Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.4.2013.0759.1
Kategorie:SuSE Local Security Checks
Titel:SUSE: Security Advisory (SUSE-SU-2013:0759-1)
Zusammenfassung:The remote host is missing an update for the 'Linux kernel' package(s) announced via the SUSE-SU-2013:0759-1 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'Linux kernel' package(s) announced via the SUSE-SU-2013:0759-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise 11 SP2 kernel has been updated to 3.0.74 fix various security issues and bugs:

This update brings some features:

* Updated HD-audio drivers for Nvidia/AMD HDMI and Haswell audio (FATE#314311 FATE#313695)
* Lustre enablement patches were added (FATE#314679).
* SGI UV (Ultraviolet) platform support. (FATE#306952)

Security issues fixed in this update:

* CVE-2013-0349: The hidp_setup_hid function in net/bluetooth/hidp/core.c in the Linux kernel did not properly copy a certain name field, which allowed local users to obtain sensitive information from kernel memory by setting a long name and making an HIDPCONNADD ioctl call.
* CVE-2012-2137: Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the Linux kernel allowed local users to cause a denial of service (crash) and to possibly execute arbitrary code via vectors related to Message Signaled Interrupts (MSI), irq routing entries, and an incorrect check by the setup_routing_entry function before invoking the kvm_set_irq function.
* CVE-2012-6549: The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel did not initialize a certain structure member, which allowed local users to obtain sensitive information from kernel heap memory via a crafted application.
* CVE-2012-6548: The udf_encode_fh function in fs/udf/namei.c in the Linux kernel did not initialize a certain structure member, which allowed local users to obtain sensitive information from kernel heap memory via a crafted application.
* CVE-2013-0160: Timing side channel on attacks were possible on /dev/ptmx that could allow local attackers to predict keypresses like e.g. passwords. This has been fixed by not updating accessed/modified time on the pty devices.
Note that this might break pty idle detection, so it might get reverted again.
* CVE-2013-0216: The Xen netback functionality in the Linux kernel allowed guest OS users to cause a denial of service (loop) by triggering ring pointer corruption.
* CVE-2013-0231: The pciback_enable_msi function in the PCI backend driver
(drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux allowed guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages.
* CVE-2013-0311: The translate_desc function in drivers/vhost/vhost.c in the Linux kernel did not properly handle cross-region descriptors, which allowed guest OS users to obtain host OS privileges by leveraging KVM guest OS privileges.
* CVE-2013-0913: Integer overflow in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel allowed local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted application that triggers many relocation copies, and potentially leads to a race condition.
* CVE-2013-0914: The ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Linux kernel' package(s) on SLE 11, SUSE Linux Enterprise Desktop 11 SP2, SUSE Linux Enterprise High Availability Extension 11 SP2, SUSE Linux Enterprise Server 11 SP2.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2012-2137
BugTraq ID: 54063
http://www.securityfocus.com/bid/54063
HPdes Security Advisory: HPSBGN02970
http://marc.info/?l=bugtraq&m=139447903326211&w=2
http://ubuntu.5.n6.nabble.com/PATCH-Oneiric-CVE-2012-2137-KVM-Fix-buffer-overflow-in-kvm-set-irq-td4990566.html
RedHat Security Advisories: RHSA-2012:0743
http://rhn.redhat.com/errata/RHSA-2012-0743.html
http://secunia.com/advisories/50952
http://secunia.com/advisories/50961
SuSE Security Announcement: openSUSE-SU-2013:0925 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html
http://ubuntu.com/usn/usn-1529-1
http://www.ubuntu.com/usn/USN-1594-1
http://www.ubuntu.com/usn/USN-1606-1
http://ubuntu.com/usn/usn-1607-1
http://www.ubuntu.com/usn/USN-1609-1
Common Vulnerability Exposure (CVE) ID: CVE-2012-6548
http://www.mandriva.com/security/advisories?name=MDVSA-2013:176
http://www.openwall.com/lists/oss-security/2013/03/05/13
RedHat Security Advisories: RHSA-2013:1051
http://rhn.redhat.com/errata/RHSA-2013-1051.html
SuSE Security Announcement: openSUSE-SU-2013:1187 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html
http://www.ubuntu.com/usn/USN-1805-1
http://www.ubuntu.com/usn/USN-1808-1
http://www.ubuntu.com/usn/USN-1809-1
http://www.ubuntu.com/usn/USN-1811-1
http://www.ubuntu.com/usn/USN-1812-1
http://www.ubuntu.com/usn/USN-1813-1
http://www.ubuntu.com/usn/USN-1814-1
Common Vulnerability Exposure (CVE) ID: CVE-2012-6549
http://www.ubuntu.com/usn/USN-1829-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-0160
http://www.openwall.com/lists/oss-security/2013/01/08/3
SuSE Security Announcement: SUSE-SU-2013:0674 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00018.html
SuSE Security Announcement: SUSE-SU-2013:1182 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html
SuSE Security Announcement: openSUSE-SU-2013:0395 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00004.html
http://www.ubuntu.com/usn/USN-2128-1
http://www.ubuntu.com/usn/USN-2129-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-0216
http://www.openwall.com/lists/oss-security/2013/02/05/12
Common Vulnerability Exposure (CVE) ID: CVE-2013-0231
BugTraq ID: 57740
http://www.securityfocus.com/bid/57740
Debian Security Information: DSA-2632 (Google Search)
http://www.debian.org/security/2013/dsa-2632
http://www.openwall.com/lists/oss-security/2013/02/05/9
http://osvdb.org/89903
http://secunia.com/advisories/52059
XForce ISS Database: xen-pcibackenablemsi-dos(81923)
https://exchange.xforce.ibmcloud.com/vulnerabilities/81923
Common Vulnerability Exposure (CVE) ID: CVE-2013-0268
http://www.openwall.com/lists/oss-security/2013/02/07/12
Common Vulnerability Exposure (CVE) ID: CVE-2013-0311
http://www.openwall.com/lists/oss-security/2013/02/20/6
RedHat Security Advisories: RHSA-2013:0496
http://rhn.redhat.com/errata/RHSA-2013-0496.html
RedHat Security Advisories: RHSA-2013:0579
http://rhn.redhat.com/errata/RHSA-2013-0579.html
RedHat Security Advisories: RHSA-2013:0882
http://rhn.redhat.com/errata/RHSA-2013-0882.html
RedHat Security Advisories: RHSA-2013:0928
http://rhn.redhat.com/errata/RHSA-2013-0928.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-0349
http://www.openwall.com/lists/oss-security/2013/02/23/3
RedHat Security Advisories: RHSA-2013:0744
http://rhn.redhat.com/errata/RHSA-2013-0744.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-0913
https://lkml.org/lkml/2013/3/11/501
http://openwall.com/lists/oss-security/2013/03/11/6
http://openwall.com/lists/oss-security/2013/03/13/9
http://openwall.com/lists/oss-security/2013/03/14/22
SuSE Security Announcement: openSUSE-SU-2013:0847 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-0914
http://www.openwall.com/lists/oss-security/2013/03/11/8
SuSE Security Announcement: openSUSE-SU-2013:1971 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html
http://www.ubuntu.com/usn/USN-1787-1
http://www.ubuntu.com/usn/USN-1788-1
http://www.ubuntu.com/usn/USN-1792-1
http://www.ubuntu.com/usn/USN-1793-1
http://www.ubuntu.com/usn/USN-1794-1
http://www.ubuntu.com/usn/USN-1795-1
http://www.ubuntu.com/usn/USN-1796-1
http://www.ubuntu.com/usn/USN-1797-1
http://www.ubuntu.com/usn/USN-1798-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-1767
http://www.openwall.com/lists/oss-security/2013/02/25/23
Common Vulnerability Exposure (CVE) ID: CVE-2013-1772
http://www.openwall.com/lists/oss-security/2013/02/26/9
Common Vulnerability Exposure (CVE) ID: CVE-2013-1774
http://xorl.wordpress.com/2013/05/18/cve-2013-1774-linux-kernel-edgeport-usb-serial-converter-null-pointer-dereference/
http://www.openwall.com/lists/oss-security/2013/02/27/29
SuSE Security Announcement: SUSE-SU-2013:1474 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-1792
http://www.openwall.com/lists/oss-security/2013/03/07/1
SuSE Security Announcement: openSUSE-SU-2014:0204 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-1796
BugTraq ID: 58607
http://www.securityfocus.com/bid/58607
http://www.openwall.com/lists/oss-security/2013/03/20/9
RedHat Security Advisories: RHSA-2013:0727
http://rhn.redhat.com/errata/RHSA-2013-0727.html
RedHat Security Advisories: RHSA-2013:0746
http://rhn.redhat.com/errata/RHSA-2013-0746.html
RedHat Security Advisories: RHSA-2013:1026
http://rhn.redhat.com/errata/RHSA-2013-1026.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-1797
Common Vulnerability Exposure (CVE) ID: CVE-2013-1798
http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-1848
http://www.openwall.com/lists/oss-security/2013/03/20/8
Common Vulnerability Exposure (CVE) ID: CVE-2013-1860
BugTraq ID: 58510
http://www.securityfocus.com/bid/58510
http://www.openwall.com/lists/oss-security/2013/03/15/3
RedHat Security Advisories: RHSA-2014:0328
http://rhn.redhat.com/errata/RHSA-2014-0328.html
RedHat Security Advisories: RHSA-2014:0339
http://rhn.redhat.com/errata/RHSA-2014-0339.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-2634
http://www.openwall.com/lists/oss-security/2013/03/20/1
Common Vulnerability Exposure (CVE) ID: CVE-2013-2635
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.