Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2014.0208
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2014-0208)
Zusammenfassung:	The remote host is missing an update for the 'kernel-rt' package(s) announced via the MGASA-2014-0208 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'kernel-rt' package(s) announced via the MGASA-2014-0208 advisory. Vulnerability Insight: Updated kernel-rt provides upstream 3.12.18 kernel and fixes the following security issues: Buffer overflow in the complete_emulated_mmio function in arch/x86/kvm/ x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the host OS by leveraging a loop that triggers an invalid memory copy affecting certain cancel_work_item data. (CVE-2014-0049) The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle vhost_get_vq_desc errors, which allows guest OS users to cause a denial of service (host OS crash) via unspecified vectors. (CVE-2014-0055) The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer. (CVE-2014-0069) drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions. (CVE-2014-0077) Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter. (CVE-2014-2851) Other, otter fixes in this update: - switch hugepages back to madvise to fix performance regression (mga#12994) - enable Intel P-state driver (mga#13080) - fix r8169 suspend/resume issue (mga#13255) - RT patch has been updated to -rt25 For upstream merged fixes, read the referenced changelogs: Affected Software/OS: 'kernel-rt' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 7.4 CVSS Vector: AV:A/AC:M/Au:S/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0049 [oss-security] 20140303 CVE-2014-0049 -- Linux kernel: kvm: mmio_fragments out-of-the-bounds access http://www.openwall.com/lists/oss-security/2014/03/03/1 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a08d3b3b99efd509133946056531cdf8f3a0c09b http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.6 https://bugzilla.redhat.com/show_bug.cgi?id=1062368 https://github.com/torvalds/linux/commit/a08d3b3b99efd509133946056531cdf8f3a0c09b Common Vulnerability Exposure (CVE) ID: CVE-2014-0055 59386 http://secunia.com/advisories/59386 66441 http://www.securityfocus.com/bid/66441 RHSA-2014:0328 http://rhn.redhat.com/errata/RHSA-2014-0328.html RHSA-2014:0339 http://rhn.redhat.com/errata/RHSA-2014-0339.html https://bugzilla.redhat.com/show_bug.cgi?id=1062577 Common Vulnerability Exposure (CVE) ID: CVE-2014-0069 65588 http://www.securityfocus.com/bid/65588 SUSE-SU-2014:0459 http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00026.html [linux-cifs] 20140214 [PATCH] cifs: ensure that uncached writes handle unmapped areas correctly http://article.gmane.org/gmane.linux.kernel.cifs/9401 [oss-security] 20140217 CVE-2014-0069 -- kernel: cifs: incorrect handling of bogus user pointers during uncached writes http://www.openwall.com/lists/oss-security/2014/02/17/4 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5d81de8e8667da7135d3a32a964087c0faf5483f https://bugzilla.redhat.com/show_bug.cgi?id=1064253 https://github.com/torvalds/linux/commit/5d81de8e8667da7135d3a32a964087c0faf5483f Common Vulnerability Exposure (CVE) ID: CVE-2014-0077 59599 http://secunia.com/advisories/59599 66678 http://www.securityfocus.com/bid/66678 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d8316f3991d207fe32881a9ac20241be8fa2bad0 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.10 https://bugzilla.redhat.com/show_bug.cgi?id=1064440 https://github.com/torvalds/linux/commit/d8316f3991d207fe32881a9ac20241be8fa2bad0 Common Vulnerability Exposure (CVE) ID: CVE-2014-2851 BugTraq ID: 66779 http://www.securityfocus.com/bid/66779 Debian Security Information: DSA-2926 (Google Search) http://www.debian.org/security/2014/dsa-2926 https://lkml.org/lkml/2014/4/10/736 http://www.openwall.com/lists/oss-security/2014/04/11/4 http://www.securitytracker.com/id/1030769
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.