openSUSE Security Update : virtualbox (openSUSE-2016-1226)

This update for virtualbox fixes the following issues : - Address CVE-2016-5501, CVE-2016-5538, CVE-2016-5605, CVE-2016-5608, CVE-2016-5610, CVE-2016-5611, CVE-2016-5613 boo1005621. - Reduce memory needs during build. - Version bump to 5.0.28 released 2016-10-18 by Oracle This is a maintenance...

PCILeech - Direct Memory Access (DMA) Attack Software

The PCILeech use the USB3380 chip in order to read from and write to the memory of a target system. This is achieved by using DMA over PCI Express. No drivers are needed on the target system. The USB3380 is only able to read 4GB of memory natively, but is able to read all memory if a kernel modul...

Fedora 22 : xen (2016-8fd9019541)

in systemd only try to load kernel modules that are in Fedora 1291089 x86 software guest page walk PS bit handling flaw XSA-176, CVE-2016-4480 1332657 ---- create link to /usr/bin/qemu-system-i386 from /usr/lib/xen/bin for back compatibility and for virt-manager, cleaner fix for XSA-179 on...

Vulnerabilities in the Debian GNU/Linux operating system that allow a local malicious individual to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the kernel-pcmcia-modules-2.4.18-1-686 package of the Debian GNU/Linux operating system may lead to breaches of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited by malicious individuals locally...

Vulnerabilities in the Debian GNU/Linux operating system that allow a local malicious individual to compromise the confidentiality, integrity, and accessibility of protected information

The kernel-pcmcia-modules-2.4.18-1-k7 package in the Debian GNU/Linux operating system has multiple vulnerabilities. Exploitation of these vulnerabilities may lead to violations of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited by...

Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3018-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3018-1 advisory. Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2016-3502)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-3502 advisory. - KEYS: Don't permit requestkey to construct a new keyring David Howells Orabug: 22373449 CVE-2015-7872 - crypto: add missing crypto module aliases...

openSUSE Security Update : dracut (openSUSE-2015-846)

This update for dracut fixes the following issues : - Skip ibft setup via dhcp if dhcp ip is 0.0.0.0 boo953361 Added 0312-iscsi-skip-ibft-invalid-dhcp.patch - Modify 0169-enabled-warning-for-failed-kernel-modules-per-defau l.patch - Add notice boo952491 - Refresh patches with line offsets: M...

RHEL 7 : kernel (RHSA-2015:2152)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:2152 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's file...

SUSE-SU-2015:1545-1 Security update for conntrack-tools

Fix a possible crash if conntrackd sees DCCP, SCTP and ICMPv6 traffic and the corresponding kernel modules that track this traffic are not available. bsc942149, CVE-2015-6496...

CVE-2015-6496

conntrackd in conntrack-tools 1.4.2 and earlier does not ensure that the optional kernel modules are loaded before using them, which allows remote attackers to cause a denial of service crash via a 1 DCCP, 2 SCTP, or 3 ICMPv6 packet...

Code injection

conntrackd in conntrack-tools 1.4.2 and earlier does not ensure that the optional kernel modules are loaded before using them, which allows remote attackers to cause a denial of service crash via a 1 DCCP, 2 SCTP, or 3 ICMPv6 packet...

CVE-2015-6496

CVE-2015-6496 affects conntrackd in conntrack-tools 1.4.2 and earlier, where optional kernel modules may not be loaded before use. This can crash the daemon (denial of service) when processing DCCP, SCTP, or ICMPv6 traffic. Public advisories and vendor updates document the fix in newer packages (...

Android 'Serialization' Vulnerability Affects 55 Percent of Devices

Google has patched a severe Android vulnerability that researchers at IBM said impacts more than 55 percent of devices. As with most Android vulnerabilities, users are reliant on handset makers and carriers to push patches downstream to devices, something they’ve not always been diligent about. I...

Vulnerabilities of the Debian GNU/Linux operating system that allow a remote attacker to compromise the accessibility of protected information

The multiple vulnerabilities in the kernel-pcmcia-modules-2.4.27-3-686-smp package of the Debian GNU/Linux operating system may lead to a violation of the accessibility of protected information. These vulnerabilities can be exploited remotely...

GLSA-201503-13 : BusyBox: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201503-13 BusyBox: Multiple vulnerabilities Multiple vulnerabilities have been discovered in BusyBox. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker can load kernel modules...

Scientific Linux Security Update : kernel on SL7.x x86_64 (20150305)

A flaw was found in the way the Linux kernel's XFS file system handled replacing of remote attributes under certain conditions. A local user with access to XFS file system mount could potentially use this flaw to escalate their privileges on the system. CVE-2015-0274, Important It was found that...

Ubuntu: Security Advisory (USN-2546-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mandriva Linux Security Advisory : kernel (MDVSA-2015:057)

Multiple vulnerabilities has been found and corrected in the Linux kernel : The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AFALG socket with a parenthesized module template expression in the salgname field, as...

CVE-2014-9644

The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AFALG socket with a parenthesized module template expression in the salgname field, as demonstrated by the vfataes expression, a different vulnerability than...