ID de Prueba:	1.3.6.1.4.1.25623.1.0.120179
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2012-142)
Resumen:	The remote host is missing an update for the 'kernel' package(s) announced via the ALAS-2012-142 advisory.
Descripción:	Summary: The remote host is missing an update for the 'kernel' package(s) announced via the ALAS-2012-142 advisory. Vulnerability Insight: A use-after-free flaw was found in the Linux kernel's memory management subsystem in the way quota handling for huge pages was performed. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2012-2133, Moderate) A use-after-free flaw was found in the madvise() system call implementation in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2012-3511, Moderate) It was found that when running a 32-bit binary that uses a large number of shared libraries, one of the libraries would always be loaded at a predictable address in memory. An attacker could use this flaw to bypass the Address Space Layout Randomization (ASLR) security feature. (CVE-2012-1568, Low) Buffer overflow flaws were found in the udf_load_logicalvol() function in the Universal Disk Format (UDF) file system implementation in the Linux kernel. An attacker with physical access to a system could use these flaws to cause a denial of service or escalate their privileges. (CVE-2012-3400, Low) Affected Software/OS: 'kernel' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 7.6 CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0957 http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091110.html http://www.openwall.com/lists/oss-security/2012/10/09/4 http://secunia.com/advisories/51409 http://www.ubuntu.com/usn/USN-1644-1 http://www.ubuntu.com/usn/USN-1645-1 http://www.ubuntu.com/usn/USN-1646-1 http://www.ubuntu.com/usn/USN-1647-1 http://www.ubuntu.com/usn/USN-1648-1 http://www.ubuntu.com/usn/USN-1649-1 http://www.ubuntu.com/usn/USN-1652-1 Common Vulnerability Exposure (CVE) ID: CVE-2012-1568 [oss-security] 20120320 Re: CVE request -- kernel: execshield: predictable ascii armour base address http://www.openwall.com/lists/oss-security/2012/03/20/4 [oss-security] 20120321 Re: CVE request -- kernel: execshield: predictable ascii armour base address http://openwall.com/lists/oss-security/2012/03/21/3 http://scarybeastsecurity.blogspot.com/2012/03/some-random-observations-on-linux-aslr.html https://bugzilla.redhat.com/show_bug.cgi?id=804947 https://oss.oracle.com/git/?p=redpatch.git%3Ba=commit%3Bh=302a4fc15aebf202b6dffd6c804377c6058ee6e4 Common Vulnerability Exposure (CVE) ID: CVE-2012-2133 53233 http://www.securityfocus.com/bid/53233 DSA-2469 http://www.debian.org/security/2012/dsa-2469 SUSE-SU-2012:0616 http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html [oss-security] 20120424 Re: CVE Request: use after free bug in "quota" handling in hugetlb code http://www.openwall.com/lists/oss-security/2012/04/24/12 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=90481622d75715bfcb68501280a917dbfe516029 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.6 https://bugzilla.redhat.com/show_bug.cgi?id=817430 https://github.com/torvalds/linux/commit/90481622d75715bfcb68501280a917dbfe516029 linux-kernel-hugepages-dos(75168) https://exchange.xforce.ibmcloud.com/vulnerabilities/75168 Common Vulnerability Exposure (CVE) ID: CVE-2012-3400 50506 http://secunia.com/advisories/50506 RHSA-2013:0594 http://rhn.redhat.com/errata/RHSA-2013-0594.html SUSE-SU-2015:0812 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html USN-1529-1 http://ubuntu.com/usn/usn-1529-1 USN-1555-1 http://www.ubuntu.com/usn/USN-1555-1 USN-1556-1 http://www.ubuntu.com/usn/USN-1556-1 USN-1557-1 http://www.ubuntu.com/usn/USN-1557-1 [oss-security] 20120709 Re: CVE Request: Stability fixes in UDF Logical Volume Descriptor handling http://www.openwall.com/lists/oss-security/2012/07/10/2 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1df2ae31c724e57be9d7ac00d78db8a5dabdd050 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=adee11b2085bee90bd8f4f52123ffb07882d6256 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5 https://bugzilla.redhat.com/show_bug.cgi?id=843139 https://github.com/torvalds/linux/commit/1df2ae31c724e57be9d7ac00d78db8a5dabdd050 https://github.com/torvalds/linux/commit/adee11b2085bee90bd8f4f52123ffb07882d6256 Common Vulnerability Exposure (CVE) ID: CVE-2012-3511 50633 http://secunia.com/advisories/50633 50732 http://secunia.com/advisories/50732 55055 http://secunia.com/advisories/55055 55151 http://www.securityfocus.com/bid/55151 USN-1567-1 http://www.ubuntu.com/usn/USN-1567-1 USN-1572-1 http://www.ubuntu.com/usn/USN-1572-1 USN-1577-1 http://www.ubuntu.com/usn/USN-1577-1 [oss-security] 20120820 Re: CVE Request -- kernel: mm: use-after-free in madvise_remove() http://www.openwall.com/lists/oss-security/2012/08/20/13 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9ab4233dd08036fe34a89c7dc6f47a8bf2eb29eb https://bugzilla.redhat.com/show_bug.cgi?id=849734 https://github.com/torvalds/linux/commit/9ab4233dd08036fe34a89c7dc6f47a8bf2eb29eb Common Vulnerability Exposure (CVE) ID: CVE-2012-4508 FEDORA-2012-17479 RHSA-2012:1540 http://rhn.redhat.com/errata/RHSA-2012-1540.html RHSA-2013:0496 http://rhn.redhat.com/errata/RHSA-2013-0496.html RHSA-2013:1519 http://rhn.redhat.com/errata/RHSA-2013-1519.html RHSA-2013:1783 http://rhn.redhat.com/errata/RHSA-2013-1783.html SUSE-SU-2012:1679 https://www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html USN-1645-1 USN-1899-1 http://www.ubuntu.com/usn/USN-1899-1 USN-1900-1 http://www.ubuntu.com/usn/USN-1900-1 [oss-security] 20121025 CVE-2012-4508 -- kernel: ext4: AIO vs fallocate stale data exposure http://www.openwall.com/lists/oss-security/2012/10/25/1 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=dee1f973ca341c266229faa5a1a5bb268bed3531 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.16 https://bugzilla.redhat.com/show_bug.cgi?id=869904 https://github.com/torvalds/linux/commit/dee1f973ca341c266229faa5a1a5bb268bed3531 Common Vulnerability Exposure (CVE) ID: CVE-2012-4565 51409 56346 http://www.securityfocus.com/bid/56346 RHSA-2012:1580 http://rhn.redhat.com/errata/RHSA-2012-1580.html USN-1644-1 USN-1646-1 USN-1647-1 USN-1648-1 USN-1649-1 USN-1650-1 http://www.ubuntu.com/usn/USN-1650-1 USN-1651-1 http://www.ubuntu.com/usn/USN-1651-1 USN-1652-1 [oss-security] 20121031 Re: CVE Request -- kernel: net: divide by zero in tcp algorithm illinois http://www.openwall.com/lists/oss-security/2012/10/31/5 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8f363b77ee4fbf7c3bbcf5ec2c5ca482d396d664 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.19 https://bugzilla.redhat.com/show_bug.cgi?id=871848 https://github.com/torvalds/linux/commit/8f363b77ee4fbf7c3bbcf5ec2c5ca482d396d664
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.