English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 145615 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.10.2014.0453
Kategorie:Mageia Linux Local Security Checks
Titel:Mageia: Security Advisory (MGASA-2014-0453)
Zusammenfassung:The remote host is missing an update for the 'kernel, kernel-userspace-headers, kmod-broadcom-wl, kmod-fglrx, kmod-nvidia173, kmod-nvidia-current, kmod-xtables-addons, rpm-mageia-setup' package(s) announced via the MGASA-2014-0453 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'kernel, kernel-userspace-headers, kmod-broadcom-wl, kmod-fglrx, kmod-nvidia173, kmod-nvidia-current, kmod-xtables-addons, rpm-mageia-setup' package(s) announced via the MGASA-2014-0453 advisory.

Vulnerability Insight:
This kernel update is based on upstream -longterm 3.14.23 and
fixes the following security issues:

The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux
kernel through 3.16.1 miscalculates the number of pages during the
handling of a mapping failure, which allows guest OS users to (1)
cause a denial of service (host OS memory corruption) or possibly
have unspecified other impact by triggering a large gfn value or
(2) cause a denial of service (host OS memory consumption) by
triggering a small gfn value that leads to permanently pinned
pages (CVE-2014-3601).

The assoc_array_gc function in the associative-array implementation
in lib/assoc_array.c in the Linux kernel before 3.16.3 does not
properly implement garbage collection, which allows local users to
cause a denial of service (NULL pointer dereference and system
crash) or possibly have unspecified other impact via multiple
'keyctl newring' operations followed by a 'keyctl timeout'
operation (CVE-2014-3631).

The pivot_root implementation in fs/namespace.c in the Linux kernel
through 3.17 does not properly interact with certain locations of
a chroot directory, which allows local users to cause a denial of
service (mount-tree loop) via . (dot) values in both arguments to
the pivot_root system call (CVE-2014-7970).

The do_umount function in fs/namespace.c in the Linux kernel
through 3.17 does not require the CAP_SYS_ADMIN capability for
do_remount_sb calls that change the root filesystem to read-only,
which allows local users to cause a denial of service (loss of
writability) by making certain unshare system calls, clearing the
/ MNT_LOCKED flag, and making an MNT_FORCE umount system call
(CVE-2014-7975).

Other fixes:
The X86_SYSFB config option has been disabled as it prevents
proper KMS setup on some systems (mga#13098)

The cpupower default governor has been switched from ondemand to
performance as the intel_pstate driver (used on newer Intel cpus)
does not support ondemand target.

For other fixes included in this update, read the referenced
changelogs.

Affected Software/OS:
'kernel, kernel-userspace-headers, kmod-broadcom-wl, kmod-fglrx, kmod-nvidia173, kmod-nvidia-current, kmod-xtables-addons, rpm-mageia-setup' package(s) on Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2014-3601
60830
http://secunia.com/advisories/60830
69489
http://www.securityfocus.com/bid/69489
SUSE-SU-2015:0481
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html
SUSE-SU-2015:0736
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html
USN-2356-1
http://www.ubuntu.com/usn/USN-2356-1
USN-2357-1
http://www.ubuntu.com/usn/USN-2357-1
USN-2358-1
http://www.ubuntu.com/usn/USN-2358-1
USN-2359-1
http://www.ubuntu.com/usn/USN-2359-1
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=350b8bdd689cd2ab2c67c8a86a0be86cfa0751a7
https://bugzilla.redhat.com/show_bug.cgi?id=1131951
https://github.com/torvalds/linux/commit/350b8bdd689cd2ab2c67c8a86a0be86cfa0751a7
linux-kernel-cve20143601-dos(95689)
https://exchange.xforce.ibmcloud.com/vulnerabilities/95689
openSUSE-SU-2015:0566
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-3631
111298
http://osvdb.org/show/osvdb/111298
36268
http://www.exploit-db.com/exploits/36268
70095
http://www.securityfocus.com/bid/70095
USN-2378-1
http://www.ubuntu.com/usn/USN-2378-1
USN-2379-1
http://www.ubuntu.com/usn/USN-2379-1
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=95389b08d93d5c06ec63ab49bd732b0069b7c35e
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.3
https://bugzilla.redhat.com/show_bug.cgi?id=1140325
https://github.com/torvalds/linux/commit/95389b08d93d5c06ec63ab49bd732b0069b7c35e
Common Vulnerability Exposure (CVE) ID: CVE-2014-7970
BugTraq ID: 70319
http://www.securityfocus.com/bid/70319
http://www.spinics.net/lists/linux-fsdevel/msg79153.html
http://www.openwall.com/lists/oss-security/2014/10/08/21
RedHat Security Advisories: RHSA-2017:1842
https://access.redhat.com/errata/RHSA-2017:1842
RedHat Security Advisories: RHSA-2017:2077
https://access.redhat.com/errata/RHSA-2017:2077
http://www.securitytracker.com/id/1030991
http://secunia.com/advisories/60174
http://secunia.com/advisories/61142
SuSE Security Announcement: SUSE-SU-2015:0736 (Google Search)
http://www.ubuntu.com/usn/USN-2419-1
http://www.ubuntu.com/usn/USN-2420-1
http://www.ubuntu.com/usn/USN-2513-1
http://www.ubuntu.com/usn/USN-2514-1
XForce ISS Database: linux-kernel-cve20147970-dos(96921)
https://exchange.xforce.ibmcloud.com/vulnerabilities/96921
Common Vulnerability Exposure (CVE) ID: CVE-2014-7975
BugTraq ID: 70314
http://www.securityfocus.com/bid/70314
http://www.openwall.com/lists/oss-security/2014/10/08/22
http://thread.gmane.org/gmane.linux.kernel.stable/109312
http://www.securitytracker.com/id/1031180
http://secunia.com/advisories/61145
http://secunia.com/advisories/62633
http://secunia.com/advisories/62634
http://www.ubuntu.com/usn/USN-2415-1
http://www.ubuntu.com/usn/USN-2416-1
http://www.ubuntu.com/usn/USN-2417-1
http://www.ubuntu.com/usn/USN-2418-1
http://www.ubuntu.com/usn/USN-2421-1
XForce ISS Database: linux-kernel-cve20147975-dos(96994)
https://exchange.xforce.ibmcloud.com/vulnerabilities/96994
CopyrightCopyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.