English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.10.2014.0207
Category:Mageia Linux Local Security Checks
Title:Mageia: Security Advisory (MGASA-2014-0207)
Summary:The remote host is missing an update for the 'kernel-linus' package(s) announced via the MGASA-2014-0207 advisory.
Description:Summary:
The remote host is missing an update for the 'kernel-linus' package(s) announced via the MGASA-2014-0207 advisory.

Vulnerability Insight:
Updated kernel-linus provides upstream 3.12.18 kernel and fixes the following
security issues:

Buffer overflow in the complete_emulated_mmio function in arch/x86/kvm/
x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute
arbitrary code on the host OS by leveraging a loop that triggers an
invalid memory copy affecting certain cancel_work_item data.
(CVE-2014-0049)

The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem
in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise
Linux (RHEL) 6 does not properly handle vhost_get_vq_desc errors, which
allows guest OS users to cause a denial of service (host OS crash) via
unspecified vectors. (CVE-2014-0055)

The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through
3.13.5 does not properly handle uncached write operations that copy fewer
than the requested number of bytes, which allows local users to obtain
sensitive information from kernel memory, cause a denial of service
(memory corruption and system crash), or possibly gain privileges via a
writev system call with a crafted pointer. (CVE-2014-0069)

drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable
buffers are disabled, does not properly validate packet lengths, which
allows guest OS users to cause a denial of service (memory corruption and
host OS crash) or possibly gain privileges on the host OS via crafted
packets, related to the handle_rx and get_rx_bufs functions.
(CVE-2014-0077)

Other, otter fixes in this update:
- switch hugepages back to madvise to fix performance regression (mga#12994)
- enable Intel P-state driver (mga#13080)
- fix r8169 suspend/resume issue (mga#13255)

For upstream merged fixes, read the referenced changelogs:

Affected Software/OS:
'kernel-linus' package(s) on Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
7.4

CVSS Vector:
AV:A/AC:M/Au:S/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-0049
[oss-security] 20140303 CVE-2014-0049 -- Linux kernel: kvm: mmio_fragments out-of-the-bounds access
http://www.openwall.com/lists/oss-security/2014/03/03/1
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a08d3b3b99efd509133946056531cdf8f3a0c09b
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.6
https://bugzilla.redhat.com/show_bug.cgi?id=1062368
https://github.com/torvalds/linux/commit/a08d3b3b99efd509133946056531cdf8f3a0c09b
Common Vulnerability Exposure (CVE) ID: CVE-2014-0055
59386
http://secunia.com/advisories/59386
66441
http://www.securityfocus.com/bid/66441
RHSA-2014:0328
http://rhn.redhat.com/errata/RHSA-2014-0328.html
RHSA-2014:0339
http://rhn.redhat.com/errata/RHSA-2014-0339.html
https://bugzilla.redhat.com/show_bug.cgi?id=1062577
Common Vulnerability Exposure (CVE) ID: CVE-2014-0069
65588
http://www.securityfocus.com/bid/65588
SUSE-SU-2014:0459
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00026.html
[linux-cifs] 20140214 [PATCH] cifs: ensure that uncached writes handle unmapped areas correctly
http://article.gmane.org/gmane.linux.kernel.cifs/9401
[oss-security] 20140217 CVE-2014-0069 -- kernel: cifs: incorrect handling of bogus user pointers during uncached writes
http://www.openwall.com/lists/oss-security/2014/02/17/4
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5d81de8e8667da7135d3a32a964087c0faf5483f
https://bugzilla.redhat.com/show_bug.cgi?id=1064253
https://github.com/torvalds/linux/commit/5d81de8e8667da7135d3a32a964087c0faf5483f
Common Vulnerability Exposure (CVE) ID: CVE-2014-0077
59599
http://secunia.com/advisories/59599
66678
http://www.securityfocus.com/bid/66678
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d8316f3991d207fe32881a9ac20241be8fa2bad0
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.10
https://bugzilla.redhat.com/show_bug.cgi?id=1064440
https://github.com/torvalds/linux/commit/d8316f3991d207fe32881a9ac20241be8fa2bad0
CopyrightCopyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.