Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2014.0189.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2014:0189-1)
Summary:The remote host is missing an update for the 'Linux kernel' package(s) announced via the SUSE-SU-2014:0189-1 advisory.
Description:Summary:
The remote host is missing an update for the 'Linux kernel' package(s) announced via the SUSE-SU-2014:0189-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to 3.0.101 and also includes various other bug and security fixes.

A new feature was added:

* supported.conf: marked net/netfilter/xt_set as supported (bnc#851066)(fate#313309)

The following security bugs have been fixed:

*

CVE-2013-4587: Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value.
(bnc#853050)

*

CVE-2013-4592: Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots.
(bnc#851101)

*

CVE-2013-6367: The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash)
via crafted modifications of the TMICT value. (bnc#853051)

*

CVE-2013-6368: The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address.
(bnc#853052)

*

CVE-2013-6376: The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (host OS crash) via a crafted ICR write operation in x2apic mode. (bnc#853053)

*

CVE-2013-4483: The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. (bnc#848321)

*

CVE-2013-4511: Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1)
au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. (bnc#849021)

*

CVE-2013-4514: Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2)
wvlan_set_station_nickname functions. (bnc#849029)

*

CVE-2013-4515: The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Linux kernel' package(s) on SUSE Linux Enterprise Server 11 SP3, SUSE Linux Enterprise High Availability Extension 11 SP3, SUSE Linux Enterprise Desktop 11 SP3, SLE 11

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-2146
http://www.mandriva.com/security/advisories?name=MDVSA-2013:176
http://www.openwall.com/lists/oss-security/2013/06/05/23
RedHat Security Advisories: RHSA-2013:1173
http://rhn.redhat.com/errata/RHSA-2013-1173.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-2930
RedHat Security Advisories: RHSA-2014:0100
http://rhn.redhat.com/errata/RHSA-2014-0100.html
http://www.ubuntu.com/usn/USN-2068-1
http://www.ubuntu.com/usn/USN-2070-1
http://www.ubuntu.com/usn/USN-2071-1
http://www.ubuntu.com/usn/USN-2072-1
http://www.ubuntu.com/usn/USN-2074-1
http://www.ubuntu.com/usn/USN-2075-1
http://www.ubuntu.com/usn/USN-2076-1
http://www.ubuntu.com/usn/USN-2112-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-4345
BugTraq ID: 62740
http://www.securityfocus.com/bid/62740
http://marc.info/?l=linux-crypto-vger&m=137942122902845&w=2
RedHat Security Advisories: RHSA-2013:1449
http://rhn.redhat.com/errata/RHSA-2013-1449.html
RedHat Security Advisories: RHSA-2013:1490
http://rhn.redhat.com/errata/RHSA-2013-1490.html
RedHat Security Advisories: RHSA-2013:1645
http://rhn.redhat.com/errata/RHSA-2013-1645.html
http://www.ubuntu.com/usn/USN-2064-1
http://www.ubuntu.com/usn/USN-2065-1
http://www.ubuntu.com/usn/USN-2109-1
http://www.ubuntu.com/usn/USN-2110-1
http://www.ubuntu.com/usn/USN-2158-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-4483
http://www.openwall.com/lists/oss-security/2013/10/30/4
RedHat Security Advisories: RHSA-2014:0285
http://rhn.redhat.com/errata/RHSA-2014-0285.html
RedHat Security Advisories: RHSA-2015:0284
http://rhn.redhat.com/errata/RHSA-2015-0284.html
SuSE Security Announcement: openSUSE-SU-2014:0247 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-02/msg00045.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-4511
http://www.openwall.com/lists/oss-security/2013/11/04/22
SuSE Security Announcement: openSUSE-SU-2014:0204 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html
SuSE Security Announcement: openSUSE-SU-2014:0205 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00003.html
http://www.ubuntu.com/usn/USN-2036-1
http://www.ubuntu.com/usn/USN-2037-1
http://www.ubuntu.com/usn/USN-2066-1
http://www.ubuntu.com/usn/USN-2067-1
http://www.ubuntu.com/usn/USN-2069-1
http://www.ubuntu.com/usn/USN-2073-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-4514
BugTraq ID: 63509
http://www.securityfocus.com/bid/63509
Common Vulnerability Exposure (CVE) ID: CVE-2013-4515
Common Vulnerability Exposure (CVE) ID: CVE-2013-4587
http://www.openwall.com/lists/oss-security/2013/12/12/12
http://www.ubuntu.com/usn/USN-2113-1
http://www.ubuntu.com/usn/USN-2117-1
http://www.ubuntu.com/usn/USN-2128-1
http://www.ubuntu.com/usn/USN-2129-1
http://www.ubuntu.com/usn/USN-2135-1
http://www.ubuntu.com/usn/USN-2136-1
http://www.ubuntu.com/usn/USN-2138-1
http://www.ubuntu.com/usn/USN-2139-1
http://www.ubuntu.com/usn/USN-2141-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-4592
http://www.openwall.com/lists/oss-security/2013/11/18/3
http://www.ubuntu.com/usn/USN-2111-1
http://www.ubuntu.com/usn/USN-2114-1
http://www.ubuntu.com/usn/USN-2115-1
http://www.ubuntu.com/usn/USN-2116-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-6367
BugTraq ID: 64270
http://www.securityfocus.com/bid/64270
RedHat Security Advisories: RHSA-2013:1801
http://rhn.redhat.com/errata/RHSA-2013-1801.html
RedHat Security Advisories: RHSA-2014:0163
http://rhn.redhat.com/errata/RHSA-2014-0163.html
RedHat Security Advisories: RHSA-2014:0284
http://rhn.redhat.com/errata/RHSA-2014-0284.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-6368
BugTraq ID: 64291
http://www.securityfocus.com/bid/64291
http://www.ubuntu.com/usn/USN-2133-1
http://www.ubuntu.com/usn/USN-2134-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-6376
BugTraq ID: 64319
http://www.securityfocus.com/bid/64319
Common Vulnerability Exposure (CVE) ID: CVE-2013-6378
BugTraq ID: 63886
http://www.securityfocus.com/bid/63886
http://www.openwall.com/lists/oss-security/2013/11/22/5
http://secunia.com/advisories/59262
http://secunia.com/advisories/59309
http://secunia.com/advisories/59406
Common Vulnerability Exposure (CVE) ID: CVE-2013-6380
Common Vulnerability Exposure (CVE) ID: CVE-2013-6383
http://www.ubuntu.com/usn/USN-2107-1
http://www.ubuntu.com/usn/USN-2108-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-6463
Common Vulnerability Exposure (CVE) ID: CVE-2013-7027
BugTraq ID: 64013
http://www.securityfocus.com/bid/64013
http://www.securitytracker.com/id/1029413
http://secunia.com/advisories/55606
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.