Test ID:	1.3.6.1.4.1.25623.1.0.871184
Category:	Red Hat Local Security Checks
Title:	RedHat Update for kernel RHSA-2014:0678-02
Summary:	The remote host is missing an update for the 'kernel'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'kernel' package(s) announced via the referenced advisory. Vulnerability Insight: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A race condition flaw, leading to heap-based buffer overflows, was found in the way the Linux kernel's N_TTY line discipline (LDISC) implementation handled concurrent processing of echo output and TTY write operations originating from user space when the underlying TTY driver was PTY. An unprivileged, local user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-0196, Important) All kernel users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect. Affected Software/OS: kernel on Red Hat Enterprise Linux Server (v. 7) Solution: Please Install the Updated Packages. CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0196 106646 http://www.osvdb.org/106646 33516 http://www.exploit-db.com/exploits/33516 59218 http://secunia.com/advisories/59218 59262 http://secunia.com/advisories/59262 59599 http://secunia.com/advisories/59599 DSA-2926 http://www.debian.org/security/2014/dsa-2926 DSA-2928 http://www.debian.org/security/2014/dsa-2928 RHSA-2014:0512 http://rhn.redhat.com/errata/RHSA-2014-0512.html SUSE-SU-2014:0667 http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html SUSE-SU-2014:0683 http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html USN-2196-1 http://www.ubuntu.com/usn/USN-2196-1 USN-2197-1 http://www.ubuntu.com/usn/USN-2197-1 USN-2198-1 http://www.ubuntu.com/usn/USN-2198-1 USN-2199-1 http://www.ubuntu.com/usn/USN-2199-1 USN-2200-1 http://www.ubuntu.com/usn/USN-2200-1 USN-2201-1 http://www.ubuntu.com/usn/USN-2201-1 USN-2202-1 http://www.ubuntu.com/usn/USN-2202-1 USN-2203-1 http://www.ubuntu.com/usn/USN-2203-1 USN-2204-1 http://www.ubuntu.com/usn/USN-2204-1 [oss-security] 20140429 CVE-2014-0196: Linux kernel pty layer race condition memory corruption http://www.openwall.com/lists/oss-security/2014/05/05/6 http://bugzilla.novell.com/show_bug.cgi?id=875690 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4291086b1f081b869c6d79e5b7441633dc3ace00 http://linux.oracle.com/errata/ELSA-2014-0771.html http://pastebin.com/raw.php?i=yTSFUBgZ http://source.android.com/security/bulletin/2016-07-01.html http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15319.html https://bugzilla.redhat.com/show_bug.cgi?id=1094232 https://github.com/torvalds/linux/commit/4291086b1f081b869c6d79e5b7441633dc3ace00
Copyright	Copyright (C) 2014 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.