Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.850491
Kategorie:SuSE Local Security Checks
Titel:openSUSE: Security Advisory for kernel (openSUSE-SU-2013:1042-1)
Zusammenfassung:The remote host is missing an update for the 'kernel'; package(s) announced via the referenced advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'kernel'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The openSUSE 12.2 kernel was updated to fix security issue
and other bugs.

Security issues fixed: CVE-2013-2850: Incorrect strncpy
usage in the network listening part of the iscsi target
driver could have been used by remote attackers to crash
the kernel or execute code.

This required the iscsi target running on the machine and
the attacker able to make a network connection to it (aka
not filtered by firewalls).

CVE-2013-2094: The perf_swevent_init function in
kernel/events/core.c in the Linux kernel used an incorrect
integer data type, which allowed local users to gain
privileges via a crafted perf_event_open system call.

CVE-2013-0290: The __skb_recv_datagram function in
net/core/datagram.c in the Linux kernel did not properly
handle the MSG_PEEK flag with zero-length data, which
allowed local users to cause a denial of service (infinite
loop and system hang) via a crafted application.

Bugs fixed:

- reiserfs: fix spurious multiple-fill in
reiserfs_readdir_dentry (bnc#822722).

- reiserfs: fix problems with chowning setuid file w/
xattrs (bnc#790920).

- qlge: fix dma map leak when the last chunk is not
allocated (bnc#819519).

- Update config files: disable UCB1400 on all but ARM
Currently UCB1400 is only used on ARM OMAP systems, and
part of the code is dead code that can't even be
modularized.

- CONFIG_UCB1400_CORE=n

- CONFIG_TOUCHSCREEN_UCB1400=n

- CONFIG_GPIO_UCB1400=n

- mm/mmap: check for RLIMIT_AS before unmapping
(bnc#818327).

- unix/stream: fix peeking with an offset larger than data
in queue (bnc#803931 CVE-2013-0290).

- unix/dgram: fix peeking with an offset larger than data
in queue (bnc#803931 CVE-2013-0290).

- unix/dgram: peek beyond 0-sized skbs (bnc#803931
CVE-2013-0290).

Affected Software/OS:
kernel on openSUSE 12.2

Solution:
Please install the updated package(s).

CVSS Score:
7.9

CVSS Vector:
AV:A/AC:M/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2013-0290
http://www.mandriva.com/security/advisories?name=MDVSA-2013:176
http://www.openwall.com/lists/oss-security/2013/02/15/2
SuSE Security Announcement: openSUSE-SU-2013:0951 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00009.html
SuSE Security Announcement: openSUSE-SU-2013:1042 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00017.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-2094
http://www.exploit-db.com/exploits/33589
http://news.ycombinator.com/item?id=5703758
http://packetstormsecurity.com/files/121616/semtex.c
http://twitter.com/djrbliss/statuses/334301992648331267
http://www.reddit.com/r/netsec/comments/1eb9iw
http://lists.centos.org/pipermail/centos-announce/2013-May/019729.html
http://lists.centos.org/pipermail/centos-announce/2013-May/019733.html
http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03976.html
http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03652.html
http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/04302.html
http://www.openwall.com/lists/oss-security/2013/05/14/6
http://www.osvdb.org/93361
RedHat Security Advisories: RHSA-2013:0830
http://rhn.redhat.com/errata/RHSA-2013-0830.html
SuSE Security Announcement: SUSE-SU-2013:0819 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00008.html
SuSE Security Announcement: openSUSE-SU-2013:0847 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html
SuSE Security Announcement: openSUSE-SU-2013:0925 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html
http://www.ubuntu.com/usn/USN-1825-1
http://www.ubuntu.com/usn/USN-1826-1
http://www.ubuntu.com/usn/USN-1827-1
http://www.ubuntu.com/usn/USN-1828-1
http://www.ubuntu.com/usn/USN-1836-1
http://www.ubuntu.com/usn/USN-1838-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-2850
http://www.openwall.com/lists/oss-security/2013/06/01/2
SuSE Security Announcement: SUSE-SU-2013:0845 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00017.html
SuSE Security Announcement: openSUSE-SU-2013:1005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00011.html
SuSE Security Announcement: openSUSE-SU-2013:1043 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00018.html
http://www.ubuntu.com/usn/USN-1844-1
http://www.ubuntu.com/usn/USN-1845-1
http://www.ubuntu.com/usn/USN-1846-1
http://www.ubuntu.com/usn/USN-1847-1
CopyrightCopyright (C) 2013 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.