openSUSE Security Update : kernel modules (openSUSE-2018-551) (Spectre)

This update provides rebuilt kernel modules for openSUSE Leap 42.3 with retpoline enablement to address Spectre Variant 2 CVE-2017-5715 bsc1068032. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security...

SUSE-SU-2018:1503-1 Security update for oracleasm kmp

This update provides rebuilt kernel modules for SUSE Linux Enterprise 12 SP3 products with retpoline enablement to address Spectre Variant 2 CVE-2017-5715 bsc1068032. Following modules have been rebuilt: - drbd - oracleasm - crash - lttng-modules...

SUSE-SU-2018:1486-1 Security update for HA kernel modules

This update provides rebuilds of HA kernel modules with retpoline support to mitigate Spectre Variant 2 CVE-2017-5715 bsc1068032 cluster fs also received these bugfixes: - backport patch to fix dlmglue false deadlock bnc962257 - Fix for online increase of filesystem in kernel mode fails bsc936517...

SUSE-SU-2018:1465-1 Security update for HA kernel modules

This update provides rebuilds of HA kernel modules with retpoline support to mitigate Spectre Variant 2 CVE-2017-5715 bsc1068032 Also fixed a problem in ocfs2: - backport patch to fix dlmglue false deadlock bsc962257...

Debian DLA-1349-1 : linux-tools security update

This update doesn't fix a vulnerability in linux-tools, but provides support for building Linux kernel modules with the 'retpoline' mitigation for CVE-2017-5715 Spectre variant 2. This update also includes bug fixes from the upstream Linux 3.2 stable branch up to and including 3.2.101. For Debian...

Virtuozzo 6 : libvzctl / parallels-kernel-modules / etc (VZA-2017-005)

According to the versions of the libvzctl / parallels-kernel-modules / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - A flaw found in the way prl-vzvncserver parsed terminal escape sequences that could allow a remote attacker...

CVE-2014-9645

The addprobe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / slash character in a module name, as demonstrated by an "ifconfig /usbserial up" command or a "mount -t /sndpcm none /" command...

Command injection

The addprobe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / slash character in a module name, as demonstrated by an "ifconfig /usbserial up" command or a "mount -t /sndpcm none /" command...

CVE-2014-9645

The addprobe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / slash character in a module name, as demonstrated by an "ifconfig /usbserial up" command or a "mount -t /sndpcm none /" command...

CVE-2014-9645

The addprobe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / slash character in a module name, as demonstrated by an "ifconfig /usbserial up" command or a "mount -t /sndpcm none /" command...

CVE-2014-9645

The addprobe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / slash character in a module name, as demonstrated by an "ifconfig /usbserial up" command or a "mount -t /sndpcm none /" command...

UBUNTU-CVE-2014-9645

The addprobe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / slash character in a module name, as demonstrated by an "ifconfig /usbserial up" command or a "mount -t /sndpcm none /" command...

Ubuntu: Security Advisory (USN-3182-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 LTS : NTFS-3G vulnerability (USN-3182-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3182-1 advisory. Jann Horn discovered that NTFS-3G incorrectly filtered environment variables when using the modprobe utility. A local attacker could possibly use this issue to lo...

USN-3182-1 ntfs-3g vulnerability

Jann Horn discovered that NTFS-3G incorrectly filtered environment variables when using the modprobe utility. A local attacker could possibly use this issue to load arbitrary kernel modules...

USN-3182-1: NTFS-3G vulnerability

Jann Horn discovered that NTFS-3G incorrectly filtered environment variables when using the modprobe utility. A local attacker could possibly use this issue to load arbitrary kernel modules...

openSUSE Security Update : virtualbox (openSUSE-2016-1226)

This update for virtualbox fixes the following issues : - Address CVE-2016-5501, CVE-2016-5538, CVE-2016-5605, CVE-2016-5608, CVE-2016-5610, CVE-2016-5611, CVE-2016-5613 boo1005621. - Reduce memory needs during build. - Version bump to 5.0.28 released 2016-10-18 by Oracle This is a maintenance...

PCILeech - Direct Memory Access (DMA) Attack Software

The PCILeech use the USB3380 chip in order to read from and write to the memory of a target system. This is achieved by using DMA over PCI Express. No drivers are needed on the target system. The USB3380 is only able to read 4GB of memory natively, but is able to read all memory if a kernel modul...

Fedora 22 : xen (2016-8fd9019541)

in systemd only try to load kernel modules that are in Fedora 1291089 x86 software guest page walk PS bit handling flaw XSA-176, CVE-2016-4480 1332657 ---- create link to /usr/bin/qemu-system-i386 from /usr/lib/xen/bin for back compatibility and for virt-manager, cleaner fix for XSA-179 on...

Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3018-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3018-1 advisory. Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility...