Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2014.0696.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2014:0696-1)
Summary:The remote host is missing an update for the 'Linux kernel' package(s) announced via the SUSE-SU-2014:0696-1 advisory.
Description:Summary:
The remote host is missing an update for the 'Linux kernel' package(s) announced via the SUSE-SU-2014:0696-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise Server 11 SP2 LTSS kernel received a roll-up update to fix security and non-security issues.

The following security bugs have been fixed:

*

CVE-2013-4470: The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c. (bnc#847672)

*

CVE-2013-4579: The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote attackers to discover the original MAC address after spoofing by sending a series of packets to MAC addresses with certain bit manipulations. (bnc#851426)

*

CVE-2013-6382: Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service (memory corruption) or possibly have unspecified
other impact by leveraging the CAP_SYS_ADMIN capability for a (1)
XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted length value, related to the xfs_attrlist_by_handle function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle function in fs/xfs/xfs_ioctl32.c. (bnc#852553)

*

CVE-2013-6885: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue.
(bnc#852967)

*

CVE-2013-7263: The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c,
net/ipv6/raw.c, and net/ipv6/udp.c. (bnc#857643)

*

CVE-2013-7264: The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
(bnc#857643)

*

CVE-2013-7265: The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Linux kernel' package(s) on SUSE Linux Enterprise Server 11 SP2, SLE 11

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-4470
BugTraq ID: 63359
http://www.securityfocus.com/bid/63359
http://www.openwall.com/lists/oss-security/2013/10/25/5
RedHat Security Advisories: RHSA-2013:1801
http://rhn.redhat.com/errata/RHSA-2013-1801.html
RedHat Security Advisories: RHSA-2014:0100
http://rhn.redhat.com/errata/RHSA-2014-0100.html
RedHat Security Advisories: RHSA-2014:0284
http://rhn.redhat.com/errata/RHSA-2014-0284.html
SuSE Security Announcement: SUSE-SU-2014:0459 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00026.html
http://www.ubuntu.com/usn/USN-2040-1
http://www.ubuntu.com/usn/USN-2042-1
http://www.ubuntu.com/usn/USN-2043-1
http://www.ubuntu.com/usn/USN-2044-1
http://www.ubuntu.com/usn/USN-2046-1
http://www.ubuntu.com/usn/USN-2049-1
http://www.ubuntu.com/usn/USN-2050-1
http://www.ubuntu.com/usn/USN-2066-1
http://www.ubuntu.com/usn/USN-2067-1
http://www.ubuntu.com/usn/USN-2069-1
http://www.ubuntu.com/usn/USN-2073-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-4579
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729573
http://www.mathyvanhoef.com/2013/11/unmasking-spoofed-mac-address.html
https://lists.ath9k.org/pipermail/ath9k-devel/2013-November/012215.html
http://www.openwall.com/lists/oss-security/2013/11/15/3
http://www.ubuntu.com/usn/USN-2113-1
http://www.ubuntu.com/usn/USN-2117-1
http://www.ubuntu.com/usn/USN-2133-1
http://www.ubuntu.com/usn/USN-2134-1
http://www.ubuntu.com/usn/USN-2135-1
http://www.ubuntu.com/usn/USN-2136-1
http://www.ubuntu.com/usn/USN-2138-1
http://www.ubuntu.com/usn/USN-2139-1
http://www.ubuntu.com/usn/USN-2141-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-6382
BugTraq ID: 63889
http://www.securityfocus.com/bid/63889
http://www.openwall.com/lists/oss-security/2013/11/22/5
http://www.spinics.net/lists/xfs/msg23343.html
http://www.ubuntu.com/usn/USN-2109-1
http://www.ubuntu.com/usn/USN-2110-1
http://www.ubuntu.com/usn/USN-2128-1
http://www.ubuntu.com/usn/USN-2129-1
http://www.ubuntu.com/usn/USN-2158-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-6885
BugTraq ID: 63983
http://www.securityfocus.com/bid/63983
Debian Security Information: DSA-3128 (Google Search)
http://www.debian.org/security/2015/dsa-3128
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123553.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124199.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124195.html
http://security.gentoo.org/glsa/glsa-201407-03.xml
http://www.zdnet.com/blog/hardware/amd-owns-up-to-cpu-bug/18924
http://lists.dragonflybsd.org/pipermail/kernel/2011-December/046594.html
http://openwall.com/lists/oss-security/2013/11/28/1
http://www.openwall.com/lists/oss-security/2013/12/02/1
RedHat Security Advisories: RHSA-2014:0285
http://rhn.redhat.com/errata/RHSA-2014-0285.html
http://www.securitytracker.com/id/1029415
http://secunia.com/advisories/55840
SuSE Security Announcement: SUSE-SU-2014:0372 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html
SuSE Security Announcement: SUSE-SU-2014:0373 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html
SuSE Security Announcement: SUSE-SU-2014:0411 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html
SuSE Security Announcement: SUSE-SU-2014:0446 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
SuSE Security Announcement: SUSE-SU-2014:0470 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html
XForce ISS Database: xen-cve20136885-dos(89335)
https://exchange.xforce.ibmcloud.com/vulnerabilities/89335
Common Vulnerability Exposure (CVE) ID: CVE-2013-7263
http://www.openwall.com/lists/oss-security/2013/11/28/13
http://seclists.org/oss-sec/2014/q1/29
RedHat Security Advisories: RHSA-2014:0159
http://rhn.redhat.com/errata/RHSA-2014-0159.html
http://secunia.com/advisories/55882
http://secunia.com/advisories/56036
SuSE Security Announcement: SUSE-SU-2015:0481 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html
SuSE Security Announcement: SUSE-SU-2015:0652 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html
SuSE Security Announcement: SUSE-SU-2015:0736 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html
SuSE Security Announcement: openSUSE-SU-2015:0566 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html
http://www.ubuntu.com/usn/USN-2107-1
http://www.ubuntu.com/usn/USN-2108-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-7264
Common Vulnerability Exposure (CVE) ID: CVE-2013-7265
Common Vulnerability Exposure (CVE) ID: CVE-2013-7339
BugTraq ID: 66351
http://www.securityfocus.com/bid/66351
http://www.openwall.com/lists/oss-security/2014/03/20/14
http://secunia.com/advisories/59386
Common Vulnerability Exposure (CVE) ID: CVE-2014-0069
BugTraq ID: 65588
http://www.securityfocus.com/bid/65588
http://article.gmane.org/gmane.linux.kernel.cifs/9401
http://www.openwall.com/lists/oss-security/2014/02/17/4
RedHat Security Advisories: RHSA-2014:0328
http://rhn.redhat.com/errata/RHSA-2014-0328.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-0101
BugTraq ID: 65943
http://www.securityfocus.com/bid/65943
http://www.openwall.com/lists/oss-security/2014/03/04/6
RedHat Security Advisories: RHSA-2014:0419
http://rhn.redhat.com/errata/RHSA-2014-0419.html
RedHat Security Advisories: RHSA-2014:0432
http://rhn.redhat.com/errata/RHSA-2014-0432.html
http://secunia.com/advisories/59216
http://www.ubuntu.com/usn/USN-2173-1
http://www.ubuntu.com/usn/USN-2174-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-0196
Debian Security Information: DSA-2926 (Google Search)
http://www.debian.org/security/2014/dsa-2926
Debian Security Information: DSA-2928 (Google Search)
http://www.debian.org/security/2014/dsa-2928
http://www.exploit-db.com/exploits/33516
http://pastebin.com/raw.php?i=yTSFUBgZ
http://www.openwall.com/lists/oss-security/2014/05/05/6
http://www.osvdb.org/106646
RedHat Security Advisories: RHSA-2014:0512
http://rhn.redhat.com/errata/RHSA-2014-0512.html
http://secunia.com/advisories/59218
http://secunia.com/advisories/59262
http://secunia.com/advisories/59599
SuSE Security Announcement: SUSE-SU-2014:0667 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html
SuSE Security Announcement: SUSE-SU-2014:0683 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html
http://www.ubuntu.com/usn/USN-2196-1
http://www.ubuntu.com/usn/USN-2197-1
http://www.ubuntu.com/usn/USN-2198-1
http://www.ubuntu.com/usn/USN-2199-1
http://www.ubuntu.com/usn/USN-2200-1
http://www.ubuntu.com/usn/USN-2201-1
http://www.ubuntu.com/usn/USN-2202-1
http://www.ubuntu.com/usn/USN-2203-1
http://www.ubuntu.com/usn/USN-2204-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-1444
BugTraq ID: 64952
http://www.securityfocus.com/bid/64952
http://www.openwall.com/lists/oss-security/2014/01/15/3
XForce ISS Database: linux-kernel-cve20141444-info-disc(90443)
https://exchange.xforce.ibmcloud.com/vulnerabilities/90443
Common Vulnerability Exposure (CVE) ID: CVE-2014-1445
BugTraq ID: 64953
http://www.securityfocus.com/bid/64953
XForce ISS Database: linux-kernel-cve20141445-info-disc(90444)
https://exchange.xforce.ibmcloud.com/vulnerabilities/90444
Common Vulnerability Exposure (CVE) ID: CVE-2014-1446
BugTraq ID: 64954
http://www.securityfocus.com/bid/64954
http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126874.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126858.html
http://www.mandriva.com/security/advisories?name=MDVSA-2014:038
XForce ISS Database: linux-kernel-cve20141446-info-disc(90445)
https://exchange.xforce.ibmcloud.com/vulnerabilities/90445
Common Vulnerability Exposure (CVE) ID: CVE-2014-1737
BugTraq ID: 67300
http://www.securityfocus.com/bid/67300
http://www.openwall.com/lists/oss-security/2014/05/09/2
RedHat Security Advisories: RHSA-2014:0800
http://rhn.redhat.com/errata/RHSA-2014-0800.html
RedHat Security Advisories: RHSA-2014:0801
http://rhn.redhat.com/errata/RHSA-2014-0801.html
http://www.securitytracker.com/id/1030474
http://secunia.com/advisories/59309
http://secunia.com/advisories/59406
Common Vulnerability Exposure (CVE) ID: CVE-2014-1738
BugTraq ID: 67302
http://www.securityfocus.com/bid/67302
Common Vulnerability Exposure (CVE) ID: CVE-2014-1874
BugTraq ID: 65459
http://www.securityfocus.com/bid/65459
http://www.openwall.com/lists/oss-security/2014/02/07/2
SuSE Security Announcement: SUSE-SU-2015:0812 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
http://www.ubuntu.com/usn/USN-2137-1
http://www.ubuntu.com/usn/USN-2140-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-2039
BugTraq ID: 65700
http://www.securityfocus.com/bid/65700
http://www.openwall.com/lists/oss-security/2014/02/20/14
Common Vulnerability Exposure (CVE) ID: CVE-2014-2523
BugTraq ID: 66279
http://www.securityfocus.com/bid/66279
http://twitter.com/grsecurity/statuses/445496197399461888
http://www.openwall.com/lists/oss-security/2014/03/17/7
http://www.securitytracker.com/id/1029945
http://secunia.com/advisories/57446
XForce ISS Database: linux-kernel-cve20142523-code-exec(91910)
https://exchange.xforce.ibmcloud.com/vulnerabilities/91910
Common Vulnerability Exposure (CVE) ID: CVE-2014-2678
BugTraq ID: 66543
http://www.securityfocus.com/bid/66543
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131276.html
https://lkml.org/lkml/2014/3/29/188
http://www.openwall.com/lists/oss-security/2014/03/31/10
http://secunia.com/advisories/60130
http://secunia.com/advisories/60471
Common Vulnerability Exposure (CVE) ID: CVE-2014-3122
BugTraq ID: 67162
http://www.securityfocus.com/bid/67162
http://www.openwall.com/lists/oss-security/2014/05/01/7
http://www.ubuntu.com/usn/USN-2240-1
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.