Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2014.0807.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2014:0807-1)
Summary:The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2014:0807-1 advisory.
Description:Summary:
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2014:0807-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise Server 11 SP1 LTSS kernel received a roll-up update to fix security and non-security issues.

The following security issues have been fixed:

*

CVE-2014-3153: The futex acquisition code in kernel/futex.c can be used to gain ring0 access via the futex syscall. This could be used for privilege escalation for non root users. (bnc#880892)

*

CVE-2012-6647: The futex_wait_requeue_pi function in kernel/futex.c in the Linux kernel before 3.5.1 does not ensure that calls have two different futex addresses, which allows local users to cause a denial
of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted FUTEX_WAIT_REQUEUE_PI command.
(bnc#878289)

*

CVE-2013-6382: Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service (memory corruption) or possibly have unspecified
other impact by leveraging the CAP_SYS_ADMIN capability for a (1)
XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted length value, related to the xfs_attrlist_by_handle function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle function in fs/xfs/xfs_ioctl32.c. (bnc#852553)

*

CVE-2013-6885: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue.
(bnc#852967)

*

CVE-2013-7263: The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c,
net/ipv6/raw.c, and net/ipv6/udp.c. (bnc#857643)

*

CVE-2013-7264: The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
(bnc#857643)

*

CVE-2013-7265: The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
(bnc#857643)

*

CVE-2013-7339: The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel before 3.12.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have uns... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Linux Kernel' package(s) on SUSE Linux Enterprise Server 11 SP1, SLE 11

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-6647
http://www.openwall.com/lists/oss-security/2014/05/14/9
Common Vulnerability Exposure (CVE) ID: CVE-2013-6382
BugTraq ID: 63889
http://www.securityfocus.com/bid/63889
http://www.openwall.com/lists/oss-security/2013/11/22/5
http://www.spinics.net/lists/xfs/msg23343.html
http://www.ubuntu.com/usn/USN-2109-1
http://www.ubuntu.com/usn/USN-2110-1
http://www.ubuntu.com/usn/USN-2113-1
http://www.ubuntu.com/usn/USN-2117-1
http://www.ubuntu.com/usn/USN-2128-1
http://www.ubuntu.com/usn/USN-2129-1
http://www.ubuntu.com/usn/USN-2135-1
http://www.ubuntu.com/usn/USN-2138-1
http://www.ubuntu.com/usn/USN-2139-1
http://www.ubuntu.com/usn/USN-2141-1
http://www.ubuntu.com/usn/USN-2158-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-6885
BugTraq ID: 63983
http://www.securityfocus.com/bid/63983
Debian Security Information: DSA-3128 (Google Search)
http://www.debian.org/security/2015/dsa-3128
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123553.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124199.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124195.html
http://security.gentoo.org/glsa/glsa-201407-03.xml
http://www.zdnet.com/blog/hardware/amd-owns-up-to-cpu-bug/18924
http://lists.dragonflybsd.org/pipermail/kernel/2011-December/046594.html
http://openwall.com/lists/oss-security/2013/11/28/1
http://www.openwall.com/lists/oss-security/2013/12/02/1
RedHat Security Advisories: RHSA-2014:0285
http://rhn.redhat.com/errata/RHSA-2014-0285.html
http://www.securitytracker.com/id/1029415
http://secunia.com/advisories/55840
SuSE Security Announcement: SUSE-SU-2014:0372 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html
SuSE Security Announcement: SUSE-SU-2014:0373 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html
SuSE Security Announcement: SUSE-SU-2014:0411 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html
SuSE Security Announcement: SUSE-SU-2014:0446 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
SuSE Security Announcement: SUSE-SU-2014:0459 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00026.html
SuSE Security Announcement: SUSE-SU-2014:0470 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html
XForce ISS Database: xen-cve20136885-dos(89335)
https://exchange.xforce.ibmcloud.com/vulnerabilities/89335
Common Vulnerability Exposure (CVE) ID: CVE-2013-7027
BugTraq ID: 64013
http://www.securityfocus.com/bid/64013
http://www.securitytracker.com/id/1029413
http://secunia.com/advisories/55606
SuSE Security Announcement: openSUSE-SU-2014:0204 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html
SuSE Security Announcement: openSUSE-SU-2014:0247 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-02/msg00045.html
http://www.ubuntu.com/usn/USN-2066-1
http://www.ubuntu.com/usn/USN-2067-1
http://www.ubuntu.com/usn/USN-2068-1
http://www.ubuntu.com/usn/USN-2069-1
http://www.ubuntu.com/usn/USN-2071-1
http://www.ubuntu.com/usn/USN-2072-1
http://www.ubuntu.com/usn/USN-2073-1
http://www.ubuntu.com/usn/USN-2074-1
http://www.ubuntu.com/usn/USN-2076-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-7263
http://www.openwall.com/lists/oss-security/2013/11/28/13
http://seclists.org/oss-sec/2014/q1/29
RedHat Security Advisories: RHSA-2014:0159
http://rhn.redhat.com/errata/RHSA-2014-0159.html
http://secunia.com/advisories/55882
http://secunia.com/advisories/56036
SuSE Security Announcement: SUSE-SU-2015:0481 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html
SuSE Security Announcement: SUSE-SU-2015:0652 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html
SuSE Security Announcement: SUSE-SU-2015:0736 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html
SuSE Security Announcement: openSUSE-SU-2015:0566 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html
http://www.ubuntu.com/usn/USN-2107-1
http://www.ubuntu.com/usn/USN-2108-1
http://www.ubuntu.com/usn/USN-2136-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-7264
Common Vulnerability Exposure (CVE) ID: CVE-2013-7265
Common Vulnerability Exposure (CVE) ID: CVE-2013-7339
BugTraq ID: 66351
http://www.securityfocus.com/bid/66351
http://www.openwall.com/lists/oss-security/2014/03/20/14
http://secunia.com/advisories/59386
Common Vulnerability Exposure (CVE) ID: CVE-2014-0101
BugTraq ID: 65943
http://www.securityfocus.com/bid/65943
http://www.openwall.com/lists/oss-security/2014/03/04/6
RedHat Security Advisories: RHSA-2014:0328
http://rhn.redhat.com/errata/RHSA-2014-0328.html
RedHat Security Advisories: RHSA-2014:0419
http://rhn.redhat.com/errata/RHSA-2014-0419.html
RedHat Security Advisories: RHSA-2014:0432
http://rhn.redhat.com/errata/RHSA-2014-0432.html
http://secunia.com/advisories/59216
http://www.ubuntu.com/usn/USN-2173-1
http://www.ubuntu.com/usn/USN-2174-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-0196
Debian Security Information: DSA-2926 (Google Search)
http://www.debian.org/security/2014/dsa-2926
Debian Security Information: DSA-2928 (Google Search)
http://www.debian.org/security/2014/dsa-2928
http://www.exploit-db.com/exploits/33516
http://pastebin.com/raw.php?i=yTSFUBgZ
http://www.openwall.com/lists/oss-security/2014/05/05/6
http://www.osvdb.org/106646
RedHat Security Advisories: RHSA-2014:0512
http://rhn.redhat.com/errata/RHSA-2014-0512.html
http://secunia.com/advisories/59218
http://secunia.com/advisories/59262
http://secunia.com/advisories/59599
SuSE Security Announcement: SUSE-SU-2014:0667 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html
SuSE Security Announcement: SUSE-SU-2014:0683 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html
http://www.ubuntu.com/usn/USN-2196-1
http://www.ubuntu.com/usn/USN-2197-1
http://www.ubuntu.com/usn/USN-2198-1
http://www.ubuntu.com/usn/USN-2199-1
http://www.ubuntu.com/usn/USN-2200-1
http://www.ubuntu.com/usn/USN-2201-1
http://www.ubuntu.com/usn/USN-2202-1
http://www.ubuntu.com/usn/USN-2203-1
http://www.ubuntu.com/usn/USN-2204-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-1737
BugTraq ID: 67300
http://www.securityfocus.com/bid/67300
http://www.openwall.com/lists/oss-security/2014/05/09/2
RedHat Security Advisories: RHSA-2014:0800
http://rhn.redhat.com/errata/RHSA-2014-0800.html
RedHat Security Advisories: RHSA-2014:0801
http://rhn.redhat.com/errata/RHSA-2014-0801.html
http://www.securitytracker.com/id/1030474
http://secunia.com/advisories/59309
http://secunia.com/advisories/59406
Common Vulnerability Exposure (CVE) ID: CVE-2014-1738
BugTraq ID: 67302
http://www.securityfocus.com/bid/67302
Common Vulnerability Exposure (CVE) ID: CVE-2014-1874
BugTraq ID: 65459
http://www.securityfocus.com/bid/65459
http://www.openwall.com/lists/oss-security/2014/02/07/2
SuSE Security Announcement: SUSE-SU-2015:0812 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
http://www.ubuntu.com/usn/USN-2133-1
http://www.ubuntu.com/usn/USN-2134-1
http://www.ubuntu.com/usn/USN-2137-1
http://www.ubuntu.com/usn/USN-2140-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-2523
BugTraq ID: 66279
http://www.securityfocus.com/bid/66279
http://twitter.com/grsecurity/statuses/445496197399461888
http://www.openwall.com/lists/oss-security/2014/03/17/7
http://www.securitytracker.com/id/1029945
http://secunia.com/advisories/57446
XForce ISS Database: linux-kernel-cve20142523-code-exec(91910)
https://exchange.xforce.ibmcloud.com/vulnerabilities/91910
Common Vulnerability Exposure (CVE) ID: CVE-2014-2678
BugTraq ID: 66543
http://www.securityfocus.com/bid/66543
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131276.html
https://lkml.org/lkml/2014/3/29/188
http://www.openwall.com/lists/oss-security/2014/03/31/10
http://secunia.com/advisories/60130
http://secunia.com/advisories/60471
Common Vulnerability Exposure (CVE) ID: CVE-2014-3122
BugTraq ID: 67162
http://www.securityfocus.com/bid/67162
http://www.openwall.com/lists/oss-security/2014/05/01/7
http://www.ubuntu.com/usn/USN-2240-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-3153
BugTraq ID: 67906
http://www.securityfocus.com/bid/67906
Debian Security Information: DSA-2949 (Google Search)
http://www.debian.org/security/2014/dsa-2949
http://www.exploit-db.com/exploits/35370
https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.html
https://github.com/elongl/CVE-2014-3153
https://www.openwall.com/lists/oss-security/2021/02/01/4
http://www.openwall.com/lists/oss-security/2014/06/05/22
http://openwall.com/lists/oss-security/2014/06/05/24
http://openwall.com/lists/oss-security/2014/06/06/20
http://www.openwall.com/lists/oss-security/2021/02/01/4
http://www.securitytracker.com/id/1030451
http://secunia.com/advisories/58500
http://secunia.com/advisories/58990
http://secunia.com/advisories/59029
http://secunia.com/advisories/59092
http://secunia.com/advisories/59153
SuSE Security Announcement: SUSE-SU-2014:0775 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.html
SuSE Security Announcement: SUSE-SU-2014:0796 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.html
SuSE Security Announcement: SUSE-SU-2014:0837 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.html
SuSE Security Announcement: SUSE-SU-2014:1316 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html
SuSE Security Announcement: SUSE-SU-2014:1319 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html
SuSE Security Announcement: openSUSE-SU-2014:0878 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.html
http://www.ubuntu.com/usn/USN-2237-1
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.