n * s390/cio: Relax subchannel scan loop (bnc#855347, bnc#814788,\n bnc#856083).\n *\n\n s390/css: stop stsch loop after cc 3 (bnc#855347, bnc#814788,\n bnc#856083).\n\n *\n\n supported.conf: Driver corgi_bl was renamed to generic_bl in kernel\n 2.6.29.\n\n * supported.conf: Add drivers/of/of_mdio That was a missing dependency\n for mdio-gpio on ppc64.\n * supported.conf: Fix mdio-gpio module name Module mdio-ofgpio was\n renamed to mdio-gpio in kernel 2.6.29, this should have been\n reflected in supported.conf.\n * supported.conf: Adjust radio-si470x module names\n * Update config files: re-enable twofish crypto support. (bnc#871325)\n", "modified": "2014-05-22T02:04:17", "published": "2014-05-22T02:04:17", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00013.html", "id": "SUSE-SU-2014:0696-1", "type": "suse", "title": "Security update for Linux kernel (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:31:56", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1737", "CVE-2014-1738", "CVE-2014-0196"], "description": "The SUSE Linux Enterprise 11 Service Pack 3 RealTime Extension kernel has\n been updated to fix two critical security issues.\n\n The following security bugs have been fixed:\n\n *\n\n CVE-2014-1737: The raw_cmd_copyin function in drivers/block/floppy.c\n in the Linux kernel through 3.14.3 does not properly handle error\n conditions during processing of an FDRAWCMD ioctl call, which allows local\n users to trigger kfree operations and gain privileges by leveraging write\n access to a /dev/fd device. (bnc#875798)\n\n *\n\n CVE-2014-1738: The raw_cmd_copyout function in\n drivers/block/floppy.c in the Linux kernel through 3.14.3 does not\n properly restrict access to certain pointers during processing of an\n FDRAWCMD ioctl call, which allows local users to obtain sensitive\n information from kernel heap memory by leveraging write access to a\n /dev/fd device. (bnc#875798)\n\n *\n\n CVE-2014-0196: The n_tty_write function in drivers/tty/n_tty.c in\n the Linux kernel through 3.14.3 does not properly manage tty driver access\n in the "LECHO & !OPOST" case, which allows local users to cause a denial\n of service (memory corruption and system crash) or gain privileges by\n triggering a race condition involving read and write operations with long\n strings. (bnc#875690)\n", "edition": 1, "modified": "2014-05-20T19:04:37", "published": "2014-05-20T19:04:37", "id": "SUSE-SU-2014:0683-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html", "type": "suse", "title": "Security update for Linux kernel (important)", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:05:28", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1737", "CVE-2014-1738", "CVE-2014-0196"], "description": "The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix the\n following severe security issues:\n\n *\n\n CVE-2014-1737: The raw_cmd_copyin function in drivers/block/floppy.c\n in the Linux kernel through 3.14.3 does not properly handle error\n conditions during processing of an FDRAWCMD ioctl call, which allows local\n users to trigger kfree operations and gain privileges by leveraging write\n access to a /dev/fd device. (bnc#875798)\n\n *\n\n CVE-2014-1738: The raw_cmd_copyout function in\n drivers/block/floppy.c in the Linux kernel through 3.14.3 does not\n properly restrict access to certain pointers during processing of an\n FDRAWCMD ioctl call, which allows local users to obtain sensitive\n information from kernel heap memory by leveraging write access to a\n /dev/fd device. (bnc#875798)\n\n *\n\n CVE-2014-0196: The n_tty_write function in drivers/tty/n_tty.c in\n the Linux kernel through 3.14.3 does not properly manage tty driver access\n in the "LECHO & !OPOST" case, which allows local users to cause a denial\n of service (memory corruption and system crash) or gain privileges by\n triggering a race condition involving read and write operations with long\n strings. (bnc#875690)\n\n Security Issues references:\n\n * CVE-2014-0196\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0196\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0196</a>>\n * CVE-2014-1737\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1737\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1737</a>>\n * CVE-2014-1738\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1738\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1738</a>>\n", "edition": 1, "modified": "2014-05-16T03:04:20", "published": "2014-05-16T03:04:20", "id": "SUSE-SU-2014:0667-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html", "type": "suse", "title": "Security update for Linux Kernel (important)", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:38:49", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3122", "CVE-2013-7027", "CVE-2012-6647", "CVE-2013-7265", "CVE-2014-1737", "CVE-2014-1874", "CVE-2014-1738", "CVE-2013-7264", "CVE-2013-7339", "CVE-2014-0196", "CVE-2014-2678", "CVE-2013-6382", "CVE-2014-3153", "CVE-2013-7263", "CVE-2013-6885", "CVE-2014-2523", "CVE-2014-0101"], "description": "The SUSE Linux Enterprise Server 11 SP1 LTSS kernel received a roll-up\n update to fix security and non-security issues.\n\n The following security issues have been fixed:\n\n *\n\n CVE-2014-3153: The futex acquisition code in kernel/futex.c can be\n used to gain ring0 access via the futex syscall. This could be used for\n privilege escalation for non root users. (bnc#880892)\n\n *\n\n CVE-2012-6647: The futex_wait_requeue_pi function in kernel/futex.c\n in the Linux kernel before 3.5.1 does not ensure that calls have two\n different futex addresses, which allows local users to cause a denial\n of service (NULL pointer dereference and system crash) or possibly\n have unspecified other impact via a crafted FUTEX_WAIT_REQUEUE_PI command.\n (bnc#878289)\n\n *\n\n CVE-2013-6382: Multiple buffer underflows in the XFS implementation\n in the Linux kernel through 3.12.1 allow local users to cause a denial of\n service (memory corruption) or possibly have unspecified\n other impact by leveraging the CAP_SYS_ADMIN capability for a (1)\n XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call\n with a crafted length value, related to the xfs_attrlist_by_handle\n function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle\n function in fs/xfs/xfs_ioctl32.c. (bnc#852553)\n\n *\n\n CVE-2013-6885: The microcode on AMD 16h 00h through 0Fh processors\n does not properly handle the interaction between locked instructions and\n write-combined memory types, which allows local users to cause a denial of\n service (system hang) via a crafted application, aka the errata 793 issue.\n (bnc#852967)\n\n *\n\n CVE-2013-7263: The Linux kernel before 3.12.4 updates certain length\n values before ensuring that associated data structures have been\n initialized, which allows local users to obtain sensitive information from\n kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg\n system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c,\n net/ipv6/raw.c, and net/ipv6/udp.c. (bnc#857643)\n\n *\n\n CVE-2013-7264: The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in\n the Linux kernel before 3.12.4 updates a certain length value before\n ensuring that an associated data structure has been initialized, which\n allows local users to obtain sensitive information from kernel stack\n memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.\n (bnc#857643)\n\n *\n\n CVE-2013-7265: The pn_recvmsg function in net/phonet/datagram.c in\n the Linux kernel before 3.12.4 updates a certain length value before\n ensuring that an associated data structure has been initialized, which\n allows local users to obtain sensitive information from kernel stack\n memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.\n (bnc#857643)\n\n *\n\n CVE-2013-7339: The rds_ib_laddr_check function in net/rds/ib.c in\n the Linux kernel before 3.12.8 allows local users to cause a denial of\n service (NULL pointer dereference and system crash) or possibly have\n unspecified other impact via a bind system call for an RDS socket on a\n system that lacks RDS transports. (bnc#869563)\n\n *\n\n CVE-2014-0101: The sctp_sf_do_5_1D_ce function in\n net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not\n validate certain auth_enable and auth_capable fields before making an\n sctp_sf_authenticate call, which allows remote attackers to cause a denial\n of service (NULL pointer dereference and system crash) via an SCTP\n handshake with a modified INIT chunk and a crafted AUTH chunk before a\n COOKIE_ECHO chunk. (bnc#866102)\n\n *\n\n CVE-2014-0196: The n_tty_write function in drivers/tty/n_tty.c in\n the Linux kernel through 3.14.3 does not properly manage tty driver access\n in the "LECHO & !OPOST" case, which allows local users to cause a denial\n of service (memory corruption and system crash) or gain privileges by\n triggering a race condition involving read and write operations with long\n strings. (bnc#875690)\n\n *\n\n CVE-2014-1737: The raw_cmd_copyin function in drivers/block/floppy.c\n in the Linux kernel through 3.14.3 does not properly handle error\n conditions during processing of an FDRAWCMD ioctl call, which allows local\n users to trigger kfree operations and gain privileges by leveraging write\n access to a /dev/fd device. (bnc#875798)\n\n *\n\n CVE-2014-1738: The raw_cmd_copyout function in\n drivers/block/floppy.c in the Linux kernel through 3.14.3 does not\n properly restrict access to certain pointers during processing of an\n FDRAWCMD ioctl call, which allows local users to obtain sensitive\n information from kernel heap memory by leveraging write access to a\n /dev/fd device. (bnc#875798)\n\n *\n\n CVE-2014-1874: The security_context_to_sid_core function in\n security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows\n local users to cause a denial of service (system crash) by leveraging the\n CAP_MAC_ADMIN capability to set a zero-length security context.\n (bnc#863335)\n\n *\n\n CVE-2014-2523: net/netfilter/nf_conntrack_proto_dccp.c in the Linux\n kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows\n remote attackers to cause a denial of service (system crash)\n or possibly execute arbitrary code via a DCCP packet that triggers a\n call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.\n (bnc#868653)\n\n *\n\n CVE-2014-2678: The rds_iw_laddr_check function in net/rds/iw.c in\n the Linux kernel through 3.14 allows local users to cause a denial of\n service (NULL pointer dereference and system crash) or possibly have\n unspecified other impact via a bind system call for an RDS socket on a\n system that lacks RDS transports. (bnc#871561)\n\n *\n\n CVE-2014-3122: The try_to_unmap_cluster function in mm/rmap.c in the\n Linux kernel before 3.14.3 does not properly consider which pages must be\n locked, which allows local users to cause a denial of service (system\n crash) by triggering a memory-usage pattern that requires removal of\n page-table mappings. (bnc#876102)\n\n *\n\n CVE-2013-7027: The ieee80211_radiotap_iterator_init function in\n net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check\n whether a frame contains any data outside of the header, which might allow\n attackers to cause a denial of service (buffer over-read) via a crafted\n header. (bnc#854634)\n\n The following non-security issues have been fixed:\n\n * sched: protect scale_rt_power() from clock aberations (bnc#630970,\n bnc#661605, bnc#865310).\n * sched: fix divide by zero at {thread_group,task}_times (bnc#761774,\n bnc#873070).\n * clocksource: avoid unnecessary overflow in cyclecounter_cyc2ns()\n (bnc#865310).\n * ia64: Change default PSR.ac from "1" to "0" (Fix erratum #237)\n (bnc#874108).\n * block: Wait for queue cleanup until the queue is empty before queue\n cleanup (bnc#792407).\n * fs: do_add_mount()/umount -l races (bnc#663516).\n * vfs,proc: guarantee unique inodes in /proc (bnc#868049).\n * nfs: Allow nfsdv4 to work when fips=1 (bnc#868488).\n * inet_diag: fix oops for IPv4 AF_INET6 TCP SYN-RECV state\n (bnc#854743).\n * bonding: send unsolicited NA for all addresses (bnc#856756).\n * bonding: send unsolicited neighbour advertisements to all-nodes\n (bnc#856756).\n\n Security Issues references:\n\n * CVE-2012-6647\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6647\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6647</a>>\n * CVE-2013-6382\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6382\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6382</a>>\n * CVE-2013-6885\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6885\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6885</a>>\n * CVE-2013-7027\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7027\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7027</a>>\n * CVE-2013-7263\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263</a>>\n * CVE-2013-7264\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7264\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7264</a>>\n * CVE-2013-7265\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7265\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7265</a>>\n * CVE-2013-7339\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7339\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7339</a>>\n * CVE-2014-0101\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0101\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0101</a>>\n * CVE-2014-0196\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0196\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0196</a>>\n * CVE-2014-1737\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1737\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1737</a>>\n * CVE-2014-1738\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1738\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1738</a>>\n * CVE-2014-1874\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1874\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1874</a>>\n * CVE-2014-2523\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2523\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2523</a>>\n * CVE-2014-2678\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2678\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2678</a>>\n * CVE-2014-3122\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3122\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3122</a>>\n * CVE-2014-3153\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153</a>>\n", "edition": 1, "modified": "2014-06-18T01:04:38", "published": "2014-06-18T01:04:38", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00022.html", "id": "SUSE-SU-2014:0807-1", "title": "Security update for Linux Kernel (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2020-01-31T18:39:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-2672", "CVE-2013-7265", "CVE-2014-1737", "CVE-2014-1874", "CVE-2014-1738", "CVE-2013-7264", "CVE-2014-1446", "CVE-2014-0196", "CVE-2013-4579", "CVE-2013-7263", "CVE-2014-1438", "CVE-2013-6885", "CVE-2013-7281", "CVE-2014-2523", "CVE-2014-0101", "CVE-2014-0069", "CVE-2014-1690"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2014-05-26T00:00:00", "id": "OPENVAS:1361412562310850587", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850587", "type": "openvas", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2014:0678-1)", "sourceData": "# Copyright (C) 2014 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850587\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-05-26 15:13:41 +0530 (Mon, 26 May 2014)\");\n script_cve_id(\"CVE-2013-4579\", \"CVE-2013-6885\", \"CVE-2013-7263\", \"CVE-2013-7264\",\n \"CVE-2013-7265\", \"CVE-2013-7281\", \"CVE-2014-0069\", \"CVE-2014-0101\",\n \"CVE-2014-0196\", \"CVE-2014-1438\", \"CVE-2014-1446\", \"CVE-2014-1690\",\n \"CVE-2014-1737\", \"CVE-2014-1738\", \"CVE-2014-1874\", \"CVE-2014-2523\",\n \"CVE-2014-2672\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2014:0678-1)\");\n\n script_tag(name:\"affected\", value:\"kernel on openSUSE 13.1\");\n\n script_tag(name:\"insight\", value:\"This Linux kernel security update fixes various security issues and bugs.\n\n The Linux Kernel was updated to fix various security issues and bugs.\n\n Main security issues fixed:\n\n A security issue in the tty layer that was fixed that could be used by\n local attackers for code execution (CVE-2014-0196).\n\n Two security issues in the floppy driver were fixed that could be used by\n local attackers on machines with the floppy to crash the kernel or\n potentially execute code in the kernel (CVE-2014-1737 CVE-2014-1738).\n\n Other security issues and bugfixes:\n\n - netfilter: nf_nat: fix access to uninitialized buffer in IRC NAT helper\n (bnc#860835 CVE-2014-1690).\n\n - net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH\n (bnc#866102, CVE-2014-0101).\n\n - [media] ivtv: Fix Oops when no firmware is loaded (bnc#875440).\n\n - ALSA: hda - Add dock pin setups for Thinkpad T440 (bnc#876699).\n\n - ip6tnl: fix double free of fb_tnl_dev on exit (bnc#876531).\n\n - Update arm config files: Enable all USB-to-serial drivers Specifically,\n enable USB_SERIAL_WISHBONE and USB_SERIAL_QT2 on all arm flavors.\n\n - mei: limit the number of consecutive resets (bnc#821619, bnc#852656).\n\n - mei: revamp mei reset state machine (bnc#821619, bnc#852656).\n\n - mei: use hbm idle state to prevent spurious resets (bnc#821619).\n\n - mei: do not run reset flow from the interrupt thread\n (bnc#821619, bnc#852656).\n\n - mei: don't get stuck in select during reset (bnc#821619).\n\n - mei: wake also writers on reset (bnc#821619).\n\n - mei: remove flash_work_queue (bnc#821619, bnc#852656).\n\n - mei: me: do not load the driver if the FW doesn't support MEI interface\n (bnc#821619).\n\n - Update ec2 config files: Disable CONFIG_CAN CAN support is disabled\n everywhere else, so disable it in ec2 too.\n\n - Refresh Xen patches (bnc#851244).\n\n - Update arm/exynos config file: disable AHCI_IMX This driver is only used\n on Freescale i.MX systems so it isn't needed on Exynos.\n\n - drm: Prefer noninterlace cmdline mode unless explicitly specified\n (bnc#853350).\n\n - kabi/severities: add exception for irda. The changes resulted in a 4x\n performance increase. Any external users of this API will also want to\n rebuild their modules.\n\n - i7core_edac: Fix PCI device reference count.\n\n - KABI: revert tcp: TSO packets automatic sizing.\n\n - KABI: revert tcp: TSQ can use a dynamic limit.\n\n - kabi: add exceptions for kvm and l2tp\n\n - patches.fixes/sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch:\n Move include of utsname.h to where it's needed to avoid kABI breakage\n due to utsname becoming defined.\n\n - Update kabi files. The kABI r ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"openSUSE-SU\", value:\"2014:0678-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.1\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"cloop\", rpm:\"cloop~2.639~11.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-debuginfo\", rpm:\"cloop-debuginfo~2.639~11.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-debugsource\", rpm:\"cloop-debugsource~2.639~11.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-default\", rpm:\"cloop-kmp-default~2.639_k3.11.10_11~11.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-default-debuginfo\", rpm:\"cloop-kmp-default-debuginfo~2.639_k3.11.10_11~11.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-desktop\", rpm:\"cloop-kmp-desktop~2.639_k3.11.10_11~11.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-desktop-debuginfo\", rpm:\"cloop-kmp-desktop-debuginfo~2.639_k3.11.10_11~11.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-xen\", rpm:\"cloop-kmp-xen~2.639_k3.11.10_11~11.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-xen-debuginfo\", rpm:\"cloop-kmp-xen-debuginfo~2.639_k3.11.10_11~11.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash\", rpm:\"crash~7.0.2~2.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-debuginfo\", rpm:\"crash-debuginfo~7.0.2~2.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-debugsource\", rpm:\"crash-debugsource~7.0.2~2.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-devel\", rpm:\"crash-devel~7.0.2~2.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-doc\", rpm:\"crash-doc~7.0.2~2.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-eppic\", rpm:\"crash-eppic~7.0.2~2.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-eppic-debuginfo\", rpm:\"crash-eppic-debuginfo~7.0.2~2.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-gcore\", rpm:\"crash-gcore~7.0.2~2.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-gcore-debuginfo\", rpm:\"crash-gcore-debuginfo~7.0.2~2.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-default\", rpm:\"crash-kmp-default~7.0.2_k3.11.10_11~2.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-default-debuginfo\", rpm:\"crash-kmp-default-debuginfo~7.0.2_k3.11.10_11~2.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-desktop\", rpm:\"crash-kmp-desktop~7.0.2_k3.11.10_11~2.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-desktop-debuginfo\", rpm:\"crash-kmp-desktop-debuginfo~7.0.2_k3.11.10_11~2.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-xen\", rpm:\"crash-kmp-xen~7.0.2_k3.11.10_11~2.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-xen-debuginfo\", rpm:\"crash-kmp-xen-debuginfo~7.0.2_k3.11.10_11~2.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-debugsource\", rpm:\"hdjmod-debugsource~1.28~16.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-default\", rpm:\"hdjmod-kmp-default~1.28_k3.11.10_11~16.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-default-debuginfo\", rpm:\"hdjmod-kmp-default-debuginfo~1.28_k3.11.10_11~16.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-desktop\", rpm:\"hdjmod-kmp-desktop~1.28_k3.11.10_11~16.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-desktop-debuginfo\", rpm:\"hdjmod-kmp-desktop-debuginfo~1.28_k3.11.10_11~16.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-xen\", rpm:\"hdjmod-kmp-xen~1.28_k3.11.10_11~16.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-xen-debuginfo\", rpm:\"hdjmod-kmp-xen-debuginfo~1.28_k3.11.10_11~16.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset\", rpm:\"ipset~6.19~2.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-debuginfo\", rpm:\"ipset-debuginfo~6.19~2.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-debugsource\", rpm:\"ipset-debugsource~6.19~2.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-devel\", rpm:\"ipset-devel~6.19~2.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-default\", rpm:\"ipset-kmp-default~6.19_k3.11.10_11~2.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-default-debuginfo\", rpm:\"ipset-kmp-default-debuginfo~6.19_k3.11.10_11~2.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-desktop\", rpm:\"ipset-kmp-desktop~6.19_k3.11.10_11~2.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-desktop-debuginfo\", rpm:\"ipset-kmp-desktop-debuginfo~6.19_k3.11.10_11~2.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-xen\", rpm:\"ipset-kmp-xen~6.19_k3.11.10_11~2.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-xen-debuginfo\", rpm:\"ipset-kmp-xen-debuginfo~6.19_k3.11.10_11~2.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget\", rpm:\"iscsitarget~1.4.20.3~13.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-debuginfo\", rpm:\"iscsitarget-debuginfo~1.4.20.3~13.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-debugsource\", rpm:\"iscsitarget-debugsource~1.4.20.3~13.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-default\", rpm:\"iscsitarget-kmp-default~1.4.20.3_k3.11.10_11~13.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-default-debuginfo\", rpm:\"iscsitarget-kmp-default-debuginfo~1.4.20.3_k3.11.10_11~13.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-desktop\", rpm:\"iscsitarget-kmp-desktop~1.4.20.3_k3.11.10_11~13.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-desktop-debuginfo\", rpm:\"iscsitarget-kmp-desktop-debuginfo~1.4.20.3_k3.11.10_11~13.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-xen\", rpm:\"iscsitarget-kmp-xen~1.4.20.3_k3.11.10_11~13.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-xen-debuginfo\", rpm:\"iscsitarget-kmp-xen-debuginfo~1.4.20.3_k3.11.10_11~13.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel-debuginfo\", rpm:\"kernel-default-devel-debuginfo~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libipset3\", rpm:\"libipset3~6.19~2.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libipset3-debuginfo\", rpm:\"libipset3-debuginfo~6.19~2.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper\", rpm:\"ndiswrapper~1.58~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-debuginfo\", rpm:\"ndiswrapper-debuginfo~1.58~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-debugsource\", rpm:\"ndiswrapper-debugsource~1.58~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-kmp-default\", rpm:\"ndiswrapper-kmp-default~1.58_k3.11.10_11~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-kmp-default-debuginfo\", rpm:\"ndiswrapper-kmp-default-debuginfo~1.58_k3.11.10_11~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-kmp-desktop\", rpm:\"ndiswrapper-kmp-desktop~1.58_k3.11.10_11~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-kmp-desktop-debuginfo\", rpm:\"ndiswrapper-kmp-desktop-debuginfo~1.58_k3.11.10_11~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch\", rpm:\"openvswitch~1.11.0~0.25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-controller\", rpm:\"openvswitch-controller~1.11.0~0.25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-controller-debuginfo\", rpm:\"openvswitch-controller-debuginfo~1.11.0~0.25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-debuginfo\", rpm:\"openvswitch-debuginfo~1.11.0~0.25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-debugsource\", rpm:\"openvswitch-debugsource~1.11.0~0.25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-kmp-default\", rpm:\"openvswitch-kmp-default~1.11.0_k3.11.10_11~0.25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-kmp-default-debuginfo\", rpm:\"openvswitch-kmp-default-debuginfo~1.11.0_k3.11.10_11~0.25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-kmp-desktop\", rpm:\"openvswitch-kmp-desktop~1.11.0_k3.11.10_11~0.25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-kmp-desktop-debuginfo\", rpm:\"openvswitch-kmp-desktop-debuginfo~1.11.0_k3.11.10_11~0.25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-kmp-xen\", rpm:\"openvswitch-kmp-xen~1.11.0_k3.11.10_11~0.25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-kmp-xen-debuginfo\", rpm:\"openvswitch-kmp-xen-debuginfo~1.11.0_k3.11.10_11~0.25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-pki\", rpm:\"openvswitch-pki~1.11.0~0.25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-switch\", rpm:\"openvswitch-switch~1.11.0~0.25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-switch-debuginfo\", rpm:\"openvswitch-switch-debuginfo~1.11.0~0.25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-test\", rpm:\"openvswitch-test~1.11.0~0.25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock\", rpm:\"pcfclock~0.44~258.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-debuginfo\", rpm:\"pcfclock-debuginfo~0.44~258.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-debugsource\", rpm:\"pcfclock-debugsource~0.44~258.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-default\", rpm:\"pcfclock-kmp-default~0.44_k3.11.10_11~258.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-default-debuginfo\", rpm:\"pcfclock-kmp-default-debuginfo~0.44_k3.11.10_11~258.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-desktop\", rpm:\"pcfclock-kmp-desktop~0.44_k3.11.10_11~258.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-desktop-debuginfo\", rpm:\"pcfclock-kmp-desktop-debuginfo~0.44_k3.11.10_11~258.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-openvswitch\", rpm:\"python-openvswitch~1.11.0~0.25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-openvswitch-test\", rpm:\"python-openvswitch-test~1.11.0~0.25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-virtualbox\", rpm:\"python-virtualbox~4.2.18~2.12.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-virtualbox-debuginfo\", rpm:\"python-virtualbox-debuginfo~4.2.18~2.12.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox\", rpm:\"virtualbox~4.2.18~2.12.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-debuginfo\", rpm:\"virtualbox-debuginfo~4.2.18~2.12.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-debugsource\", rpm:\"virtualbox-debugsource~4.2.18~2.12.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-devel\", rpm:\"virtualbox-devel~4.2.18~2.12.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-default\", rpm:\"virtualbox-guest-kmp-default~4.2.18_k3.11.10_11~2.12.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-default-debuginfo\", rpm:\"virtualbox-guest-kmp-default-debuginfo~4.2.18_k3.11.10_11~2.12.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-desktop\", rpm:\"virtualbox-guest-kmp-desktop~4.2.18_k3.11.10_11~2.12.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-desktop-debuginfo\", rpm:\"virtualbox-guest-kmp-desktop-debuginfo~4.2.18_k3.11.10_11~2.12.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-tools\", rpm:\"virtualbox-guest-tools~4.2.18~2.12.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-tools-debuginfo\", rpm:\"virtualbox-guest-tools-debuginfo~4.2.18~2.12.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-x11\", rpm:\"virtualbox-guest-x11~4.2.18~2.12.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-x11-debuginfo\", rpm:\"virtualbox-guest-x11-debuginfo~4.2.18~2.12.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-default\", rpm:\"virtualbox-host-kmp-default~4.2.18_k3.11.10_11~2.12.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-default-debuginfo\", rpm:\"virtualbox-host-kmp-default-debuginfo~4.2.18_k3.11.10_11~2.12.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-desktop\", rpm:\"virtualbox-host-kmp-desktop~4.2.18_k3.11.10_11~2.12.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-desktop-debuginfo\", rpm:\"virtualbox-host-kmp-desktop-debuginfo~4.2.18_k3.11.10_11~2.12.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-qt\", rpm:\"virtualbox-qt~4.2.18~2.12.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-qt-debuginfo\", rpm:\"virtualbox-qt-debuginfo~4.2.18~2.12.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-websrv\", rpm:\"virtualbox-websrv~4.2.18~2.12.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-websrv-debuginfo\", rpm:\"virtualbox-websrv-debuginfo~4.2.18~2.12.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-debugsource\", rpm:\"xen-debugsource~4.3.2_01~15.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~4.3.2_01~15.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-default\", rpm:\"xen-kmp-default~4.3.2_01_k3.11.10_11~15.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-default-debuginfo\", rpm:\"xen-kmp-default-debuginfo~4.3.2_01_k3.11.10_11~15.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-desktop\", rpm:\"xen-kmp-desktop~4.3.2_01_k3.11.10_11~15.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-desktop-debuginfo\", rpm:\"xen-kmp-desktop-debuginfo~4.3.2_01_k3.11.10_11~15.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~4.3.2_01~15.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo\", rpm:\"xen-libs-debuginfo~4.3.2_01~15.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU\", rpm:\"xen-tools-domU~4.3.2_01~15.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU-debuginfo\", rpm:\"xen-tools-domU-debuginfo~4.3.2_01~15.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons\", rpm:\"xtables-addons~2.3~2.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-debuginfo\", rpm:\"xtables-addons-debuginfo~2.3~2.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-debugsource\", rpm:\"xtables-addons-debugsource~2.3~2.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-default\", rpm:\"xtables-addons-kmp-default~2.3_k3.11.10_11~2.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-default-debuginfo\", rpm:\"xtables-addons-kmp-default-debuginfo~2.3_k3.11.10_11~2.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-desktop\", rpm:\"xtables-addons-kmp-desktop~2.3_k3.11.10_11~2.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-desktop-debuginfo\", rpm:\"xtables-addons-kmp-desktop-debuginfo~2.3_k3.11.10_11~2.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-xen\", rpm:\"xtables-addons-kmp-xen~2.3_k3.11.10_11~2.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-xen-debuginfo\", rpm:\"xtables-addons-kmp-xen-debuginfo~2.3_k3.11.10_11~2.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop\", rpm:\"kernel-desktop~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-base\", rpm:\"kernel-desktop-base~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-base-debuginfo\", rpm:\"kernel-desktop-base-debuginfo~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-debuginfo\", rpm:\"kernel-desktop-debuginfo~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-debugsource\", rpm:\"kernel-desktop-debugsource~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-devel\", rpm:\"kernel-desktop-devel~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-devel-debuginfo\", rpm:\"kernel-desktop-devel-debuginfo~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base-debuginfo\", rpm:\"kernel-ec2-base-debuginfo~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debuginfo\", rpm:\"kernel-ec2-debuginfo~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debugsource\", rpm:\"kernel-ec2-debugsource~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-devel\", rpm:\"kernel-ec2-devel~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-devel-debuginfo\", rpm:\"kernel-ec2-devel-debuginfo~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace\", rpm:\"kernel-trace~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-base\", rpm:\"kernel-trace-base~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-base-debuginfo\", rpm:\"kernel-trace-base-debuginfo~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-debuginfo\", rpm:\"kernel-trace-debuginfo~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-debugsource\", rpm:\"kernel-trace-debugsource~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-devel\", rpm:\"kernel-trace-devel~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-devel-debuginfo\", rpm:\"kernel-trace-devel-debuginfo~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel-debuginfo\", rpm:\"kernel-vanilla-devel-debuginfo~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base-debuginfo\", rpm:\"kernel-xen-base-debuginfo~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel-debuginfo\", rpm:\"kernel-xen-devel-debuginfo~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.3.2_01~15.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-doc-html\", rpm:\"xen-doc-html~4.3.2_01~15.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-32bit\", rpm:\"xen-libs-32bit~4.3.2_01~15.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo-32bit\", rpm:\"xen-libs-debuginfo-32bit~4.3.2_01~15.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools\", rpm:\"xen-tools~4.3.2_01~15.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-debuginfo\", rpm:\"xen-tools-debuginfo~4.3.2_01~15.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-xend-tools\", rpm:\"xen-xend-tools~4.3.2_01~15.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-xend-tools-debuginfo\", rpm:\"xen-xend-tools-debuginfo~4.3.2_01~15.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~3.11.10~11.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base-debuginfo\", rpm:\"kernel-pae-base-debuginfo~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debuginfo\", rpm:\"kernel-pae-debuginfo~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debugsource\", rpm:\"kernel-pae-debugsource~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-devel-debuginfo\", rpm:\"kernel-pae-devel-debuginfo~3.11.10~11.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-pae\", rpm:\"cloop-kmp-pae~2.639_k3.11.10_11~11.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-pae-debuginfo\", rpm:\"cloop-kmp-pae-debuginfo~2.639_k3.11.10_11~11.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-pae\", rpm:\"crash-kmp-pae~7.0.2_k3.11.10_11~2.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-pae-debuginfo\", rpm:\"crash-kmp-pae-debuginfo~7.0.2_k3.11.10_11~2.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-pae\", rpm:\"hdjmod-kmp-pae~1.28_k3.11.10_11~16.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-pae-debuginfo\", rpm:\"hdjmod-kmp-pae-debuginfo~1.28_k3.11.10_11~16.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-pae\", rpm:\"ipset-kmp-pae~6.19_k3.11.10_11~2.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-pae-debuginfo\", rpm:\"ipset-kmp-pae-debuginfo~6.19_k3.11.10_11~2.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-pae\", rpm:\"iscsitarget-kmp-pae~1.4.20.3_k3.11.10_11~13.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-pae-debuginfo\", rpm:\"iscsitarget-kmp-pae-debuginfo~1.4.20.3_k3.11.10_11~13.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-kmp-pae\", rpm:\"ndiswrapper-kmp-pae~1.58_k3.11.10_11~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-kmp-pae-debuginfo\", rpm:\"ndiswrapper-kmp-pae-debuginfo~1.58_k3.11.10_11~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-kmp-pae\", rpm:\"openvswitch-kmp-pae~1.11.0_k3.11.10_11~0.25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-kmp-pae-debuginfo\", rpm:\"openvswitch-kmp-pae-debuginfo~1.11.0_k3.11.10_11~0.25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-pae\", rpm:\"pcfclock-kmp-pae~0.44_k3.11.10_11~258.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-pae-debuginfo\", rpm:\"pcfclock-kmp-pae-debuginfo~0.44_k3.11.10_11~258.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-pae\", rpm:\"virtualbox-guest-kmp-pae~4.2.18_k3.11.10_11~2.12.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-pae-debuginfo\", rpm:\"virtualbox-guest-kmp-pae-debuginfo~4.2.18_k3.11.10_11~2.12.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-pae\", rpm:\"virtualbox-host-kmp-pae~4.2.18_k3.11.10_11~2.12.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-pae-debuginfo\", rpm:\"virtualbox-host-kmp-pae-debuginfo~4.2.18_k3.11.10_11~2.12.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-pae\", rpm:\"xen-kmp-pae~4.3.2_01_k3.11.10_11~15.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-pae-debuginfo\", rpm:\"xen-kmp-pae-debuginfo~4.3.2_01_k3.11.10_11~15.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-pae\", rpm:\"xtables-addons-kmp-pae~2.3_k3.11.10_11~2.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-pae-debuginfo\", rpm:\"xtables-addons-kmp-pae-debuginfo~2.3_k3.11.10_11~2.7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:37:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3122", "CVE-2013-7265", "CVE-2014-1737", "CVE-2014-1874", "CVE-2014-1738", "CVE-2013-7264", "CVE-2014-1446", "CVE-2013-7339", "CVE-2014-0196", "CVE-2014-2678", "CVE-2013-6382", "CVE-2014-2039", "CVE-2013-4579", "CVE-2013-7263", "CVE-2014-1444", "CVE-2013-6885", "CVE-2014-1445", "CVE-2013-4470", "CVE-2014-2523", "CVE-2014-0101", "CVE-2014-0069"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2015-10-16T00:00:00", "id": "OPENVAS:1361412562310851057", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851057", "type": "openvas", "title": "SUSE: Security Advisory for Linux (SUSE-SU-2014:0696-1)", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851057\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 19:07:12 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2013-4470\", \"CVE-2013-4579\", \"CVE-2013-6382\", \"CVE-2013-6885\", \"CVE-2013-7263\", \"CVE-2013-7264\", \"CVE-2013-7265\", \"CVE-2013-7339\", \"CVE-2014-0069\", \"CVE-2014-0101\", \"CVE-2014-0196\", \"CVE-2014-1444\", \"CVE-2014-1445\", \"CVE-2014-1446\", \"CVE-2014-1737\", \"CVE-2014-1738\", \"CVE-2014-1874\", \"CVE-2014-2039\", \"CVE-2014-2523\", \"CVE-2014-2678\", \"CVE-2014-3122\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for Linux (SUSE-SU-2014:0696-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Linux'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The SUSE Linux Enterprise Server 11 SP2 LTSS kernel received a roll-up\n update to fix security and non-security issues.\n\n The following security bugs have been fixed:\n\n *\n\n CVE-2013-4470: The Linux kernel before 3.12, when UDP Fragmentation\n Offload (UFO) is enabled, does not properly initialize certain data\n structures, which allows local users to cause a denial of service (memory\n corruption and system crash) or possibly gain privileges via a crafted\n application that uses the UDP_CORK option in a setsockopt system call and\n sends both short and long packets, related to the ip_ufo_append_data\n function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in\n net/ipv6/ip6_output.c. (bnc#847672)\n\n *\n\n CVE-2013-4579: The ath9k_htc_set_bssid_mask function in\n drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through\n 3.12 uses a BSSID masking approach to determine the set of MAC addresses\n on which a Wi-Fi device is listening, which allows remote attackers to\n discover the original MAC address after spoofing by sending a series of\n packets to MAC addresses with certain bit manipulations. (bnc#851426)\n\n *\n\n CVE-2013-6382: Multiple buffer underflows in the XFS implementation\n in the Linux kernel through 3.12.1 allow local users to cause a denial of\n service (memory corruption) or possibly have unspecified\n other impact by leveraging the CAP_SYS_ADMIN capability for a (1)\n XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call\n with a crafted length value, related to the xfs_attrlist_by_handle\n function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle\n function in fs/xfs/xfs_ioctl32.c. (bnc#852553)\n\n *\n\n CVE-2013-6885: The microcode on AMD 16h 00h through 0Fh processors\n does not properly handle the interaction between locked instructions and\n write-combined memory types, which allows local users to cause a denial of\n service (system hang) via a crafted application, aka the errata 793 issue.\n (bnc#852967)\n\n *\n\n CVE-2013-7263: The Linux kernel before 3.12.4 updates certain length\n values before ensuring that associated data structures have been\n initialized, which allows local users to obtain sensitive information from\n kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg\n system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c,\n net/ipv6/raw.c, and net/ipv6/udp.c. (bnc#857643)\n\n *\n\n CVE-2013-7264: The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in\n the Linux kernel before 3.12.4 updates a certain length value before\n ensuring that an ass ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"Linux on SUSE Linux Enterprise Server 11 SP2 LTSS\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2014:0696-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLES11\\.0SP2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLES11.0SP2\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~3.0.101~0.7.19.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~3.0.101~0.7.19.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~3.0.101~0.7.19.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~3.0.101~0.7.19.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~3.0.101~0.7.19.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace\", rpm:\"kernel-trace~3.0.101~0.7.19.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-base\", rpm:\"kernel-trace-base~3.0.101~0.7.19.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-devel\", rpm:\"kernel-trace-devel~3.0.101~0.7.19.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~3.0.101~0.7.19.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~3.0.101~0.7.19.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-devel\", rpm:\"kernel-ec2-devel~3.0.101~0.7.19.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~3.0.101~0.7.19.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~3.0.101~0.7.19.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~3.0.101~0.7.19.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-man\", rpm:\"kernel-default-man~3.0.101~0.7.19.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~3.0.101~0.7.19.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~3.0.101~0.7.19.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~3.0.101~0.7.19.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-11T17:43:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1874", "CVE-2014-1446", "CVE-2013-6368", "CVE-2013-4579", "CVE-2014-1438"], "description": "The remote host is missing an update for the ", "modified": "2020-06-09T00:00:00", "published": "2014-03-12T00:00:00", "id": "OPENVAS:1361412562310841734", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841734", "type": "openvas", "title": "Ubuntu Update for linux USN-2133-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-2133-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841734\");\n script_version(\"2020-06-09T14:44:58+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 14:44:58 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-03-12 09:29:51 +0530 (Wed, 12 Mar 2014)\");\n script_cve_id(\"CVE-2013-4579\", \"CVE-2013-6368\", \"CVE-2014-1438\", \"CVE-2014-1446\",\n \"CVE-2014-1874\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux USN-2133-1\");\n\n script_tag(name:\"affected\", value:\"linux on Ubuntu 12.04 LTS\");\n script_tag(name:\"insight\", value:\"Mathy Vanhoef discovered an error in the the way the ath9k\ndriver was handling the BSSID masking. A remote attacker could exploit this\nerror to discover the original MAC address after a spoofing attack.\n(CVE-2013-4579)\n\nAndrew Honig reported an error in the Linux Kernel's Kernel Virtual Machine\n(KVM) VAPIC synchronization operation. A local user could exploit this flaw\nto gain privileges or cause a denial of service (system crash).\n(CVE-2013-6368)\n\nhalfdog reported an error in the AMD K7 and K8 platform support in the\nLinux kernel. An unprivileged local user could exploit this flaw on AMD\nbased systems to cause a denial of service (task kill) or possibly gain\nprivileges via a crafted application. (CVE-2014-1438)\n\nAn information leak was discovered in the Linux kernel's hamradio YAM\ndriver for AX.25 packet radio. A local user with the CAP_NET_ADMIN\ncapability could exploit this flaw to obtain sensitive information from\nkernel memory. (CVE-2014-1446)\n\nMatthew Thode reported a denial of service vulnerability in the Linux\nkernel when SELinux support is enabled. A local user with the CAP_MAC_ADMIN\ncapability (and the SELinux mac_admin permission if running in enforcing\nmode) could exploit this flaw to cause a denial of service (kernel crash).\n(CVE-2014-1874)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2133-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2133-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-60-generic\", ver:\"3.2.0-60.91\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-60-generic-pae\", ver:\"3.2.0-60.91\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-60-highbank\", ver:\"3.2.0-60.91\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-60-omap\", ver:\"3.2.0-60.91\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-60-powerpc-smp\", ver:\"3.2.0-60.91\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-60-powerpc64-smp\", ver:\"3.2.0-60.91\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-60-virtual\", ver:\"3.2.0-60.91\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:17:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1874", "CVE-2014-1446", "CVE-2013-6368", "CVE-2013-4579", "CVE-2014-1438"], "description": "Check for the Version of linux-ti-omap4", "modified": "2017-12-01T00:00:00", "published": "2014-03-12T00:00:00", "id": "OPENVAS:841738", "href": "http://plugins.openvas.org/nasl.php?oid=841738", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-2134-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2134_1.nasl 7957 2017-12-01 06:40:08Z santu $\n#\n# Ubuntu Update for linux-ti-omap4 USN-2134-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(841738);\n script_version(\"$Revision: 7957 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:40:08 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-12 09:31:51 +0530 (Wed, 12 Mar 2014)\");\n script_cve_id(\"CVE-2013-4579\", \"CVE-2013-6368\", \"CVE-2014-1438\", \"CVE-2014-1446\",\n \"CVE-2014-1874\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-2134-1\");\n\n tag_insight = \"Mathy Vanhoef discovered an error in the the way the ath9k\ndriver was handling the BSSID masking. A remote attacker could exploit this\nerror to discover the original MAC address after a spoofing atack.\n(CVE-2013-4579)\n\nAndrew Honig reported an error in the Linux Kernel's Kernel Virtual Machine\n(KVM) VAPIC synchronization operation. A local user could exploit this flaw\nto gain privileges or cause a denial of service (system crash).\n(CVE-2013-6368)\n\nhalfdog reported an error in the AMD K7 and K8 platform support in the\nLinux kernel. An unprivileged local user could exploit this flaw on AMD\nbased systems to cause a denial of service (task kill) or possibly gain\nprivileges via a crafted application. (CVE-2014-1438)\n\nAn information leak was discovered in the Linux kernel's hamradio YAM\ndriver for AX.25 packet radio. A local user with the CAP_NET_ADMIN\ncapability could exploit this flaw to obtain sensitive information from\nkernel memory. (CVE-2014-1446)\n\nMatthew Thode reported a denial of service vulnerability in the Linux\nkernel when SELinux support is enabled. A local user with the CAP_MAC_ADMIN\ncapability (and the SELinux mac_admin permission if running in enforcing\nmode) could exploit this flaw to cause a denial of service (kernel crash).\n(CVE-2014-1874)\";\n\n tag_affected = \"linux-ti-omap4 on Ubuntu 12.04 LTS\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"2134-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-2134-1/\");\n script_summary(\"Check for the Version of linux-ti-omap4\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-1444-omap4\", ver:\"3.2.0-1444.63\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:16:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1874", "CVE-2014-1446", "CVE-2013-6368", "CVE-2013-4579", "CVE-2014-1438"], "description": "Check for the Version of linux", "modified": "2017-12-01T00:00:00", "published": "2014-03-12T00:00:00", "id": "OPENVAS:841734", "href": "http://plugins.openvas.org/nasl.php?oid=841734", "type": "openvas", "title": "Ubuntu Update for linux USN-2133-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2133_1.nasl 7957 2017-12-01 06:40:08Z santu $\n#\n# Ubuntu Update for linux USN-2133-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(841734);\n script_version(\"$Revision: 7957 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:40:08 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-12 09:29:51 +0530 (Wed, 12 Mar 2014)\");\n script_cve_id(\"CVE-2013-4579\", \"CVE-2013-6368\", \"CVE-2014-1438\", \"CVE-2014-1446\",\n \"CVE-2014-1874\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux USN-2133-1\");\n\n tag_insight = \"Mathy Vanhoef discovered an error in the the way the ath9k\ndriver was handling the BSSID masking. A remote attacker could exploit this\nerror to discover the original MAC address after a spoofing atack.\n(CVE-2013-4579)\n\nAndrew Honig reported an error in the Linux Kernel's Kernel Virtual Machine\n(KVM) VAPIC synchronization operation. A local user could exploit this flaw\nto gain privileges or cause a denial of service (system crash).\n(CVE-2013-6368)\n\nhalfdog reported an error in the AMD K7 and K8 platform support in the\nLinux kernel. An unprivileged local user could exploit this flaw on AMD\nbased systems to cause a denial of service (task kill) or possibly gain\nprivileges via a crafted application. (CVE-2014-1438)\n\nAn information leak was discovered in the Linux kernel's hamradio YAM\ndriver for AX.25 packet radio. A local user with the CAP_NET_ADMIN\ncapability could exploit this flaw to obtain sensitive information from\nkernel memory. (CVE-2014-1446)\n\nMatthew Thode reported a denial of service vulnerability in the Linux\nkernel when SELinux support is enabled. A local user with the CAP_MAC_ADMIN\ncapability (and the SELinux mac_admin permission if running in enforcing\nmode) could exploit this flaw to cause a denial of service (kernel crash).\n(CVE-2014-1874)\";\n\n tag_affected = \"linux on Ubuntu 12.04 LTS\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"2133-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-2133-1/\");\n script_summary(\"Check for the Version of linux\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-60-generic\", ver:\"3.2.0-60.91\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-60-generic-pae\", ver:\"3.2.0-60.91\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-60-highbank\", ver:\"3.2.0-60.91\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-60-omap\", ver:\"3.2.0-60.91\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-60-powerpc-smp\", ver:\"3.2.0-60.91\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-60-powerpc64-smp\", ver:\"3.2.0-60.91\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-60-virtual\", ver:\"3.2.0-60.91\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-06-11T17:43:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1874", "CVE-2014-1446", "CVE-2013-6368", "CVE-2013-4579", "CVE-2014-1438"], "description": "The remote host is missing an update for the ", "modified": "2020-06-09T00:00:00", "published": "2014-03-12T00:00:00", "id": "OPENVAS:1361412562310841738", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841738", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-2134-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-ti-omap4 USN-2134-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841738\");\n script_version(\"2020-06-09T14:44:58+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 14:44:58 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-03-12 09:31:51 +0530 (Wed, 12 Mar 2014)\");\n script_cve_id(\"CVE-2013-4579\", \"CVE-2013-6368\", \"CVE-2014-1438\", \"CVE-2014-1446\",\n \"CVE-2014-1874\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-2134-1\");\n\n script_tag(name:\"affected\", value:\"linux-ti-omap4 on Ubuntu 12.04 LTS\");\n script_tag(name:\"insight\", value:\"Mathy Vanhoef discovered an error in the the way the ath9k\ndriver was handling the BSSID masking. A remote attacker could exploit this\nerror to discover the original MAC address after a spoofing attack.\n(CVE-2013-4579)\n\nAndrew Honig reported an error in the Linux Kernel's Kernel Virtual Machine\n(KVM) VAPIC synchronization operation. A local user could exploit this flaw\nto gain privileges or cause a denial of service (system crash).\n(CVE-2013-6368)\n\nhalfdog reported an error in the AMD K7 and K8 platform support in the\nLinux kernel. An unprivileged local user could exploit this flaw on AMD\nbased systems to cause a denial of service (task kill) or possibly gain\nprivileges via a crafted application. (CVE-2014-1438)\n\nAn information leak was discovered in the Linux kernel's hamradio YAM\ndriver for AX.25 packet radio. A local user with the CAP_NET_ADMIN\ncapability could exploit this flaw to obtain sensitive information from\nkernel memory. (CVE-2014-1446)\n\nMatthew Thode reported a denial of service vulnerability in the Linux\nkernel when SELinux support is enabled. A local user with the CAP_MAC_ADMIN\ncapability (and the SELinux mac_admin permission if running in enforcing\nmode) could exploit this flaw to cause a denial of service (kernel crash).\n(CVE-2014-1874)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2134-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2134-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-ti-omap4'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-1444-omap4\", ver:\"3.2.0-1444.63\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-05T16:42:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3122", "CVE-2014-2672", "CVE-2014-1737", "CVE-2014-1739", "CVE-2014-1874", "CVE-2014-1738", "CVE-2014-2568", "CVE-2014-0206", "CVE-2014-3145", "CVE-2014-1446", "CVE-2014-2038", "CVE-2014-0196", "CVE-2014-2851", "CVE-2014-2673", "CVE-2014-2309", "CVE-2014-3144", "CVE-2014-1444", "CVE-2014-1445", "CVE-2014-2523", "CVE-2014-2706", "CVE-2014-1690"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-02-05T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191479", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191479", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1479)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1479\");\n script_version(\"2020-02-05T08:56:28+0000\");\n script_cve_id(\"CVE-2014-0196\", \"CVE-2014-0206\", \"CVE-2014-1444\", \"CVE-2014-1445\", \"CVE-2014-1446\", \"CVE-2014-1690\", \"CVE-2014-1737\", \"CVE-2014-1738\", \"CVE-2014-1739\", \"CVE-2014-1874\", \"CVE-2014-2038\", \"CVE-2014-2309\", \"CVE-2014-2523\", \"CVE-2014-2568\", \"CVE-2014-2672\", \"CVE-2014-2673\", \"CVE-2014-2706\", \"CVE-2014-2851\", \"CVE-2014-3122\", \"CVE-2014-3144\", \"CVE-2014-3145\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-05 08:56:28 +0000 (Wed, 05 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:51:32 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1479)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1479\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1479\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1479 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the 'LECHO !OPOST' case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.(CVE-2014-0196)\n\nArray index error in the aio_read_events_ring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value.(CVE-2014-0206)\n\nThe fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call.(CVE-2014-1444)\n\nThe wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an ioctl call.(CVE-2014-1445)\n\nThe yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call.(CVE-2014-1446)\n\nThe help function in net/netfilter/nf_nat_irc.c in the Linux kernel before 3.12.8 allows remote attackers to obtain sensitive information from kernel memory by establishing an IRC DCC session in which incorrect packet data is transmitted during use of the NAT mangle feature.(CVE-2014-1690)\n\nA flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. (CVE-2014-1737, Important)\n\nIt was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement. (CVE-2014-1738, Low)\nNote: A local user with write access to /dev/fdX could use these two flaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate their privileges on the system.(CVE-2014-1737)\n\nA flaw was found in the way the Linux kernel's floppy driver handled user space provided ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:38:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1737", "CVE-2014-1738", "CVE-2014-0196"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2015-10-13T00:00:00", "id": "OPENVAS:1361412562310850807", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850807", "type": "openvas", "title": "SUSE: Security Advisory for Linux (SUSE-SU-2014:0667-1)", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850807\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-13 18:35:01 +0530 (Tue, 13 Oct 2015)\");\n script_cve_id(\"CVE-2014-0196\", \"CVE-2014-1737\", \"CVE-2014-1738\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for Linux (SUSE-SU-2014:0667-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Linux'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix the\n following severe security issues:\n\n *\n\n CVE-2014-1737: The raw_cmd_copyin function in drivers/block/floppy.c\n in the Linux kernel through 3.14.3 does not properly handle error\n conditions during processing of an FDRAWCMD ioctl call, which allows local\n users to trigger kfree operations and gain privileges by leveraging write\n access to a /dev/fd device. (bnc#875798)\n\n *\n\n CVE-2014-1738: The raw_cmd_copyout function in\n drivers/block/floppy.c in the Linux kernel through 3.14.3 does not\n properly restrict access to certain pointers during processing of an\n FDRAWCMD ioctl call, which allows local users to obtain sensitive\n information from kernel heap memory by leveraging write access to a\n /dev/fd device. (bnc#875798)\n\n *\n\n CVE-2014-0196: The n_tty_write function in drivers/tty/n_tty.c in\n the Linux kernel through 3.14.3 does not properly manage tty driver access\n in the 'LECHO & !OPOST' case, which allows local users to cause a denial\n of service (memory corruption and system crash) or gain privileges by\n triggering a race condition involving read and write operations with long\n strings. (bnc#875690)\n\n Security Issues references:\n\n * CVE-2014-0196\n\n * CVE-2014-1737\n\n * CVE-2014-1738\n\n Indications:\n\n Everyone using the Linux Kernel on x86_64 architecture should update.\n\n Special Instructions and Notes:\n\n Please reboot the system after installing this update.\");\n\n script_tag(name:\"affected\", value:\"Linux on SUSE Linux Enterprise Server 11 SP3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2014:0667-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLES11\\.0SP3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLES11.0SP3\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~3.0.101~0.29.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~3.0.101~0.29.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~3.0.101~0.29.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~3.0.101~0.29.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~3.0.101~0.29.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace\", rpm:\"kernel-trace~3.0.101~0.29.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-base\", rpm:\"kernel-trace-base~3.0.101~0.29.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-devel\", rpm:\"kernel-trace-devel~3.0.101~0.29.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~3.0.101~0.29.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~3.0.101~0.29.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-devel\", rpm:\"kernel-ec2-devel~3.0.101~0.29.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~3.0.101~0.29.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~3.0.101~0.29.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~3.0.101~0.29.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-default\", rpm:\"xen-kmp-default~4.2.4_02_3.0.101_0.29~0.7.24\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-man\", rpm:\"kernel-default-man~3.0.101~0.29.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ppc64\", rpm:\"kernel-ppc64~3.0.101~0.29.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ppc64-base\", rpm:\"kernel-ppc64-base~3.0.101~0.29.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ppc64-devel\", rpm:\"kernel-ppc64-devel~3.0.101~0.29.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~3.0.101~0.29.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~3.0.101~0.29.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~3.0.101~0.29.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-pae\", rpm:\"xen-kmp-pae~4.2.4_02_3.0.101_0.29~0.7.24\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1737", "CVE-2014-1738", "CVE-2014-0196"], "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead\nto a denial of service, information leak or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2014-0196\nJiri Slaby discovered a race condition in the pty layer, which could lead\nto a denial of service or privilege escalation.\n\nCVE-2014-1737 CVE-2014-1738\nMatthew Daley discovered an information leak and missing input\nsanitising in the FDRAWCMD ioctl of the floppy driver. This could result\nin a privilege escalation.", "modified": "2019-03-18T00:00:00", "published": "2014-05-14T00:00:00", "id": "OPENVAS:1361412562310702928", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702928", "type": "openvas", "title": "Debian Security Advisory DSA 2928-1 (linux-2.6 - privilege escalation/denial of service/information leak)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2928.nasl 14277 2019-03-18 14:45:38Z cfischer $\n# Auto-generated from advisory DSA 2928-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702928\");\n script_version(\"$Revision: 14277 $\");\n script_cve_id(\"CVE-2014-0196\", \"CVE-2014-1737\", \"CVE-2014-1738\");\n script_name(\"Debian Security Advisory DSA 2928-1 (linux-2.6 - privilege escalation/denial of service/information leak)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:45:38 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-14 00:00:00 +0200 (Wed, 14 May 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-2928.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB6\");\n script_tag(name:\"affected\", value:\"linux-2.6 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.6.32-48squeeze6.\n\nThe following matrix lists additional source packages that were rebuilt for\ncompatibility with or to take advantage of this update:\n\n?Debian 6.0 (squeeze)user-mode-linux2.6.32-1um-4+48squeeze6\nWe recommend that you upgrade your linux-2.6 and user-mode-linux packages.\n\nNote\n: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or 'leap-frog' fashion.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in the Linux kernel that may lead\nto a denial of service, information leak or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2014-0196\nJiri Slaby discovered a race condition in the pty layer, which could lead\nto a denial of service or privilege escalation.\n\nCVE-2014-1737 CVE-2014-1738\nMatthew Daley discovered an information leak and missing input\nsanitising in the FDRAWCMD ioctl of the floppy driver. This could result\nin a privilege escalation.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"firmware-linux-free\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-base\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-doc-2.6.32\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-486\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-4kc-malta\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-5kc-malta\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-686\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-686-bigmem\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-amd64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-armel\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-i386\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-ia64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-mips\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-mipsel\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-powerpc\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-s390\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-sparc\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-amd64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-common\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-common-openvz\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-common-vserver\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-common-xen\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-iop32x\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-itanium\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-ixp4xx\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-kirkwood\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-mckinley\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-openvz-686\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-openvz-amd64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-orion5x\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-powerpc\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-powerpc-smp\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-powerpc64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-r4k-ip22\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-r5k-cobalt\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-r5k-ip32\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-s390x\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-sb1-bcm91250a\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-sb1a-bcm91480b\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-sparc64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-sparc64-smp\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-versatile\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-686\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-686-bigmem\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-amd64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-itanium\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-mckinley\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-powerpc\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-powerpc64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-s390x\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-sparc64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-xen-686\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-xen-amd64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-486\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-4kc-malta\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-5kc-malta\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-686\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-686-bigmem\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-686-bigmem-dbg\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-amd64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-amd64-dbg\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-iop32x\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-itanium\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-ixp4xx\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-kirkwood\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-mckinley\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-openvz-686\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-openvz-686-dbg\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-openvz-amd64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-openvz-amd64-dbg\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-orion5x\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-powerpc\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-powerpc-smp\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-powerpc64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-r4k-ip22\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-r5k-cobalt\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-r5k-ip32\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-s390x\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-s390x-tape\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-sb1-bcm91250a\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-sb1a-bcm91480b\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-sparc64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-sparc64-smp\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-versatile\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-686\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-686-bigmem\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-686-bigmem-dbg\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-amd64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-amd64-dbg\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-itanium\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-mckinley\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-powerpc\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-powerpc64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-s390x\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-sparc64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-xen-686\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-xen-686-dbg\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-xen-amd64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-xen-amd64-dbg\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-manual-2.6.32\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-patch-debian-2.6.32\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-source-2.6.32\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-support-2.6.32-5\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-tools-2.6.32\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-linux-system-2.6.32-5-xen-686\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-linux-system-2.6.32-5-xen-amd64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-28T10:48:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1737", "CVE-2014-1738", "CVE-2014-0196"], "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead\nto a denial of service, information leak or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2014-0196 \nJiri Slaby discovered a race condition in the pty layer, which could lead\nto a denial of service or privilege escalation.\n\nCVE-2014-1737 CVE-2014-1738 \nMatthew Daley discovered an information leak and missing input\nsanitising in the FDRAWCMD ioctl of the floppy driver. This could result\nin a privilege escalation.", "modified": "2017-07-13T00:00:00", "published": "2014-05-14T00:00:00", "id": "OPENVAS:702928", "href": "http://plugins.openvas.org/nasl.php?oid=702928", "type": "openvas", "title": "Debian Security Advisory DSA 2928-1 (linux-2.6 - privilege escalation/denial of service/information leak)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2928.nasl 6715 2017-07-13 09:57:40Z teissa $\n# Auto-generated from advisory DSA 2928-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"linux-2.6 on Debian Linux\";\ntag_insight = \"The Linux kernel is the core of the Linux operating system.\";\ntag_solution = \"For the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.6.32-48squeeze6.\n\nThe following matrix lists additional source packages that were rebuilt for\ncompatibility with or to take advantage of this update:\n\n?Debian 6.0 (squeeze)user-mode-linux2.6.32-1um-4+48squeeze6 \nWe recommend that you upgrade your linux-2.6 and user-mode-linux packages.\n\nNote \n: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or 'leap-frog' fashion.\";\ntag_summary = \"Several vulnerabilities have been discovered in the Linux kernel that may lead\nto a denial of service, information leak or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2014-0196 \nJiri Slaby discovered a race condition in the pty layer, which could lead\nto a denial of service or privilege escalation.\n\nCVE-2014-1737 CVE-2014-1738 \nMatthew Daley discovered an information leak and missing input\nsanitising in the FDRAWCMD ioctl of the floppy driver. This could result\nin a privilege escalation.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702928);\n script_version(\"$Revision: 6715 $\");\n script_cve_id(\"CVE-2014-0196\", \"CVE-2014-1737\", \"CVE-2014-1738\");\n script_name(\"Debian Security Advisory DSA 2928-1 (linux-2.6 - privilege escalation/denial of service/information leak)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-13 11:57:40 +0200 (Thu, 13 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-05-14 00:00:00 +0200 (Wed, 14 May 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2928.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"firmware-linux-free\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-base\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-doc-2.6.32\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-486\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-4kc-malta\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-5kc-malta\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-686\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-686-bigmem\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-amd64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-armel\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-i386\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-ia64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-mips\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-mipsel\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-powerpc\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-s390\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-sparc\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-amd64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-common\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-common-openvz\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-common-vserver\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-common-xen\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-iop32x\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-itanium\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-ixp4xx\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-kirkwood\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-mckinley\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-openvz-686\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-openvz-amd64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-orion5x\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-powerpc\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-powerpc-smp\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-powerpc64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-r4k-ip22\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-r5k-cobalt\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-r5k-ip32\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-s390x\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-sb1-bcm91250a\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-sb1a-bcm91480b\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-sparc64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-sparc64-smp\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-versatile\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-686\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-686-bigmem\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-amd64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-itanium\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-mckinley\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-powerpc\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-powerpc64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-s390x\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-sparc64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-xen-686\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-xen-amd64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-486\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-4kc-malta\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-5kc-malta\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-686\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-686-bigmem\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-686-bigmem-dbg\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-amd64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-amd64-dbg\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-iop32x\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-itanium\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-ixp4xx\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-kirkwood\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-mckinley\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-openvz-686\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-openvz-686-dbg\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-openvz-amd64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-openvz-amd64-dbg\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-orion5x\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-powerpc\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-powerpc-smp\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-powerpc64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-r4k-ip22\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-r5k-cobalt\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-r5k-ip32\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-s390x\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-s390x-tape\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-sb1-bcm91250a\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-sb1a-bcm91480b\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-sparc64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-sparc64-smp\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-versatile\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-686\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-686-bigmem\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-686-bigmem-dbg\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-amd64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-amd64-dbg\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-itanium\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-mckinley\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-powerpc\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-powerpc64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-s390x\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-sparc64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-xen-686\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-xen-686-dbg\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-xen-amd64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-xen-amd64-dbg\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-manual-2.6.32\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-patch-debian-2.6.32\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-source-2.6.32\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-support-2.6.32-5\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-tools-2.6.32\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-2.6.32-5-xen-686\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-2.6.32-5-xen-amd64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2020-10-03T12:46:09", "description": "The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue.", "edition": 3, "cvss3": {}, "published": "2013-11-29T04:33:00", "title": "CVE-2013-6885", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6885"], "modified": "2017-12-16T02:29:00", "cpe": ["cpe:/h:amd:16h_model_00h_processor:-", "cpe:/h:amd:16h_model_0fh_processor:-", "cpe:/o:amd:16h_model_processor_firmware:-"], "id": "CVE-2013-6885", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6885", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:h:amd:16h_model_0fh_processor:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:16h_model_00h_processor:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:16h_model_processor_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:58:20", "description": "Cisco WebEx Meetings Server before 1.1 uses meeting IDs with insufficient entropy, which makes it easier for remote attackers to bypass authentication and join arbitrary meetings without a password, aka Bug ID CSCuc79643.", "edition": 5, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "baseScore": 7.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.4}, "published": "2017-10-24T14:29:00", "title": "CVE-2014-0691", "type": "cve", "cwe": ["CWE-331"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0691"], "modified": "2017-11-14T18:38:00", "cpe": ["cpe:/a:cisco:webex_meetings_server:1.0"], "id": "CVE-2014-0691", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0691", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:cisco:webex_meetings_server:1.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:52:44", "description": "The validate_event function in arch/arm/kernel/perf_event.c in the Linux kernel before 3.10.8 on the ARM platform allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by adding a hardware event to an event group led by a software event.", "edition": 5, "cvss3": {}, "published": "2013-08-25T03:27:00", "title": "CVE-2013-4254", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4254"], "modified": "2013-10-02T04:29:00", "cpe": ["cpe:/o:linux:linux_kernel:3.10.4", "cpe:/o:linux:linux_kernel:3.10.7", "cpe:/o:linux:linux_kernel:3.10.3", "cpe:/o:linux:linux_kernel:3.10.6", "cpe:/o:linux:linux_kernel:3.10.0", "cpe:/o:linux:linux_kernel:3.10.1", "cpe:/o:linux:linux_kernel:3.10.5", "cpe:/o:linux:linux_kernel:3.10.2"], "id": "CVE-2013-4254", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4254", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:3.10.0:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.10.2:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.10.3:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.10.5:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.10.7:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.10.6:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.10.1:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.10.4:*:*:*:*:*:arm64:*"]}, {"lastseen": "2020-12-09T19:52:45", "description": "The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote attackers to discover the original MAC address after spoofing by sending a series of packets to MAC addresses with certain bit manipulations.", "edition": 5, "cvss3": {}, "published": "2013-11-20T13:19:00", "title": "CVE-2013-4579", "type": "cve", "cwe": ["CWE-310"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4579"], "modified": "2014-03-16T04:39:00", "cpe": ["cpe:/o:linux:linux_kernel:3.0.57", "cpe:/o:linux:linux_kernel:3.7", "cpe:/o:linux:linux_kernel:3.0.36", "cpe:/o:linux:linux_kernel:3.4.4", "cpe:/o:linux:linux_kernel:3.9", "cpe:/o:linux:linux_kernel:3.11.6", "cpe:/o:linux:linux_kernel:3.4.30", "cpe:/o:linux:linux_kernel:3.1.4", "cpe:/o:linux:linux_kernel:3.1.7", "cpe:/o:linux:linux_kernel:3.0.30", "cpe:/o:linux:linux_kernel:3.0.64", "cpe:/o:linux:linux_kernel:3.4.10", "cpe:/o:linux:linux_kernel:3.2.14", "cpe:/o:linux:linux_kernel:3.10.17", "cpe:/o:linux:linux_kernel:3.4.27", "cpe:/o:linux:linux_kernel:3.0.27", "cpe:/o:linux:linux_kernel:3.2.7", "cpe:/o:linux:linux_kernel:3.8.9", "cpe:/o:linux:linux_kernel:3.8.4", "cpe:/o:linux:linux_kernel:3.0.61", "cpe:/o:linux:linux_kernel:3.10.18", "cpe:/o:linux:linux_kernel:3.4.19", "cpe:/o:linux:linux_kernel:3.4.21", "cpe:/o:linux:linux_kernel:3.2.24", "cpe:/o:linux:linux_kernel:3.2.25", "cpe:/o:linux:linux_kernel:3.5.5", "cpe:/o:linux:linux_kernel:3.0.33", "cpe:/o:linux:linux_kernel:3.3.6", "cpe:/o:linux:linux_kernel:3.2.8", "cpe:/o:linux:linux_kernel:3.0.47", "cpe:/o:linux:linux_kernel:3.10.4", "cpe:/o:linux:linux_kernel:3.0.9", "cpe:/o:linux:linux_kernel:3.4.23", "cpe:/o:linux:linux_kernel:3.4.2", "cpe:/o:linux:linux_kernel:3.4.13", "cpe:/o:linux:linux_kernel:3.2.29", "cpe:/o:linux:linux_kernel:3.2.18", "cpe:/o:linux:linux_kernel:3.0.6", "cpe:/o:linux:linux_kernel:3.10.7", "cpe:/o:linux:linux_kernel:3.6.10", "cpe:/o:linux:linux_kernel:3.6.5", "cpe:/o:linux:linux_kernel:3.10.9", "cpe:/o:linux:linux_kernel:3.0.17", "cpe:/o:linux:linux_kernel:3.6", "cpe:/o:linux:linux_kernel:3.2.23", "cpe:/o:linux:linux_kernel:3.0.10", "cpe:/o:linux:linux_kernel:3.6.3", "cpe:/o:linux:linux_kernel:3.10.14", "cpe:/o:linux:linux_kernel:3.7.3", "cpe:/o:linux:linux_kernel:3.8.10", "cpe:/o:linux:linux_kernel:3.8.12", "cpe:/o:linux:linux_kernel:3.7.8", "cpe:/o:linux:linux_kernel:3.0.40", "cpe:/o:linux:linux_kernel:3.11.3", "cpe:/o:linux:linux_kernel:3.0.67", "cpe:/o:linux:linux_kernel:3.10.10", "cpe:/o:linux:linux_kernel:3.1.3", "cpe:/o:linux:linux_kernel:3.0.45", "cpe:/o:linux:linux_kernel:3.0.7", "cpe:/o:linux:linux_kernel:3.3", "cpe:/o:linux:linux_kernel:3.0.20", "cpe:/o:linux:linux_kernel:3.2.30", "cpe:/o:linux:linux_kernel:3.0.31", "cpe:/o:linux:linux_kernel:3.10.3", "cpe:/o:linux:linux_kernel:3.4.9", "cpe:/o:linux:linux_kernel:3.10.12", "cpe:/o:linux:linux_kernel:3.0.49", "cpe:/o:linux:linux_kernel:3.2.13", "cpe:/o:linux:linux_kernel:3.4.24", "cpe:/o:linux:linux_kernel:3.0.12", "cpe:/o:linux:linux_kernel:3.0.41", "cpe:/o:linux:linux_kernel:3.10.6", "cpe:/o:linux:linux_kernel:3.0.59", "cpe:/o:linux:linux_kernel:3.0.15", "cpe:/o:linux:linux_kernel:3.8.3", "cpe:/o:linux:linux_kernel:3.2.27", "cpe:/o:linux:linux_kernel:3.0.50", "cpe:/o:linux:linux_kernel:3.0.23", "cpe:/o:linux:linux_kernel:3.8.13", "cpe:/o:linux:linux_kernel:3.0.44", "cpe:/o:linux:linux_kernel:3.8.5", "cpe:/o:linux:linux_kernel:3.1.10", "cpe:/o:linux:linux_kernel:3.9.11", "cpe:/o:linux:linux_kernel:3.4.6", "cpe:/o:linux:linux_kernel:3.11", "cpe:/o:linux:linux_kernel:3.0.13", "cpe:/o:linux:linux_kernel:3.9.5", "cpe:/o:linux:linux_kernel:3.6.1", "cpe:/o:linux:linux_kernel:3.0.5", "cpe:/o:linux:linux_kernel:3.0.39", "cpe:/o:linux:linux_kernel:3.5.1", "cpe:/o:linux:linux_kernel:3.0.3", "cpe:/o:linux:linux_kernel:3.11.7", "cpe:/o:linux:linux_kernel:3.0.63", "cpe:/o:linux:linux_kernel:3.2.28", "cpe:/o:linux:linux_kernel:3.3.4", "cpe:/o:linux:linux_kernel:3.3.7", "cpe:/o:linux:linux_kernel:3.0.14", "cpe:/o:linux:linux_kernel:3.0.28", "cpe:/o:linux:linux_kernel:3.0.25", "cpe:/o:linux:linux_kernel:3.9.1", "cpe:/o:linux:linux_kernel:3.0.56", "cpe:/o:linux:linux_kernel:3.0.1", "cpe:/o:linux:linux_kernel:3.2.3", "cpe:/o:linux:linux_kernel:3.7.2", "cpe:/o:linux:linux_kernel:3.0.58", "cpe:/o:linux:linux_kernel:3.0.8", "cpe:/o:linux:linux_kernel:3.0.66", "cpe:/o:linux:linux_kernel:3.2.17", "cpe:/o:linux:linux_kernel:3.0.60", "cpe:/o:linux:linux_kernel:3.2.6", "cpe:/o:linux:linux_kernel:3.7.5", "cpe:/o:linux:linux_kernel:3.2.1", "cpe:/o:linux:linux_kernel:3.4.3", "cpe:/o:linux:linux_kernel:3.4.32", "cpe:/o:linux:linux_kernel:3.3.2", "cpe:/o:linux:linux_kernel:3.0.65", "cpe:/o:linux:linux_kernel:3.4.20", "cpe:/o:linux:linux_kernel:3.3.3", "cpe:/o:linux:linux_kernel:3.2.19", "cpe:/o:linux:linux_kernel:3.7.7", "cpe:/o:linux:linux_kernel:3.2.16", "cpe:/o:linux:linux_kernel:3.0.62", "cpe:/o:linux:linux_kernel:3.0.55", "cpe:/o:linux:linux_kernel:3.1.1", "cpe:/o:linux:linux_kernel:3.2.5", "cpe:/o:linux:linux_kernel:3.9.3", "cpe:/o:linux:linux_kernel:3.0.46", "cpe:/o:linux:linux_kernel:3.11.4", "cpe:/o:linux:linux_kernel:3.6.6", "cpe:/o:linux:linux_kernel:3.2.2", "cpe:/o:linux:linux_kernel:3.10.8", "cpe:/o:linux:linux_kernel:3.7.6", "cpe:/o:linux:linux_kernel:3.11.2", "cpe:/o:linux:linux_kernel:3.5.6", "cpe:/o:linux:linux_kernel:3.4.22", "cpe:/o:linux:linux_kernel:3.9.9", "cpe:/o:linux:linux_kernel:3.0.18", "cpe:/o:linux:linux_kernel:3.4.26", "cpe:/o:linux:linux_kernel:3.0.19", "cpe:/o:linux:linux_kernel:3.1.5", "cpe:/o:linux:linux_kernel:3.0.26", "cpe:/o:linux:linux_kernel:3.8.1", "cpe:/o:linux:linux_kernel:3.4", "cpe:/o:linux:linux_kernel:3.4.17", "cpe:/o:linux:linux_kernel:3.10.16", "cpe:/o:linux:linux_kernel:3.6.9", "cpe:/o:linux:linux_kernel:3.0.68", "cpe:/o:linux:linux_kernel:3.8.7", "cpe:/o:linux:linux_kernel:3.0.37", "cpe:/o:linux:linux_kernel:3.0.34", "cpe:/o:linux:linux_kernel:3.10.1", "cpe:/o:linux:linux_kernel:3.0", "cpe:/o:linux:linux_kernel:3.0.32", "cpe:/o:linux:linux_kernel:3.7.10", "cpe:/o:linux:linux_kernel:3.3.8", "cpe:/o:linux:linux_kernel:3.0.16", "cpe:/o:linux:linux_kernel:3.0.38", "cpe:/o:linux:linux_kernel:3.2.4", "cpe:/o:linux:linux_kernel:3.4.29", "cpe:/o:linux:linux_kernel:3.4.15", "cpe:/o:linux:linux_kernel:3.2.15", "cpe:/o:linux:linux_kernel:3.1.9", "cpe:/o:linux:linux_kernel:3.4.18", "cpe:/o:linux:linux_kernel:3.2.20", "cpe:/o:linux:linux_kernel:3.8.8", "cpe:/o:linux:linux_kernel:3.2.12", "cpe:/o:linux:linux_kernel:3.2.21", "cpe:/o:linux:linux_kernel:3.10.5", "cpe:/o:linux:linux_kernel:3.0.2", "cpe:/o:linux:linux_kernel:3.4.8", "cpe:/o:linux:linux_kernel:3.2.11", "cpe:/o:linux:linux_kernel:3.5.7", "cpe:/o:linux:linux_kernel:3.2.22", "cpe:/o:linux:linux_kernel:3.0.53", "cpe:/o:linux:linux_kernel:3.0.4", "cpe:/o:linux:linux_kernel:3.0.42", "cpe:/o:linux:linux_kernel:3.9.6", "cpe:/o:linux:linux_kernel:3.0.21", "cpe:/o:linux:linux_kernel:3.2.9", "cpe:/o:linux:linux_kernel:3.9.2", "cpe:/o:linux:linux_kernel:3.9.0", "cpe:/o:linux:linux_kernel:3.9.8", "cpe:/o:linux:linux_kernel:3.4.28", "cpe:/o:linux:linux_kernel:3.6.7", "cpe:/o:linux:linux_kernel:3.0.29", "cpe:/o:linux:linux_kernel:3.2", "cpe:/o:linux:linux_kernel:3.4.7", "cpe:/o:linux:linux_kernel:3.5.4", "cpe:/o:linux:linux_kernel:3.8.0", "cpe:/o:linux:linux_kernel:3.4.25", "cpe:/o:linux:linux_kernel:3.3.5", "cpe:/o:linux:linux_kernel:3.5.3", "cpe:/o:linux:linux_kernel:3.4.14", "cpe:/o:linux:linux_kernel:3.0.43", "cpe:/o:linux:linux_kernel:3.0.11", "cpe:/o:linux:linux_kernel:3.7.4", "cpe:/o:linux:linux_kernel:3.5.2", "cpe:/o:linux:linux_kernel:3.10.13", "cpe:/o:linux:linux_kernel:3.0.35", "cpe:/o:linux:linux_kernel:3.4.16", "cpe:/o:linux:linux_kernel:3.0.52", "cpe:/o:linux:linux_kernel:3.12", "cpe:/o:linux:linux_kernel:3.0.51", "cpe:/o:linux:linux_kernel:3.8.6", "cpe:/o:linux:linux_kernel:3.0.48", "cpe:/o:linux:linux_kernel:3.0.54", "cpe:/o:linux:linux_kernel:3.11.5", "cpe:/o:linux:linux_kernel:3.7.9", "cpe:/o:linux:linux_kernel:3.9.4", "cpe:/o:linux:linux_kernel:3.1", "cpe:/o:linux:linux_kernel:3.6.11", "cpe:/o:linux:linux_kernel:3.4.12", "cpe:/o:linux:linux_kernel:3.9.7", "cpe:/o:linux:linux_kernel:3.10.11", "cpe:/o:linux:linux_kernel:3.4.31", "cpe:/o:linux:linux_kernel:3.1.6", "cpe:/o:linux:linux_kernel:3.0.22", "cpe:/o:linux:linux_kernel:3.0.24", "cpe:/o:linux:linux_kernel:3.10.15", "cpe:/o:linux:linux_kernel:3.7.1", "cpe:/o:linux:linux_kernel:3.6.4", "cpe:/o:linux:linux_kernel:3.1.8", "cpe:/o:linux:linux_kernel:3.9.10", "cpe:/o:linux:linux_kernel:3.1.2", "cpe:/o:linux:linux_kernel:3.3.1", "cpe:/o:linux:linux_kernel:3.6.2", "cpe:/o:linux:linux_kernel:3.2.26", "cpe:/o:linux:linux_kernel:3.6.8", "cpe:/o:linux:linux_kernel:3.8.2", "cpe:/o:linux:linux_kernel:3.4.5", "cpe:/o:linux:linux_kernel:3.10.2", "cpe:/o:linux:linux_kernel:3.4.1", "cpe:/o:linux:linux_kernel:3.2.10", "cpe:/o:linux:linux_kernel:3.11.1", "cpe:/o:linux:linux_kernel:3.8.11", "cpe:/o:linux:linux_kernel:3.4.11"], "id": "CVE-2013-4579", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4579", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:3.9:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.53:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.68:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.37:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.47:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.39:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.0:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.31:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.43:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.44:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.59:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.62:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.45:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.66:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.54:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.49:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.64:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.42:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.51:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.61:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.32:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.55:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.57:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.31:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.36:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.40:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.60:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.41:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.56:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.34:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.0:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.48:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.35:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.50:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.32:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.33:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.63:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.52:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.46:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.65:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.58:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.38:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.67:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc7:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:58:22", "description": "Race condition in the ath_tx_aggr_sleep function in drivers/net/wireless/ath/ath9k/xmit.c in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via a large amount of network traffic that triggers certain list deletions.", "edition": 7, "cvss3": {}, "published": "2014-04-01T06:35:00", "title": "CVE-2014-2672", "type": "cve", "cwe": ["CWE-362"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-2672"], "modified": "2020-08-27T17:05:00", "cpe": [], "id": "CVE-2014-2672", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2672", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": []}, {"lastseen": "2020-12-09T19:58:21", "description": "The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call.", "edition": 5, "cvss3": {}, "published": "2014-01-18T22:55:00", "title": "CVE-2014-1444", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1444"], "modified": "2017-08-29T01:34:00", "cpe": ["cpe:/o:linux:linux_kernel:3.11.6", "cpe:/o:linux:linux_kernel:3.11.3", "cpe:/o:linux:linux_kernel:3.11", "cpe:/o:linux:linux_kernel:3.11.4", "cpe:/o:linux:linux_kernel:3.11.2", "cpe:/o:linux:linux_kernel:3.11.5", "cpe:/o:linux:linux_kernel:3.11.1"], "id": "CVE-2014-1444", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1444", "cvss": {"score": 1.7, "vector": "AV:L/AC:L/Au:S/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:3.11.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:58:21", "description": "The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an ioctl call.", "edition": 5, "cvss3": {}, "published": "2014-01-18T22:55:00", "title": "CVE-2014-1445", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1445"], "modified": "2017-08-29T01:34:00", "cpe": ["cpe:/o:linux:linux_kernel:3.11.6", "cpe:/o:linux:linux_kernel:3.11.3", "cpe:/o:linux:linux_kernel:3.11", "cpe:/o:linux:linux_kernel:3.11.4", "cpe:/o:linux:linux_kernel:3.11.2", "cpe:/o:linux:linux_kernel:3.11.5", "cpe:/o:linux:linux_kernel:3.11.1"], "id": "CVE-2014-1445", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1445", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:3.11.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:58:22", "description": "net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.", "edition": 6, "cvss3": {}, "published": "2014-03-24T16:40:00", "title": "CVE-2014-2523", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-2523"], "modified": "2020-08-25T13:55:00", "cpe": ["cpe:/o:linux:linux_kernel:3.13.6", "cpe:/o:canonical:ubuntu_linux:10.04"], "id": "CVE-2014-2523", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2523", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:3.13.6:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*"]}, {"lastseen": "2020-12-09T19:58:21", "description": "The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call.", "edition": 5, "cvss3": {}, "published": "2014-01-18T22:55:00", "title": "CVE-2014-1446", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1446"], "modified": "2017-08-29T01:34:00", "cpe": ["cpe:/o:linux:linux_kernel:3.12.3", "cpe:/o:linux:linux_kernel:3.12.5", "cpe:/o:linux:linux_kernel:3.12.1", "cpe:/o:linux:linux_kernel:3.12.2", "cpe:/o:linux:linux_kernel:3.12.6", "cpe:/o:linux:linux_kernel:3.12.7", "cpe:/o:linux:linux_kernel:3.12", "cpe:/o:linux:linux_kernel:3.12.4"], "id": "CVE-2014-1446", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1446", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:3.12.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.6:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:58:22", "description": "The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context.", "edition": 7, "cvss3": {}, "published": "2014-02-28T06:18:00", "title": "CVE-2014-1874", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1874"], "modified": "2020-08-26T13:33:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:suse:linux_enterprise_server:10", "cpe:/o:canonical:ubuntu_linux:13.10", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/o:canonical:ubuntu_linux:10.04"], "id": "CVE-2014-1874", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1874", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*"]}], "f5": [{"lastseen": "2019-03-12T00:17:20", "bulletinFamily": "software", "cvelist": ["CVE-2014-0101"], "description": "\nF5 Product Development has assigned ID 454180 (BIG-IP), ID 462326 (Enterprise Manager), and ID 462324 (BIG-IQ) to this vulnerability. In addition, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) lists Heuristic 464523 on the **Diagnostics** > **Identified** > **High **screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM| 11.1.0 - 11.5.3| 12.0.0 \n11.6.0 \n11.0.0 \n10.0.0 - 10.2.4| Linux kernel \nBIG-IP AAM| 11.4.0 - 11.5.3| 12.0.0 \n11.6.0| Linux kernel \nBIG-IP AFM| 11.3.0 - 11.5.3| 12.0.0 \n11.6.0| Linux kernel \nBIG-IP Analytics| 11.1.0 - 11.5.3| 12.0.0 \n11.6.0 \n11.0.0| Linux kernel \nBIG-IP APM| 11.1.0 - 11.5.3| 12.0.0 \n11.6.0 \n11.0.0 \n10.1.0 - 10.2.4| Linux kernel \nBIG-IP ASM| 11.1.0 - 11.5.3| 12.0.0 \n11.6.0 \n11.0.0 \n10.0.0 - 10.2.4| Linux kernel \nBIG-IP Edge Gateway| 11.1.0 - 11.3.0| 11.0.0 \n10.1.0 - 10.2.4| Linux kernel \nBIG-IP GTM| 11.1.0 - 11.5.3| 11.6.0 \n11.0.0 \n10.0.0 - 10.2.4| Linux kernel \nBIG-IP Link Controller| 11.1.0 - 11.5.3| 12.0.0 \n11.6.0 \n11.0.0 \n10.0.0 - 10.2.4| Linux kernel \nBIG-IP PEM| 11.3.0 - 11.5.3| 12.0.0 \n11.6.0| Linux kernel \nBIG-IP PSM| 11.1.0 - 11.4.1| 11.0.0 \n10.0.0 - 10.2.4| Linux kernel \nBIG-IP WebAccelerator| 11.1.0 - 11.3.0| 11.0.0 \n10.0.0 - 10.2.4| Linux kernel \nBIG-IP WOM| 11.1.0 - 11.3.0| 11.0.0 \n10.0.0 - 10.2.4| Linux kernel \nARX| None| 6.0.0 - 6.4.0| None \nEnterprise Manager| 3.0.0 - 3.1.1 \n2.1.0 - 2.3.0| None| Linux kernel \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Linux kernel \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Linux kernel \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Linux kernel \nBIG-IQ ADC| 4.5.0| None| Linux kernel \nBIG-IQ Centralized Management| 4.6.0| 5.0.0| Linux kernel \nBIG-IQ Cloud and Orchestration| None| 1.0.0| None \nLineRate| None| 2.2.0 - 2.3.1| None\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 is responding to this vulnerability as determined by the parameters defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>). \n\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "edition": 1, "modified": "2017-04-06T16:51:00", "published": "2014-06-05T19:56:00", "id": "F5:K15317", "href": "https://support.f5.com/csp/article/K15317", "title": "Linux kernel vulnerability CVE-2014-0101", "type": "f5", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-26T17:22:51", "bulletinFamily": "software", "cvelist": ["CVE-2014-0101"], "edition": 1, "description": "The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk. ([CVE-2014-0101](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0101>))\n", "modified": "2016-07-21T00:00:00", "published": "2014-06-05T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15317.html", "id": "SOL15317", "title": "SOL15317 - Linux kernel vulnerability CVE-2014-0101", "type": "f5", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-03-12T00:17:20", "bulletinFamily": "software", "cvelist": ["CVE-2014-0196"], "description": "\nF5 Product Development has assigned ID 461646 (BIG-IP), ID 463322 (Enterprise Manager), and ID 463324 (BIG-IQ) to this vulnerability. In addition, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) lists Heuristic H464479 on the **Diagnostics** > **Identified** > **High** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM| 11.1.0 - 11.5.1| 12.0.0 \n11.6.0 \n11.5.2 - 11.5.3 \n11.5.1 HF5 \n11.5.0 HF5 \n11.4.1 HF5 \n11.4.0 HF8 \n11.3.0 HF10 \n11.2.1 HF12 \n11.0.0 \n10.0.0 - 10.2.4| TTY \nBIG-IP AAM| 11.4.0 - 11.5.1| 12.0.0 \n11.6.0 \n11.5.2 - 11.5.3 \n11.5.1 HF5 \n11.5.0 HF5 \n11.4.1 HF5 \n11.4.0 HF8| TTY \nBIG-IP AFM| 11.3.0 - 11.5.1| 12.0.0 \n11.6.0 \n11.5.2 - 11.5.3 \n11.5.1 HF5 \n11.5.0 HF5 \n11.4.1 HF5 \n11.4.0 HF8 \n11.3.0 HF10| TTY \nBIG-IP Analytics| 11.1.0 - 11.5.1| 12.0.0 \n11.6.0 \n11.5.2 - 11.5.3 \n11.5.1 HF5 \n11.5.0 HF5 \n11.4.1 HF5 \n11.4.0 HF8 \n11.3.0 HF10 \n11.2.1 HF12 \n11.0.0| TTY \nBIG-IP APM| 11.1.0 - 11.5.1| 12.0.0 \n11.6.0 \n11.5.2 - 11.5.3 \n11.5.1 HF5 \n11.5.0 HF5 \n11.4.1 HF5 \n11.4.0 HF8 \n11.3.0 HF10 \n11.2.1 HF12 \n11.0.0 \n10.1.0 - 10.2.4| TTY \nBIG-IP ASM| 11.1.0 - 11.5.1| 12.0.0 \n11.6.0 \n11.5.2 - 11.5.3 \n11.5.1 HF5 \n11.5.0 HF5 \n11.4.1 HF5 \n11.4.0 HF8 \n11.3.0 HF10 \n11.2.1 HF12 \n11.0.0 \n10.0.0 - 10.2.4| TTY \nBIG-IP DNS| None| 12.0.0| None \nBIG-IP Edge Gateway| 11.1.0 - 11.3.0| 11.3.0 HF10 \n11.2.1 HF12 \n11.0.0 \n10.1.0 - 10.2.4| TTY \nBIG-IP GTM| 11.1.0 - 11.5.1| 11.6.0 \n11.5.2 - 11.5.3 \n11.5.1 HF5 \n11.5.0 HF5 \n11.4.1 HF5 \n11.4.0 HF8 \n11.3.0 HF10 \n11.2.1 HF12 \n11.0.0 \n10.0.0 - 10.2.4| TTY \nBIG-IP Link Controller| 11.1.0 - 11.5.1| 12.0.0 \n11.6.0 \n11.5.2 - 11.5.3 \n11.5.1 HF5 \n11.5.0 HF5 \n11.4.1 HF5 \n11.4.0 HF8 \n11.3.0 HF10 \n11.2.1 HF12 \n11.0.0 \n10.0.0 - 10.2.4| TTY \nBIG-IP PEM| 11.3.0 - 11.5.1| 12.0.0 \n11.6.0 \n11.5.2 - 11.5.3 \n11.5.1 HF5 \n11.5.0 HF5 \n11.4.1 HF5 \n11.4.0 HF8 \n11.3.0 HF10| TTY \nBIG-IP PSM| 11.1.0 - 11.4.1| 11.4.1 HF5 \n11.4.0 HF8 \n11.3.0 HF10 \n11.2.1 HF12 \n11.0.0 \n10.0.0 - 10.2.4| TTY \nBIG-IP WebAccelerator| 11.1.0 - 11.3.0| 11.3.0 HF10 \n11.2.1 HF12 \n11.0.0 \n10.0.0 - 10.2.4| TTY \nBIG-IP WOM| 11.1.0 - 11.3.0| 11.3.0 HF10 \n11.2.1 HF12 \n11.0.0 \n10.0.0 - 10.2.4| TTY \nARX| None| 6.0.0 - 6.4.0| None \nEnterprise Manager| 3.1.0 - 3.1.1| 3.1.1 HF5 \n3.0.0 \n2.1.0 - 2.3.0| TTY \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| TTY \nBIG-IQ Device| 4.2.0 - 4.5.0| None| TTY \nBIG-IQ Security| 4.0.0 - 4.5.0| None| TTY \nBIG-IQ ADC| 4.5.0| None| TTY \nBIG-IQ Centralized Management| 4.6.0| 5.0.0| TTY \nBIG-IQ Cloud and Orchestration| 1.0.0| None| TTY \nF5 iWorkflow| None| 2.0.0| TTY \nLineRate| None| 2.2.0 - 2.3.1| None\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists. \n \nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>). \n\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "edition": 1, "modified": "2017-04-06T16:51:00", "published": "2014-06-05T19:36:00", "id": "F5:K15319", "href": "https://support.f5.com/csp/article/K15319", "title": "Linux kernel TTY vulnerability CVE-2014-0196", "type": "f5", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-26T17:23:28", "bulletinFamily": "software", "cvelist": ["CVE-2014-0196"], "edition": 1, "description": " \n\n\nThe n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the \"LECHO & !OPOST\" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings. ([CVE-2014-0196](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0196>)) \n\n", "modified": "2016-07-21T00:00:00", "published": "2014-06-05T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15319.html", "id": "SOL15319", "title": "SOL15319 - Linux kernel TTY vulnerability CVE-2014-0196", "type": "f5", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-12-11T13:32:44", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0101", "CVE-2014-0196", "CVE-2014-2523"], "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel processed an authenticated\nCOOKIE_ECHO chunk during the initialization of an SCTP connection. A remote\nattacker could use this flaw to crash the system by initiating a specially\ncrafted SCTP handshake in order to trigger a NULL pointer dereference on\nthe system. (CVE-2014-0101, Important)\n\n* A race condition flaw, leading to heap-based buffer overflows, was found\nin the way the Linux kernel's N_TTY line discipline (LDISC) implementation\nhandled concurrent processing of echo output and TTY write operations\noriginating from user space when the underlying TTY driver was PTY.\nAn unprivileged, local user could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2014-0196,\nImportant)\n\nRed Hat would like to thank Nokia Siemens Networks for reporting\nCVE-2014-0101.\n\nThis update also fixes the following bug:\n\n* Prior to this update, a guest-provided value was used as the head length\nof the socket buffer allocated on the host. If the host was under heavy\nmemory load and the guest-provided value was too large, the allocation\ncould have failed, resulting in stalls and packet drops in the guest's Tx\npath. With this update, the guest-provided value has been limited to a\nreasonable size so that socket buffer allocations on the host succeed\nregardless of the memory load on the host, and guests can send packets\nwithout experiencing packet drops or stalls. (BZ#1092349)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n", "modified": "2015-04-24T14:21:17", "published": "2014-05-20T04:00:00", "id": "RHSA-2014:0520", "href": "https://access.redhat.com/errata/RHSA-2014:0520", "type": "redhat", "title": "(RHSA-2014:0520) Important: kernel security and bug fix update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:17", "bulletinFamily": "unix", "cvelist": ["CVE-2013-7263", "CVE-2013-7265", "CVE-2014-0069", "CVE-2014-1438", "CVE-2014-1690", "CVE-2014-1874", "CVE-2014-2309", "CVE-2014-2523"], "description": "The kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A denial of service flaw was found in the way the Linux kernel's IPv6\nimplementation processed IPv6 router advertisement (RA) packets.\nAn attacker able to send a large number of RA packets to a target system\ncould potentially use this flaw to crash the target system. (CVE-2014-2309,\nImportant)\n\n* A flaw was found in the way the Linux kernel's netfilter connection\ntracking implementation for Datagram Congestion Control Protocol (DCCP)\npackets used the skb_header_pointer() function. A remote attacker could use\nthis flaw to send a specially crafted DCCP packet to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2014-2523,\nImportant)\n\n* A flaw was found in the way the Linux kernel's CIFS implementation\nhandled uncached write operations with specially crafted iovec structures.\nAn unprivileged local user with access to a CIFS share could use this flaw\nto crash the system, leak kernel memory, or, potentially, escalate their\nprivileges on the system. (CVE-2014-0069, Moderate)\n\n* A flaw was found in the way the Linux kernel handled pending Floating\nPointer Unit (FPU) exceptions during the switching of tasks. A local\nattacker could use this flaw to terminate arbitrary processes on the\nsystem, causing a denial of service, or, potentially, escalate their\nprivileges on the system. Note that this flaw only affected systems using\nAMD CPUs on both 32-bit and 64-bit architectures. (CVE-2014-1438, Moderate)\n\n* It was found that certain protocol handlers in the Linux kernel's\nnetworking implementation could set the addr_len value without initializing\nthe associated data structure. A local, unprivileged user could use this\nflaw to leak kernel stack memory to user space using the recvmsg, recvfrom,\nand recvmmsg system calls. (CVE-2013-7263, CVE-2013-7265, Low)\n\n* An information leak flaw was found in the Linux kernel's netfilter\nconnection tracking IRC NAT helper implementation that could allow a remote\nattacker to disclose portions of kernel stack memory during IRC DCC (Direct\nClient-to-Client) communication over NAT. (CVE-2014-1690, Low)\n\n* A denial of service flaw was discovered in the way the Linux kernel's\nSELinux implementation handled files with an empty SELinux security\ncontext. A local user who has the CAP_MAC_ADMIN capability could use this\nflaw to crash the system. (CVE-2014-1874, Low)\n\nRed Hat would like to thank Al Viro for reporting CVE-2014-0069.\nThe CVE-2014-1690 issue was discovered by Daniel Borkmann of Red Hat.\n\nThis update also fixes several bugs and adds multiple enhancements.\nDocumentation for these changes will be available shortly from the\nTechnical Notes document linked to in the References section.\n\nUsers are advised to upgrade to these updated packages, which upgrade the\nkernel-rt kernel to version kernel-rt-3.10.33-rt32.33, correct these\nissues, and fix the bugs and add the enhancements noted in the Red Hat\nEnterprise MRG 2 Technical Notes. The system must be rebooted for this\nupdate to take effect.\n", "modified": "2018-06-07T08:58:34", "published": "2014-04-28T04:00:00", "id": "RHSA-2014:0439", "href": "https://access.redhat.com/errata/RHSA-2014:0439", "type": "redhat", "title": "(RHSA-2014:0439) Important: kernel-rt security, bug fix, and enhancement update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:32", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1737", "CVE-2014-1738"], "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's floppy driver handled user\nspace provided data in certain error code paths while processing FDRAWCMD\nIOCTL commands. A local user with write access to /dev/fdX could use this\nflaw to free (using the kfree() function) arbitrary kernel memory.\n(CVE-2014-1737, Important)\n\n* It was found that the Linux kernel's floppy driver leaked internal kernel\nmemory addresses to user space during the processing of the FDRAWCMD IOCTL\ncommand. A local user with write access to /dev/fdX could use this flaw to\nobtain information about the kernel heap arrangement. (CVE-2014-1738, Low)\n\nNote: A local user with write access to /dev/fdX could use these two flaws\n(CVE-2014-1737 in combination with CVE-2014-1738) to escalate their\nprivileges on the system.\n\nRed Hat would like to thank Matthew Daley for reporting these issues.\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n", "modified": "2017-09-08T12:18:22", "published": "2014-06-26T04:00:00", "id": "RHSA-2014:0801", "href": "https://access.redhat.com/errata/RHSA-2014:0801", "type": "redhat", "title": "(RHSA-2014:0801) Important: kernel security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:37", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0100", "CVE-2014-0196", "CVE-2014-1737", "CVE-2014-1738", "CVE-2014-2672", "CVE-2014-2678", "CVE-2014-2706", "CVE-2014-2851", "CVE-2014-3122"], "description": "The kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A race condition leading to a use-after-free flaw was found in the way\nthe Linux kernel's TCP/IP protocol suite implementation handled the\naddition of fragments to the LRU (Last-Recently Used) list under certain\nconditions. A remote attacker could use this flaw to crash the system or,\npotentially, escalate their privileges on the system by sending a large\namount of specially crafted fragmented packets to that system.\n(CVE-2014-0100, Important)\n\n* A race condition flaw, leading to heap-based buffer overflows, was found\nin the way the Linux kernel's N_TTY line discipline (LDISC) implementation\nhandled concurrent processing of echo output and TTY write operations\noriginating from user space when the underlying TTY driver was PTY.\nAn unprivileged, local user could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2014-0196,\nImportant)\n\n* A flaw was found in the way the Linux kernel's floppy driver handled user\nspace provided data in certain error code paths while processing FDRAWCMD\nIOCTL commands. A local user with write access to /dev/fdX could use this\nflaw to free (using the kfree() function) arbitrary kernel memory.\n(CVE-2014-1737, Important)\n\n* It was found that the Linux kernel's floppy driver leaked internal kernel\nmemory addresses to user space during the processing of the FDRAWCMD IOCTL\ncommand. A local user with write access to /dev/fdX could use this flaw to\nobtain information about the kernel heap arrangement. (CVE-2014-1738, Low)\n\nNote: A local user with write access to /dev/fdX could use these two flaws\n(CVE-2014-1737 in combination with CVE-2014-1738) to escalate their\nprivileges on the system.\n\n* A use-after-free flaw was found in the way the ping_init_sock() function\nof the Linux kernel handled the group_info reference counter. A local,\nunprivileged user could use this flaw to crash the system or, potentially,\nescalate their privileges on the system. (CVE-2014-2851, Important)\n\n* It was found that a remote attacker could use a race condition flaw in\nthe ath_tx_aggr_sleep() function to crash the system by creating large\nnetwork traffic on the system's Atheros 9k wireless network adapter.\n(CVE-2014-2672, Moderate)\n\n* A NULL pointer dereference flaw was found in the rds_iw_laddr_check()\nfunction in the Linux kernel's implementation of Reliable Datagram Sockets\n(RDS). A local, unprivileged user could use this flaw to crash the system.\n(CVE-2014-2678, Moderate)\n\n* A race condition flaw was found in the way the Linux kernel's mac80211\nsubsystem implementation handled synchronization between TX and STA wake-up\ncode paths. A remote attacker could use this flaw to crash the system.\n(CVE-2014-2706, Moderate)\n\n* It was found that the try_to_unmap_cluster() function in the Linux\nkernel's Memory Managment subsystem did not properly handle page locking in\ncertain cases, which could potentially trigger the BUG_ON() macro in the\nmlock_vma_page() function. A local, unprivileged user could use this flaw\nto crash the system. (CVE-2014-3122, Moderate)\n\nRed Hat would like to thank Matthew Daley for reporting CVE-2014-1737 and\nCVE-2014-1738. The CVE-2014-0100 issue was discovered by Nikolay\nAleksandrov of Red Hat.\n\nUsers are advised to upgrade to these updated packages, which upgrade the\nkernel-rt kernel to version kernel-rt-3.10.33-rt32.34 and correct these\nissues. The system must be rebooted for this update to take effect.\n", "modified": "2018-06-07T08:58:34", "published": "2014-05-27T04:00:00", "id": "RHSA-2014:0557", "href": "https://access.redhat.com/errata/RHSA-2014:0557", "type": "redhat", "title": "(RHSA-2014:0557) Important: kernel-rt security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-11-11T13:11:51", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1737", "CVE-2014-1738", "CVE-2014-0196"], "description": "- ----------------------------------------------------------------------\nDebian Security Advisory DSA-2928-1 security@debian.org\nhttp://www.debian.org/security/ Dann Frazier\nMay 14, 2014 http://www.debian.org/security/faq\n- ----------------------------------------------------------------------\n\nPackage : linux-2.6\nVulnerability : privilege escalation/denial of service/information leak\nProblem type : local\nDebian-specific: no\nCVE Id(s) : CVE-2014-0196 CVE-2014-1737 CVE-2014-1738\n\nSeveral vulnerabilities have been discovered in the Linux kernel that may lead\nto a denial of service, information leak or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2014-0196\n\n Jiri Slaby discovered a race condition in the pty layer, which could lead\n to a denial of service or privilege escalation.\n\nCVE-2014-1737 CVE-2014-1738\n\n Matthew Daley discovered an information leak and missing input\n sanitising in the FDRAWCMD ioctl of the floppy driver. This could result\n in a privilege escalation.\n\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.6.32-48squeeze6.\n\nThe following matrix lists additional source packages that were rebuilt for\ncompatibility with or to take advantage of this update:\n\n Debian 6.0 (squeeze)\n user-mode-linux 2.6.32-1um-4+48squeeze6\n\nWe recommend that you upgrade your linux-2.6 and user-mode-linux packages.\n\nNote: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or "leap-frog" fashion.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2014-05-14T18:21:42", "published": "2014-05-14T18:21:42", "id": "DEBIAN:DSA-2928-1:6623C", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00109.html", "title": "[SECURITY] [DSA 2928-1] linux-2.6 security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:21:57", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3122", "CVE-2014-1737", "CVE-2014-1738", "CVE-2014-0196", "CVE-2014-2851"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2926-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMay 12, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2014-0196 CVE-2014-1737 CVE-2014-1738 CVE-2014-2851 \n CVE-2014-3122\n\nSeveral vulnerabilities have been discovered in the Linux kernel that \nmay lead to a denial of service, information leaks or privilege \nescalation:\n\nCVE-2014-0196\n\n Jiri Slaby discovered a race condition in the pty layer, which could\n lead to denial of service or privilege escalation.\n\nCVE-2014-1737 / CVE-2014-1738\n\n Matthew Daley discovered that missing input sanitising in the\n FDRAWCMD ioctl and an information leak could result in privilege\n escalation.\n\nCVE-2014-2851\n\n Incorrect reference counting in the ping_init_sock() function allows\n denial of service or privilege escalation.\n\nCVE-2014-3122\n\n Incorrect locking of memory can result in local denial of service.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 3.2.57-3+deb7u1. This update also fixes a regression in the isci\ndriver and suspend problems with certain AMD CPUs (introduced in the\nupdated kernel from the Wheezy 7.5 point release).\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your linux packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n\n\n\n\n\n", "edition": 3, "modified": "2014-05-12T15:59:28", "published": "2014-05-12T15:59:28", "id": "DEBIAN:DSA-2926-1:1D594", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00107.html", "title": "[SECURITY] [DSA 2926-1] linux security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:43:48", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1874", "CVE-2014-1446", "CVE-2013-6368", "CVE-2013-7339", "CVE-2013-4579", "CVE-2014-1438"], "description": "Mathy Vanhoef discovered an error in the the way the ath9k driver was \nhandling the BSSID masking. A remote attacker could exploit this error to \ndiscover the original MAC address after a spoofing atack. (CVE-2013-4579)\n\nAndrew Honig reported an error in the Linux Kernel's Kernel Virtual Machine \n(KVM) VAPIC synchronization operation. A local user could exploit this flaw \nto gain privileges or cause a denial of service (system crash). \n(CVE-2013-6368)\n\nA flaw was discovered in the Reliable Datagram Sockets (RDS) protocol \nimplementation in the Linux kernel for systems that lack RDS transports. An \nunprivileged local user could exploit this flaw to cause a denial of \nservice (system crash). (CVE-2013-7339)\n\nhalfdog reported an error in the AMD K7 and K8 platform support in the \nLinux kernel. An unprivileged local user could exploit this flaw on AMD \nbased systems to cause a denial of service (task kill) or possibly gain \nprivileges via a crafted application. (CVE-2014-1438)\n\nAn information leak was discovered in the Linux kernel's hamradio YAM \ndriver for AX.25 packet radio. A local user with the CAP_NET_ADMIN \ncapability could exploit this flaw to obtain sensitive information from \nkernel memory. (CVE-2014-1446)\n\nMatthew Thode reported a denial of service vulnerability in the Linux \nkernel when SELinux support is enabled. A local user with the CAP_MAC_ADMIN \ncapability (and the SELinux mac_admin permission if running in enforcing \nmode) could exploit this flaw to cause a denial of service (kernel crash). \n(CVE-2014-1874)", "edition": 5, "modified": "2014-03-07T00:00:00", "published": "2014-03-07T00:00:00", "id": "USN-2134-1", "href": "https://ubuntu.com/security/notices/USN-2134-1", "title": "Linux kernel (OMAP4) vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:40:53", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1874", "CVE-2014-1446", "CVE-2013-6368", "CVE-2013-7339", "CVE-2013-4579", "CVE-2014-1438"], "description": "Mathy Vanhoef discovered an error in the the way the ath9k driver was \nhandling the BSSID masking. A remote attacker could exploit this error to \ndiscover the original MAC address after a spoofing atack. (CVE-2013-4579)\n\nAndrew Honig reported an error in the Linux Kernel's Kernel Virtual Machine \n(KVM) VAPIC synchronization operation. A local user could exploit this flaw \nto gain privileges or cause a denial of service (system crash). \n(CVE-2013-6368)\n\nA flaw was discovered in the Reliable Datagram Sockets (RDS) protocol \nimplementation in the Linux kernel for systems that lack RDS transports. An \nunprivileged local user could exploit this flaw to cause a denial of \nservice (system crash). (CVE-2013-7339)\n\nhalfdog reported an error in the AMD K7 and K8 platform support in the \nLinux kernel. An unprivileged local user could exploit this flaw on AMD \nbased systems to cause a denial of service (task kill) or possibly gain \nprivileges via a crafted application. (CVE-2014-1438)\n\nAn information leak was discovered in the Linux kernel's hamradio YAM \ndriver for AX.25 packet radio. A local user with the CAP_NET_ADMIN \ncapability could exploit this flaw to obtain sensitive information from \nkernel memory. (CVE-2014-1446)\n\nMatthew Thode reported a denial of service vulnerability in the Linux \nkernel when SELinux support is enabled. A local user with the CAP_MAC_ADMIN \ncapability (and the SELinux mac_admin permission if running in enforcing \nmode) could exploit this flaw to cause a denial of service (kernel crash). \n(CVE-2014-1874)", "edition": 5, "modified": "2014-03-07T00:00:00", "published": "2014-03-07T00:00:00", "id": "USN-2133-1", "href": "https://ubuntu.com/security/notices/USN-2133-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:37:39", "bulletinFamily": "unix", "cvelist": ["CVE-2014-2672", "CVE-2014-1737", "CVE-2014-1738", "CVE-2014-8709", "CVE-2014-0196", "CVE-2014-2851", "CVE-2014-2309", "CVE-2014-2678", "CVE-2013-4483", "CVE-2014-0077", "CVE-2014-2523", "CVE-2014-0101", "CVE-2014-0069", "CVE-2014-2706"], "description": "A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An \nunprivileged user could exploit this flaw to cause a denial of service \n(system crash) or potentially gain administrator privileges. \n(CVE-2014-0196)\n\nMatthew Daley reported an information leak in the floppy disk driver of the \nLinux kernel. An unprivileged local user could exploit this flaw to obtain \npotentially sensitive information from kernel memory. (CVE-2014-1738)\n\nMatthew Daley reported a flaw in the handling of ioctl commands by the \nfloppy disk driver in the Linux kernel. An unprivileged local user could \nexploit this flaw to gain administrative privileges if the floppy disk \nmodule is loaded. (CVE-2014-1737)\n\nA flaw was discovered in the Linux kernel's IPC reference counting. An \nunprivileged local user could exploit this flaw to cause a denial of \nservice (OOM system crash). (CVE-2013-4483)\n\nAl Viro discovered an error in how CIFS in the Linux kernel handles \nuncached write operations. An unprivileged local user could exploit this \nflaw to cause a denial of service (system crash), obtain sensitive \ninformation from kernel memory, or possibly gain privileges. \n(CVE-2014-0069)\n\nA flaw was discovered in the handling of network packets when mergeable \nbuffers are disabled for virtual machines in the Linux kernel. Guest OS \nusers may exploit this flaw to cause a denial of service (host OS crash) or \npossibly gain privilege on the host OS. (CVE-2014-0077)\n\nA flaw was discovered in the Linux kernel's handling of the SCTP handshake. \nA remote attacker could exploit this flaw to cause a denial of service \n(system crash). (CVE-2014-0101)\n\nA flaw was discovered in the handling of routing information in Linux \nkernel's IPv6 stack. A remote attacker could exploit this flaw to cause a \ndenial of service (memory consumption) via a flood of ICMPv6 router \nadvertisement packets. (CVE-2014-2309)\n\nAn error was discovered in the Linux kernel's DCCP protocol support. A \nremote attacked could exploit this flaw to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2014-2523)\n\nMax Sydorenko discovered a race condition in the Atheros 9k wireless driver \nin the Linux kernel. This race could be exploited by remote attackers to \ncause a denial of service (system crash). (CVE-2014-2672)\n\nAn error was discovered in the Reliable Datagram Sockets (RDS) protocol \nstack in the Linux kernel. A local user could exploit this flaw to cause a \ndenial of service (system crash) or possibly have unspecified other impact. \n(CVE-2014-2678)\n\nYaara Rozenblum discovered a race condition in the Linux kernel's Generic \nIEEE 802.11 Networking Stack (mac80211). Remote attackers could exploit \nthis flaw to cause a denial of service (system crash). (CVE-2014-2706)\n\nA flaw was discovered in the Linux kernel's ping sockets. An unprivileged \nlocal user could exploit this flaw to cause a denial of service (system \ncrash) or possibly gain privileges via a crafted application. \n(CVE-2014-2851)\n\nJouni Malinen reported a flaw in the handling of fragmentation in the \nmac8Linux subsystem of the kernel. A remote attacker could exploit this \nflaw to obtain potential sensitive cleartext information by reading \npackets. (CVE-2014-8709)", "edition": 5, "modified": "2014-05-27T00:00:00", "published": "2014-05-27T00:00:00", "id": "USN-2227-1", "href": "https://ubuntu.com/security/notices/USN-2227-1", "title": "Linux kernel (OMAP4) vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:22:07", "bulletinFamily": "unix", "cvelist": ["CVE-2014-2523", "CVE-2014-0101"], "description": "A flaw was discovered in the Linux kernel's handling of the SCTP handshake. A \nremote attacker could exploit this flaw to cause a denial of service \n(system crash). (CVE-2014-0101)\n\nAn error was discovered in the Linux kernel's DCCP protocol support. A \nremote attacked could exploit this flaw to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2014-2523)", "edition": 5, "modified": "2014-04-26T00:00:00", "published": "2014-04-26T00:00:00", "id": "USN-2173-1", "href": "https://ubuntu.com/security/notices/USN-2173-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:27:13", "bulletinFamily": "unix", "cvelist": ["CVE-2014-2523", "CVE-2014-0101"], "description": "A flaw was discovered in the Linux kernel's handling of the SCTP handshake. A \nremote attacker could exploit this flaw to cause a denial of service \n(system crash). (CVE-2014-0101)\n\nAn error was discovered in the Linux kernel's DCCP protocol support. A \nremote attacked could exploit this flaw to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2014-2523)", "edition": 5, "modified": "2014-04-26T00:00:00", "published": "2014-04-26T00:00:00", "id": "USN-2174-1", "href": "https://ubuntu.com/security/notices/USN-2174-1", "title": "Linux kernel (EC2) vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:40:01", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3122", "CVE-2014-2672", "CVE-2014-1737", "CVE-2014-1738", "CVE-2014-2851", "CVE-2014-2309", "CVE-2014-2678", "CVE-2014-0055", "CVE-2014-0077", "CVE-2014-2523", "CVE-2014-0101", "CVE-2014-2706"], "description": "Matthew Daley reported an information leak in the floppy disk driver of the \nLinux kernel. An unprivileged local user could exploit this flaw to obtain \npotentially sensitive information from kernel memory. (CVE-2014-1738)\n\nMatthew Daley reported a flaw in the handling of ioctl commands by the \nfloppy disk driver in the Linux kernel. An unprivileged local user could \nexploit this flaw to gain administrative privileges if the floppy disk \nmodule is loaded. (CVE-2014-1737)\n\nA flaw was discovered in the vhost-net subsystem of the Linux kernel. Guest \nOS users could exploit this flaw to cause a denial of service (host OS \ncrash). (CVE-2014-0055)\n\nA flaw was discovered in the handling of network packets when mergeable \nbuffers are disabled for virtual machines in the Linux kernel. Guest OS \nusers may exploit this flaw to cause a denial of service (host OS crash) or \npossibly gain privilege on the host OS. (CVE-2014-0077)\n\nA flaw was discovered in the Linux kernel's handling of the SCTP handshake. \nA remote attacker could exploit this flaw to cause a denial of service \n(system crash). (CVE-2014-0101)\n\nA flaw was discovered in the handling of routing information in Linux \nkernel's IPv6 stack. A remote attacker could exploit this flaw to cause a \ndenial of service (memory consumption) via a flood of ICMPv6 router \nadvertisement packets. (CVE-2014-2309)\n\nAn error was discovered in the Linux kernel's DCCP protocol support. A \nremote attacked could exploit this flaw to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2014-2523)\n\nMax Sydorenko discovered a race condition in the Atheros 9k wireless driver \nin the Linux kernel. This race could be exploited by remote attackers to \ncause a denial of service (system crash). (CVE-2014-2672)\n\nAn error was discovered in the Reliable Datagram Sockets (RDS) protocol \nstack in the Linux kernel. A local user could exploit this flaw to cause a \ndenial of service (system crash) or possibly have unspecified other impact. \n(CVE-2014-2678)\n\nYaara Rozenblum discovered a race condition in the Linux kernel's Generic \nIEEE 802.11 Networking Stack (mac80211). Remote attackers could exploit \nthis flaw to cause a denial of service (system crash). (CVE-2014-2706)\n\nA flaw was discovered in the Linux kernel's ping sockets. An unprivileged \nlocal user could exploit this flaw to cause a denial of service (system \ncrash) or possibly gain privileges via a crafted application. \n(CVE-2014-2851)\n\nSasha Levin reported a bug in the Linux kernel's virtual memory management \nsubsystem. An unprivileged local user could exploit this flaw to cause a \ndenial of service (system crash). (CVE-2014-3122)", "edition": 5, "modified": "2014-05-27T00:00:00", "published": "2014-05-27T00:00:00", "id": "USN-2224-1", "href": "https://ubuntu.com/security/notices/USN-2224-1", "title": "Linux kernel (Raring HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-08T23:36:03", "bulletinFamily": "unix", "cvelist": ["CVE-2014-2672", "CVE-2014-0100", "CVE-2014-1737", "CVE-2014-1738", "CVE-2014-2851", "CVE-2014-2673", "CVE-2014-2309", "CVE-2014-2678", "CVE-2014-0055", "CVE-2014-0077", "CVE-2014-2523", "CVE-2014-0101", "CVE-2014-2706"], "description": "Matthew Daley reported an information leak in the floppy disk driver of the \nLinux kernel. An unprivileged local user could exploit this flaw to obtain \npotentially sensitive information from kernel memory. (CVE-2014-1738)\n\nMatthew Daley reported a flaw in the handling of ioctl commands by the \nfloppy disk driver in the Linux kernel. An unprivileged local user could \nexploit this flaw to gain administrative privileges if the floppy disk \nmodule is loaded. (CVE-2014-1737)\n\nA flaw was discovered in the vhost-net subsystem of the Linux kernel. Guest \nOS users could exploit this flaw to cause a denial of service (host OS \ncrash). (CVE-2014-0055)\n\nA flaw was discovered in the handling of network packets when mergeable \nbuffers are disabled for virtual machines in the Linux kernel. Guest OS \nusers may exploit this flaw to cause a denial of service (host OS crash) or \npossibly gain privilege on the host OS. (CVE-2014-0077)\n\nNikolay Aleksandrov discovered a race condition in Linux kernel's IPv4 \nfragment handling code. Remote attackers could exploit this flaw to cause a \ndenial of service (system crash) or possibly have other unspecified impact. \n(CVE-2014-0100)\n\nA flaw was discovered in the Linux kernel's handling of the SCTP handshake. \nA remote attacker could exploit this flaw to cause a denial of service \n(system crash). (CVE-2014-0101)\n\nA flaw was discovered in the handling of routing information in Linux \nkernel's IPv6 stack. A remote attacker could exploit this flaw to cause a \ndenial of service (memory consumption) via a flood of ICMPv6 router \nadvertisement packets. (CVE-2014-2309)\n\nAn error was discovered in the Linux kernel's DCCP protocol support. A \nremote attacked could exploit this flaw to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2014-2523)\n\nMax Sydorenko discovered a race condition in the Atheros 9k wireless driver \nin the Linux kernel. This race could be exploited by remote attackers to \ncause a denial of service (system crash). (CVE-2014-2672)\n\nAdhemerval Zanella Neto discovered a flaw the in the Transactional Memory \n(TM) implementation for powerpc based machine. An unprivileged local user \ncould exploit this flaw to cause a denial of service (system crash). \n(CVE-2014-2673)\n\nAn error was discovered in the Reliable Datagram Sockets (RDS) protocol \nstack in the Linux kernel. A local user could exploit this flaw to cause a \ndenial of service (system crash) or possibly have unspecified other impact. \n(CVE-2014-2678)\n\nYaara Rozenblum discovered a race condition in the Linux kernel's Generic \nIEEE 802.11 Networking Stack (mac80211). Remote attackers could exploit \nthis flaw to cause a denial of service (system crash). (CVE-2014-2706)\n\nA flaw was discovered in the Linux kernel's ping sockets. An unprivileged \nlocal user could exploit this flaw to cause a denial of service (system \ncrash) or possibly gain privileges via a crafted application. \n(CVE-2014-2851)", "edition": 5, "modified": "2014-05-27T00:00:00", "published": "2014-05-27T00:00:00", "id": "USN-2228-1", "href": "https://ubuntu.com/security/notices/USN-2228-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:25", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1737", "CVE-2013-6378", "CVE-2014-1874", "CVE-2014-1738"], "description": "[2.6.39-400.215.3]\n- SELinux: Fix kernel BUG on empty security contexts. (Stephen Smalley) [Orabug: 19028380] {CVE-2014-1874}\n- floppy: don't write kernel-only members to FDRAWCMD ioctl output (Matthew Daley) [Orabug: 19028444] {CVE-2014-1738}\n- floppy: ignore kernel-only members in FDRAWCMD ioctl input (Matthew Daley) [Orabug: 19028438] {CVE-2014-1737}\n- libertas: potential oops in debugfs (Dan Carpenter) [Orabug: 19028416] {CVE-2013-6378}", "edition": 4, "modified": "2014-06-20T00:00:00", "published": "2014-06-20T00:00:00", "id": "ELSA-2014-3042", "href": "http://linux.oracle.com/errata/ELSA-2014-3042.html", "title": "unbreakable enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:12", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1737", "CVE-2013-6378", "CVE-2014-1874", "CVE-2014-1738", "CVE-2014-0203"], "description": "kernel-uek\n[2.6.32-400.36.3uek]\n- fix autofs/afs/etc. magic mountpoint breakage (Al Viro) [Orabug: 19028505] {CVE-2014-0203}\n- SELinux: Fix kernel BUG on empty security contexts. (Stephen Smalley) [Orabug: 19028381] {CVE-2014-1874}\n- floppy: don't write kernel-only members to FDRAWCMD ioctl output (Matthew Daley) [Orabug: 19028446] {CVE-2014-1738}\n- floppy: ignore kernel-only members in FDRAWCMD ioctl input (Matthew Daley) [Orabug: 19028439] {CVE-2014-1737}\n- libertas: potential oops in debugfs (Dan Carpenter) [Orabug: 19028417] {CVE-2013-6378}", "edition": 4, "modified": "2014-06-20T00:00:00", "published": "2014-06-20T00:00:00", "id": "ELSA-2014-3043", "href": "http://linux.oracle.com/errata/ELSA-2014-3043.html", "title": "unbreakable enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:48", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1737", "CVE-2013-6378", "CVE-2014-1874", "CVE-2014-1738", "CVE-2014-0196", "CVE-2014-2039", "CVE-2014-3153", "CVE-2014-0203"], "description": "[2.6.32-431.20.3]\n- [kernel] futex: Make lookup_pi_state more robust (Jerome Marchand) [1104516 1104517] {CVE-2014-3153}\n- [kernel] futex: Always cleanup owner tid in unlock_pi (Jerome Marchand) [1104516 1104517] {CVE-2014-3153}\n- [kernel] futex: Validate atomic acquisition in futex_lock_pi_atomic() (Jerome Marchand) [1104516 1104517] {CVE-2014-3153}\n- [kernel] futex: prevent requeue pi on same futex (Jerome Marchand) [1104516 1104517] {CVE-2014-3153}\n- [fs] autofs4: fix device ioctl mount lookup (Ian Kent) [1069630 999708]\n- [fs] vfs: introduce kern_path_mountpoint() (Ian Kent) [1069630 999708]\n- [fs] vfs: rename user_path_umountat() to user_path_mountpoint_at() (Ian Kent) [1069630 999708]\n- [fs] vfs: massage umount_lookup_last() a bit to reduce nesting (Ian Kent) [1069630 999708]\n- [fs] vfs: allow umount to handle mountpoints without revalidating them (Ian Kent) [1069630 999708]\n- Revert: [fs] vfs: allow umount to handle mountpoints without revalidating them (Ian Kent) [1069630 999708]\n- Revert: [fs] vfs: massage umount_lookup_last() a bit to reduce nesting (Ian Kent) [1069630 999708]\n- Revert: [fs] vfs: rename user_path_umountat() to user_path_mountpoint_at() (Ian Kent) [1069630 999708]\n- Revert: [fs] vfs: introduce kern_path_mountpoint() (Ian Kent) [1069630 999708]\n- Revert: [fs] autofs4: fix device ioctl mount lookup (Ian Kent) [1069630 999708]\n[2.6.32-431.20.2]\n- [block] floppy: don't write kernel-only members to FDRAWCMD ioctl output (Denys Vlasenko) [1094308 1094310] {CVE-2014-1738 CVE-2014-1737}\n- [block] floppy: ignore kernel-only members in FDRAWCMD ioctl input (Denys Vlasenko) [1094308 1094310] {CVE-2014-1738 CVE-2014-1737}\n- [fs] vfs: fix autofs/afs/etc magic mountpoint breakage (Frantisek Hrbata) [1094370 1079347] {CVE-2014-0203}\n- [char] n_tty: Fix n_tty_write crash when echoing in raw mode (Aristeu Rozanski) [1094236 1094237] {CVE-2014-0196}\n[2.6.32-431.20.1]\n- [net] rtnetlink: Only supply IFLA_VF_PORTS information when RTEXT_FILTER_VF is set (Jiri Pirko) [1092870 1081282]\n- [net] rtnetlink: Warn when interface's information won't fit in our packet (Jiri Pirko) [1092870 1081282]\n- [net] bridge: Correctly receive hw-accelerated vlan traffic (Vlad Yasevich) [1096214 1067722]\n- [net] vlan: Allow accelerated packets to flow through the bridge (Vlad Yasevich) [1096214 1067722]\n- [infiniband] qib: Add missing serdes init sequence (Doug Ledford) [1080104 1005491]\n- [infiniband] qib: Fix txselect regression (Doug Ledford) [1080104 1005491]\n- [netdrv] ixgbevf: fix vlan acceleration (Nikolay Aleksandrov) [1094287 1069028]\n- [security] selinux: Fix kernel BUG on empty security contexts (Paul Moore) [1062502 1064545] {CVE-2014-1874}\n- [netdrv] libertas: potential oops in debugfs (Denys Vlasenko) [1034176 1034177] {CVE-2013-6378}\n- [kernel] cgroup: move put_css_set() after setting CGRP_RELEASABLE bit to fix notify_on_release (Naoya Horiguchi) [1081909 1037465]\n- [kernel] sched: Use exit hook to avoid use-after-free crash (Naoya Horiguchi) [1081914 1032347]\n- [kernel] cgroup: replace list_del() with list_del_init() to avoid panic (Naoya Horiguchi) [1081915 1032343]\n- [x86] turbostat: display C8, C9, C10 residency (Neil Horman) [1096711 1080637]\n- [scsi] lpfc 8.3.44: Fix kernel panics from corrupted ndlp list (Rob Evers) [1086839 1063699]\n- [s390] fix kernel crash due to linkage stack instructions (Hendrik Brueckner) [1067678 1067679] {CVE-2014-2039}\n- [x86] kvm: rate-limit global clock updates (Andrew Jones) [1090750 1072373]\n- [kernel] hrtimers: Move SMP function call to thread context (Mateusz Guzik) [1079869 1073129]\n- [kernel] hrtimers: Support resuming with two or more CPUs online (Mateusz Guzik) [1079869 1073129]\n- [fs] autofs4: fix device ioctl mount lookup (Ian Kent) [1069630 999708]\n- [fs] vfs: introduce kern_path_mountpoint() (Ian Kent) [1069630 999708]\n- [fs] vfs: rename user_path_umountat() to user_path_mountpoint_at() (Ian Kent) [1069630 999708]\n- [fs] vfs: massage umount_lookup_last() a bit to reduce nesting (Ian Kent) [1069630 999708]\n- [fs] vfs: allow umount to handle mountpoints without revalidating them (Ian Kent) [1069630 999708]\n- [fs] ext4: fix WARN_ON from ext4_releasepage() (Carlos Maiolino) [1063508 1036814]\n- [fs] vfs: fix getname() && do_getname() interaction (Oleg Nesterov) [1075653 1024689]\n- [x86] apic: Make disabled_cpu_apicid static read_mostly, fix typos (Nigel Croxon) [1082622 980621]\n- [x86] kexec: Add disable_cpu_apicid kernel parameter (Nigel Croxon) [1082622 980621]\n- [kvm] x86: use kvm_read/write_guest_virt_system in task switch (Paolo Bonzini) [1070296 1018581]\n- [kvm] x86: small cleanups to kvm_task_switch (Paolo Bonzini) [1070296 1018581]\n- [kvm] x86: propagate error from kvm_load_segment_descriptor (Paolo Bonzini) [1070296 1018581]\n- [kvm] x86: improve save_guest_segment_descriptor (Paolo Bonzini) [1070296 1018581]\n- [kvm] x86: introduce kvm_write_guest_virt_system (Paolo Bonzini) [1070296 1018581]\n- [kvm] x86: Fix task switch privilege checks (Paolo Bonzini) [1070296 1018581]\n- [powerpc] Make function that parses RTAS error logs global (Steve Best) [1091424 1028682]\n- [powerpc] pseries: Add RTAS event log v6 definition (Steve Best) [1091424 1028682]\n- [powerpc] pseries: Parse and handle EPOW interrupts (Steve Best) [1091424 1028682]\n- [fs] nfsd: don't try to reuse an expired DRC entry off the list (Jeff Layton) [1088779 1036972]\n- [fs] nfsd: when reusing an existing repcache entry, unhash it first (Jeff Layton) [1088779 1036972]\n[2.6.32-431.19.1]\n- [kernel] sched: fix cpu_power initialization (Radim Krcmar) [1091826 1065304]\n- [fs] gfs2: Fix uninitialized VFS inode in gfs2_create_inode (Abhijith Das) [1092002 1059808]\n[2.6.32-431.18.1]\n- [block] fix race between request completion and timeout handling (Jeff Moyer) [1089915 919756]", "edition": 4, "modified": "2014-06-19T00:00:00", "published": "2014-06-19T00:00:00", "id": "ELSA-2014-0771", "href": "http://linux.oracle.com/errata/ELSA-2014-0771.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:02", "bulletinFamily": "unix", "cvelist": ["CVE-2014-2523", "CVE-2014-0101"], "description": "kernel-uek\n[2.6.32-400.34.4uek]\n- netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages (Daniel Borkmann) [Orabug: 18462076] {CVE-2014-2523}\n- net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH capable (Daniel Borkmann) [Orabug: 18461091] {CVE-2014-0101}", "edition": 4, "modified": "2014-03-27T00:00:00", "published": "2014-03-27T00:00:00", "id": "ELSA-2014-3016", "href": "http://linux.oracle.com/errata/ELSA-2014-3016.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:18", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1737", "CVE-2014-1738"], "description": "kernel-uek\n[3.8.13-35.1.2.el6uek]\n- floppy: don't write kernel-only members to FDRAWCMD ioctl output (Matthew Daley) [Orabug: 19028443] {CVE-2014-1738}\n- floppy: ignore kernel-only members in FDRAWCMD ioctl input (Matthew Daley) [Orabug: 19028436] {CVE-2014-1737}", "edition": 4, "modified": "2014-06-20T00:00:00", "published": "2014-06-20T00:00:00", "id": "ELSA-2014-3041", "href": "http://linux.oracle.com/errata/ELSA-2014-3041.html", "title": "unbreakable enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:51", "bulletinFamily": "software", "cvelist": ["CVE-2014-2523", "CVE-2014-0101"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2173-1\r\nApril 26, 2014\r\n\r\nlinux vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 10.04 LTS\r\n\r\nSummary:\r\n\r\nSeveral security issues were fixed in the kernel.\r\n\r\nSoftware Description:\r\n- linux: Linux kernel\r\n\r\nDetails:\r\n\r\nA flaw was discovered in the Linux kernel's handling of SCTP handshake. A\r\nremote attacker could exploit this flaw to cause a denial of service\r\n(system crash). (CVE-2014-0101)\r\n\r\nAn error was discovered in the Linux kernel's DCCP protocol support. A\r\nremote attacked could exploit this flaw to cause a denial of service\r\n(system crash) or possibly execute arbitrary code. (CVE-2014-2523)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 10.04 LTS:\r\n linux-image-2.6.32-58-386 2.6.32-58.120\r\n linux-image-2.6.32-58-generic 2.6.32-58.120\r\n linux-image-2.6.32-58-generic-pae 2.6.32-58.120\r\n linux-image-2.6.32-58-ia64 2.6.32-58.120\r\n linux-image-2.6.32-58-lpia 2.6.32-58.120\r\n linux-image-2.6.32-58-powerpc 2.6.32-58.120\r\n linux-image-2.6.32-58-powerpc-smp 2.6.32-58.120\r\n linux-image-2.6.32-58-powerpc64-smp 2.6.32-58.120\r\n linux-image-2.6.32-58-preempt 2.6.32-58.120\r\n linux-image-2.6.32-58-server 2.6.32-58.120\r\n linux-image-2.6.32-58-sparc64 2.6.32-58.120\r\n linux-image-2.6.32-58-sparc64-smp 2.6.32-58.120\r\n linux-image-2.6.32-58-versatile 2.6.32-58.120\r\n linux-image-2.6.32-58-virtual 2.6.32-58.120\r\n\r\nAfter a standard system update you need to reboot your computer to make\r\nall the necessary changes.\r\n\r\nATTENTION: Due to an unavoidable ABI change the kernel updates have\r\nbeen given a new version number, which requires you to recompile and\r\nreinstall all third party kernel modules you might have installed. If\r\nyou use linux-restricted-modules, you have to update that package as\r\nwell to get modules which work with the new kernel version. Unless you\r\nmanually uninstalled the standard kernel metapackages (e.g. linux-generic,\r\nlinux-server, linux-powerpc), a standard system upgrade will automatically\r\nperform this as well.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2173-1\r\n CVE-2014-0101, CVE-2014-2523\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/linux/2.6.32-58.120\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "edition": 1, "modified": "2014-05-04T00:00:00", "published": "2014-05-04T00:00:00", "id": "SECURITYVULNS:DOC:30535", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30535", "title": "[USN-2173-1] Linux kernel vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:52", "bulletinFamily": "software", "cvelist": ["CVE-2014-3122", "CVE-2014-1737", "CVE-2014-1738", "CVE-2014-0196", "CVE-2014-2851"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2926-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nMay 12, 2014 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : linux\r\nCVE ID : CVE-2014-0196 CVE-2014-1737 CVE-2014-1738 CVE-2014-2851 \r\n CVE-2014-3122\r\n\r\nSeveral vulnerabilities have been discovered in the Linux kernel that \r\nmay lead to a denial of service, information leaks or privilege \r\nescalation:\r\n\r\nCVE-2014-0196\r\n\r\n Jiri Slaby discovered a race condition in the pty layer, which could\r\n lead to denial of service or privilege escalation.\r\n\r\nCVE-2014-1737 / CVE-2014-1738\r\n\r\n Matthew Daley discovered that missing input sanitising in the\r\n FDRAWCMD ioctl and an information leak could result in privilege\r\n escalation.\r\n\r\nCVE-2014-2851\r\n\r\n Incorrect reference counting in the ping_init_sock() function allows\r\n denial of service or privilege escalation.\r\n\r\nCVE-2014-3122\r\n\r\n Incorrect locking of memory can result in local denial of service.\r\n\r\nFor the stable distribution (wheezy), these problems have been fixed in\r\nversion 3.2.57-3+deb7u1. This update also fixes a regression in the isci\r\ndriver and suspend problems with certain AMD CPUs (introduced in the\r\nupdated kernel from the Wheezy 7.5 point release).\r\n\r\nFor the unstable distribution (sid), these problems will be fixed soon.\r\n\r\nWe recommend that you upgrade your linux packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n\r\n\r\n\r\n\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQIcBAEBAgAGBQJTcO+9AAoJEBDCk7bDfE421QQP/j08SKXHiHXcdZmtcP1ifE9P\r\nfBvddKDd9thLxec1bn4VhFDsDMMESvMGV4S62FaAuet7OU8GpX899ctGeZiR4YM6\r\nEKpd86hwWiChs+PPhyEpae9/gX0ZDGJLToE5PyggOa/anpZ39yHT6rDccl/H9rIc\r\nOgFE7ru8je/I1jdeOlqdJLZ2YicM/xLy1gF6WwZFvfKUXHbeJ9cnz5VZR/R1aJCb\r\nYs/rj2QjKDaXvDuW+l+ybQOL6nqevH1upFL4u+kkiOk78q2UoJdyYSeKGLrtIYBW\r\n3SRnY8xHNAtHrldzDjXdFaTqd880/ter5l9OXo9zcR8wUojAqWbSDW+0TC/5CmRL\r\noWa72DuCoxdulsmZQZydxB0U87pudsI2Ez5wiXVXfPWD7Ykwad+j/AV3EBaUEKwi\r\nhnWt+9IFWgIjnVnDbPbwfUkmzRCa58ewo10alxEq/supTrkAU/5xQbEtejt4MYtq\r\nTGy8b51aWg5VYpEze5HrPBPyl2szdOF+j9OhNF08Rh/RMGbzSi3Qamr/xsG1PhBx\r\n+93FcjfembChbPihpUQp7by/2xtT3Td1TA1Q7o3vgKk/bdcmsI1JMdPs46H+AFpi\r\nxRgd1dxxPpCaTTCgVHkp6uykWhQcW+nI87OEv/Ibxdch+qrlPs4BxxTk9uL0OHGa\r\nmlcOLozLVQLTcPYUAGL6\r\n=AqGQ\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2014-05-15T00:00:00", "published": "2014-05-15T00:00:00", "id": "SECURITYVULNS:DOC:30730", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30730", "title": "[SECURITY] [DSA 2926-1] linux security update", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:52", "bulletinFamily": "software", "cvelist": ["CVE-2014-1737", "CVE-2014-1738"], "description": "\r\n\r\nHi,\r\n\r\nAs this was posted to linux-distros, and was supposed to be made public\r\nearlier this week, but so far wasn't published on oss-sec ...\r\n\r\nReported by Matthew Daley to security@kernel.org.\r\n\r\nThere apparently exists a proof of concept root exploit, that allows\r\nlocal users with access to a floppy device to execute code in the linux\r\nkernel.\r\n\r\n(I think this needs a floppy driver to actually allow access to a floppy\r\n device. My machine only says "floppy0: no floppy controllers found" today.)\r\n\r\nLinux Kernel Mainline commits:\r\n\r\n2145e15e0557a01b9195d1c7199a1b92cb9be81f\r\nAuthor: Matthew Daley <mattd@bugfuzz.com>\r\nDate: Mon Apr 28 19:05:21 2014 +1200\r\n\r\n floppy: don't write kernel-only members to FDRAWCMD ioctl output\r\n\r\n Do not leak kernel-only floppy_raw_cmd structure members to userspace.\r\n This includes the linked-list pointer and the pointer to the allocated\r\n DMA space.\r\n\r\n Signed-off-by: Matthew Daley <mattd@bugfuzz.com>\r\n References: CVE-2014-1738\r\n Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>\r\n\r\ncommit ef87dbe7614341c2e7bfe8d32fcb7028cc97442c\r\nAuthor: Matthew Daley <mattd@bugfuzz.com>\r\nDate: Mon Apr 28 19:05:20 2014 +1200\r\n\r\n floppy: ignore kernel-only members in FDRAWCMD ioctl input\r\n\r\n Always clear out these floppy_raw_cmd struct members after copying the\r\n entire structure from userspace so that the in-kernel version is always\r\n valid and never left in an interdeterminate state.\r\n\r\n Signed-off-by: Matthew Daley <mattd@bugfuzz.com>\r\n References: CVE-2014-1737\r\n Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>\r\n\r\nCiao, Marcus\r\n\r\n", "edition": 1, "modified": "2014-05-10T00:00:00", "published": "2014-05-10T00:00:00", "id": "SECURITYVULNS:DOC:30721", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30721", "title": "[oss-security] Linux kernel floppy ioctl kernel code execution", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4579", "CVE-2013-4587", "CVE-2013-6367", "CVE-2013-6368", "CVE-2013-6376", "CVE-2014-0069", "CVE-2014-1438", "CVE-2014-1446", "CVE-2014-1874"], "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "modified": "2014-02-17T21:05:53", "published": "2014-02-17T21:05:53", "id": "FEDORA:F015721408", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: kernel-3.13.3-201.fc20", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}
