385 matches found
RHEL 5 : kernel (RHSA-2015:0783)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:0783 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's Infiniband...
Important: Red Hat Security Advisory: kernel security and bug fix update
Updated kernel packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
kernel: net: sctp: remote memory pressure from excessive queueing
A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service...
Ubuntu 14.04 LTS : Linux kernel (Utopic HWE) regression (USN-2447-2)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-2447-2 advisory. USN-2447-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression TCP Throughput drops to zero for several drivers after upgrading. This update...
[USN-2441-1] Linux kernel vulnerabilities
========================================================================== Ubuntu Security Notice USN-2441-1 December 12, 2014 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
USN-2447-2: Linux kernel (Utopic HWE) regression
USN-2447-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression TCP Throughput drops to zero for several drivers after upgrading. This update fixes the problem. We apologize for the inconvenience. Original advisory details: An information leak in the Linux kernel was discover...
USN-2448-2: Linux kernel regression
USN-2448-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression TCP Throughput drops to zero for several drivers after upgrading. This update fixes the problem. We apologize for the inconvenience. Original advisory details: An information leak in the Linux kernel was discover...
Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-2446-1)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2446-1 advisory. Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment SS register in the x86 architecture. A...
USN-2447-1: Linux kernel (Utopic HWE) vulnerabilities
Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment SS register in the x86 architecture. A local attacker could exploit this flaw to gain administrative privileges. CVE-2014-9322 An information leak in the Linux kernel was discovered...
USN-2445-1: Linux kernel (Trusty HWE) vulnerabilities
Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment SS register in the x86 architecture. A local attacker could exploit this flaw to gain administrative privileges. CVE-2014-9322 An information leak in the Linux kernel was discovered...
USN-2442-1: Linux kernel (EC2) vulnerabilities
An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine KVM paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the...
USN-2441-1: Linux kernel vulnerabilities
An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine KVM paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the...
Ubuntu 12.04 LTS : linux vulnerabilities (USN-2417-1)
Nadav Amit reported that the KVM Kernel Virtual Machine mishandles noncanonical addresses when emulating instructions that change the rip Instruction Pointer. A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service system crash of the guest. CVE-2014-3647 A flaw...
Debian Security Advisory DSA 3060-1 (linux - security update)
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service: CVE-2014-3610 Lars Bull of Google and Nadav Amit reported a flaw in how KVM handles noncanonical writes to certain MSR registers. A privileged guest user can exploit this flaw to cause a denial ...
DSA-3060-1 linux - security update
Bulletin has no description...
Oracle Linux 5 : kernel (ELSA-2014-1143)
The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2014-1143 advisory. - audit auditsc: auditkrule mask accesses need bounds checking Denys Vlasenko 1102702 1102703 CVE-2014-3917 Tenable has extracted the preceding description bloc...
Moderate: Red Hat Security Advisory: kernel security and bug fix update
Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...
VUPEN Security Research - Mozilla Firefox "BumpChunk" Object Processing Use-after-free (Pwn2Own)
VUPEN Security Research - Mozilla Firefox "BumpChunk" Object Processing Use-after-free Pwn2Own Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Mozilla Firefox is a free and open-source web browser developed for Windows, OS X, and Linux, with ...
Ubuntu 12.04 LTS / 12.10 / 13.10 : thunderbird vulnerabilities (USN-2151-1)
Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman, Dan Gohman and Christoph Diehl discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause...
Use-after-free in TypeObject — Mozilla
Security research firm VUPEN, via TippingPoint's Pwn2Own contest, reported that memory pressure during Garbage Collection could lead to memory corruption of TypeObjects in the JS engine, resulting in an exploitable use-after-free condition...