| Descripción: | Summary:
The remote host is missing an update for the 'Linux'
package(s) announced via the referenced advisory.
Vulnerability Insight:
The SUSE Linux Enterprise 11 Service Pack 3 kernel was
updated to fix various bugs and security issues.
WARNING: If you are running KVM with PCI
pass-through on a system with one of the following Intel
chipsets: 5500 (revision 0x13), 5520 (revision 0x13) or
X58 (revisions 0x12, 0x13, 0x22), please make sure to read
the following referenced support document before installing this
update. You will have to update your KVM setup to no longer make use
of PCI pass-through before rebooting to the updated
kernel.
The following security bugs were fixed:
* CVE-2013-4470: The Linux kernel before 3.12, when UDP
Fragmentation Offload (UFO) is enabled, does not properly
initialize certain data structures, which allows local
users to cause a denial of service (memory corruption and
system crash) or possibly gain privileges via a crafted
application that uses the UDP_CORK option in a setsockopt
system call and sends both short and long packets, related
to the ip_ufo_append_data function in net/ipv4/ip_output.c
and the ip6_ufo_append_data function in
net/ipv6/ip6_output.c. (bnc#847672)
* CVE-2013-6885: The microcode on AMD 16h 00h through
0Fh processors does not properly handle the interaction
between locked instructions and write-combined memory
types, which allows local users to cause a denial of
service (system hang) via a crafted application, aka the
errata 793 issue. (bnc#852967)
* CVE-2013-7263: The Linux kernel before 3.12.4 updates
certain length values before ensuring that associated data
structures have been initialized, which allows local users
to obtain sensitive information from kernel stack memory
via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system
call, related to net/ipv4/ping.c, net/ipv4/raw.c,
net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c.
(bnc#857643)
* CVE-2013-7264: The l2tp_ip_recvmsg function in
net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4
updates a certain length value before ensuring that an
associated data structure has been initialized, which
allows local users to obtain sensitive information from
kernel stack memory via a (1) recvfrom, (2 ...
Description truncated, please see the referenced URL(s) for more information.
Affected Software/OS:
Linux on SUSE Linux Enterprise Server 11 SP3
Solution:
Please install the updated package(s).
CVSS Score:
7.2
CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
