Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2014-0063)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2014.0063

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2014-0063)

Resumen: The remote host is missing an update for the 'kernel-rt' package(s) announced via the MGASA-2014-0063 advisory.

Descripción: Summary:
The remote host is missing an update for the 'kernel-rt' package(s) announced via the MGASA-2014-0063 advisory.

Vulnerability Insight:
This kernel update provides an update to 3.12.9 and fixes the following
critical security issue:

Pageexec reported a bug in the Linux kernel's recvmmsg syscall when called
from code using the x32 ABI. An unprivileged local user could exploit this
flaw to cause a denial of service (system crash) or gain administrator
privileges (CVE-2014-0038)

The -rt patch has been updated to -rt13.

For other changes, see the referenced changelog

Affected Software/OS:
'kernel-rt' package(s) on Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-0038
31346
http://www.exploit-db.com/exploits/31346
31347
http://www.exploit-db.com/exploits/31347
40503
https://www.exploit-db.com/exploits/40503/
56669
http://secunia.com/advisories/56669
65255
http://www.securityfocus.com/bid/65255
MDVSA-2014:038
http://www.mandriva.com/security/advisories?name=MDVSA-2014:038
USN-2094-1
http://www.ubuntu.com/usn/USN-2094-1
USN-2095-1
http://www.ubuntu.com/usn/USN-2095-1
USN-2096-1
http://www.ubuntu.com/usn/USN-2096-1
[oss-security] 20140131 Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038)
http://www.openwall.com/lists/oss-security/2014/01/31/2
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2def2ef2ae5f3990aabdbe8a755911902707d268
http://pastebin.com/raw.php?i=DH3Lbg54
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.2
https://bugzilla.redhat.com/show_bug.cgi?id=1060023
https://code.google.com/p/chromium/issues/detail?id=338594
https://github.com/saelo/cve-2014-0038
https://github.com/torvalds/linux/commit/2def2ef2ae5f3990aabdbe8a755911902707d268
openSUSE-SU-2014:0204
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html
openSUSE-SU-2014:0205
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00003.html

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2014.0063
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2014-0063)
Resumen:	The remote host is missing an update for the 'kernel-rt' package(s) announced via the MGASA-2014-0063 advisory.
Descripción:	Summary: The remote host is missing an update for the 'kernel-rt' package(s) announced via the MGASA-2014-0063 advisory. Vulnerability Insight: This kernel update provides an update to 3.12.9 and fixes the following critical security issue: Pageexec reported a bug in the Linux kernel's recvmmsg syscall when called from code using the x32 ABI. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrator privileges (CVE-2014-0038) The -rt patch has been updated to -rt13. For other changes, see the referenced changelog Affected Software/OS: 'kernel-rt' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0038 31346 http://www.exploit-db.com/exploits/31346 31347 http://www.exploit-db.com/exploits/31347 40503 https://www.exploit-db.com/exploits/40503/ 56669 http://secunia.com/advisories/56669 65255 http://www.securityfocus.com/bid/65255 MDVSA-2014:038 http://www.mandriva.com/security/advisories?name=MDVSA-2014:038 USN-2094-1 http://www.ubuntu.com/usn/USN-2094-1 USN-2095-1 http://www.ubuntu.com/usn/USN-2095-1 USN-2096-1 http://www.ubuntu.com/usn/USN-2096-1 [oss-security] 20140131 Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) http://www.openwall.com/lists/oss-security/2014/01/31/2 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2def2ef2ae5f3990aabdbe8a755911902707d268 http://pastebin.com/raw.php?i=DH3Lbg54 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.2 https://bugzilla.redhat.com/show_bug.cgi?id=1060023 https://code.google.com/p/chromium/issues/detail?id=338594 https://github.com/saelo/cve-2014-0038 https://github.com/torvalds/linux/commit/2def2ef2ae5f3990aabdbe8a755911902707d268 openSUSE-SU-2014:0204 http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html openSUSE-SU-2014:0205 http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00003.html
Copyright	Copyright (C) 2022 Greenbone AG