Test ID:	1.3.6.1.4.1.25623.1.0.841287
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-1699-1)
Summary:	The remote host is missing an update for the 'linux' package(s) announced via the USN-1699-1 advisory.
Description:	Summary: The remote host is missing an update for the 'linux' package(s) announced via the USN-1699-1 advisory. Vulnerability Insight: Jon Howell reported a flaw in the Linux kernel's KVM (Kernel-based virtual machine) subsystem's handling of the XSAVE feature. On hosts, using qemu userspace, without the XSAVE feature an unprivileged local attacker could exploit this flaw to crash the system. (CVE-2012-4461) A flaw was discovered in the Linux kernel's handling of script execution when module loading is enabled. A local attacker could exploit this flaw to cause a leak of kernel stack contents. (CVE-2012-4530) Florian Weimer discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating source addresses of netlink packets. An untrusted local user can cause a denial of service by causing hypervkvpd to exit. (CVE-2012-5532) Affected Software/OS: 'linux' package(s) on Ubuntu 12.10. Solution: Please install the updated package(s). CVSS Score: 4.9 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-4461 51160 http://secunia.com/advisories/51160 56414 http://www.securityfocus.com/bid/56414 RHSA-2013:0223 http://rhn.redhat.com/errata/RHSA-2013-0223.html RHSA-2013:0882 http://rhn.redhat.com/errata/RHSA-2013-0882.html SUSE-SU-2012:1679 https://www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html [oss-security] 20121106 CVE-2012-4461 -- kernel: kvm: invalid opcode oops on SET_SREGS with OSXSAVE bit set http://www.openwall.com/lists/oss-security/2012/11/06/14 http://article.gmane.org/gmane.comp.emulators.kvm.devel/100742 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git%3Ba=commit%3Bh=6d1068b3a98519247d8ba4ec85cd40ac136dbdf9 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.6.9 https://bugzilla.redhat.com/show_bug.cgi?id=862900 openSUSE-SU-2013:0925 http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html Common Vulnerability Exposure (CVE) ID: CVE-2012-4530 SUSE-SU-2013:0674 http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00018.html [oss-security] 20121019 Re: CVE Request -- kernel stack disclosure in binfmt_script load_script() http://www.openwall.com/lists/oss-security/2012/10/19/3 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b66c5984017533316fd1951770302649baf1aa33 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.2 https://bugzilla.redhat.com/show_bug.cgi?id=868285 https://github.com/torvalds/linux/commit/b66c5984017533316fd1951770302649baf1aa33 Common Vulnerability Exposure (CVE) ID: CVE-2012-5532 56710 http://www.securityfocus.com/bid/56710 MDVSA-2013:176 http://www.mandriva.com/security/advisories?name=MDVSA-2013:176 RHSA-2013:0807 http://rhn.redhat.com/errata/RHSA-2013-0807.html [oss-security] 20121127 Re: CVE-2012-5532 hypervkvpd DoS http://www.openwall.com/lists/oss-security/2012/11/27/12 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=95a69adab9acfc3981c504737a2b6578e4d846ef http://www.kernel.org/pub/linux/kernel/v3.x/testing/ http://www.kernel.org/pub/linux/kernel/v3.x/testing/patch-3.8-rc1.bz2 https://bugzilla.novell.com/show_bug.cgi?id=761200 https://bugzilla.redhat.com/show_bug.cgi?id=877572 https://github.com/torvalds/linux/commit/95a69adab9acfc3981c504737a2b6578e4d846ef kernel-hypervkvpd-dos(80337) https://exchange.xforce.ibmcloud.com/vulnerabilities/80337
Copyright	Copyright (C) 2013 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.