Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2013-258)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.120543

Categoría: Amazon Linux Local Security Checks

Título: Amazon Linux: Security Advisory (ALAS-2013-258)

Resumen: The remote host is missing an update for the 'kernel' package(s) announced via the ALAS-2013-258 advisory.

Descripción: Summary:
The remote host is missing an update for the 'kernel' package(s) announced via the ALAS-2013-258 advisory.

Vulnerability Insight:
Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for a (1) XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted length value, related to the xfs_attrlist_by_handle function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle function in fs/xfs/xfs_ioctl32.c.

Affected Software/OS:
'kernel' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
4.0

CVSS Vector:
AV:L/AC:H/Au:N/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-6382
63889
http://www.securityfocus.com/bid/63889
USN-2109-1
http://www.ubuntu.com/usn/USN-2109-1
USN-2110-1
http://www.ubuntu.com/usn/USN-2110-1
USN-2113-1
http://www.ubuntu.com/usn/USN-2113-1
USN-2117-1
http://www.ubuntu.com/usn/USN-2117-1
USN-2128-1
http://www.ubuntu.com/usn/USN-2128-1
USN-2129-1
http://www.ubuntu.com/usn/USN-2129-1
USN-2135-1
http://www.ubuntu.com/usn/USN-2135-1
USN-2138-1
http://www.ubuntu.com/usn/USN-2138-1
USN-2139-1
http://www.ubuntu.com/usn/USN-2139-1
USN-2141-1
http://www.ubuntu.com/usn/USN-2141-1
USN-2158-1
http://www.ubuntu.com/usn/USN-2158-1
[oss-security] 20131122 Linux kernel CVE fixes
http://www.openwall.com/lists/oss-security/2013/11/22/5
[xfs] 20131031 [patch] xfs: underflow bug in xfs_attrlist_by_handle()
http://www.spinics.net/lists/xfs/msg23343.html
https://bugzilla.redhat.com/show_bug.cgi?id=1033603

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.120543
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2013-258)
Resumen:	The remote host is missing an update for the 'kernel' package(s) announced via the ALAS-2013-258 advisory.
Descripción:	Summary: The remote host is missing an update for the 'kernel' package(s) announced via the ALAS-2013-258 advisory. Vulnerability Insight: Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for a (1) XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted length value, related to the xfs_attrlist_by_handle function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle function in fs/xfs/xfs_ioctl32.c. Affected Software/OS: 'kernel' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 4.0 CVSS Vector: AV:L/AC:H/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-6382 63889 http://www.securityfocus.com/bid/63889 USN-2109-1 http://www.ubuntu.com/usn/USN-2109-1 USN-2110-1 http://www.ubuntu.com/usn/USN-2110-1 USN-2113-1 http://www.ubuntu.com/usn/USN-2113-1 USN-2117-1 http://www.ubuntu.com/usn/USN-2117-1 USN-2128-1 http://www.ubuntu.com/usn/USN-2128-1 USN-2129-1 http://www.ubuntu.com/usn/USN-2129-1 USN-2135-1 http://www.ubuntu.com/usn/USN-2135-1 USN-2138-1 http://www.ubuntu.com/usn/USN-2138-1 USN-2139-1 http://www.ubuntu.com/usn/USN-2139-1 USN-2141-1 http://www.ubuntu.com/usn/USN-2141-1 USN-2158-1 http://www.ubuntu.com/usn/USN-2158-1 [oss-security] 20131122 Linux kernel CVE fixes http://www.openwall.com/lists/oss-security/2013/11/22/5 [xfs] 20131031 [patch] xfs: underflow bug in xfs_attrlist_by_handle() http://www.spinics.net/lists/xfs/msg23343.html https://bugzilla.redhat.com/show_bug.cgi?id=1033603
Copyright	Copyright (C) 2015 Greenbone AG