Test ID:	1.3.6.1.4.1.25623.1.0.841493
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-1899-1)
Summary:	The remote host is missing an update for the 'linux' package(s) announced via the USN-1899-1 advisory.
Description:	Summary: The remote host is missing an update for the 'linux' package(s) announced via the USN-1899-1 advisory. Vulnerability Insight: Dmitry Monakhov reported a race condition flaw the Linux ext4 filesystem that can expose stale data. An unprivileged user could exploit this flaw to cause an information leak. (CVE-2012-4508) Dave Jones discovered that the Linux kernel's socket subsystem does not correctly ensure the keepalive action is associated with a stream socket. A local user could exploit this flaw to cause a denial of service (system crash) by creating a raw socket. (CVE-2012-6657) An information leak was discovered in the Linux kernel's tkill and tgkill system calls when used from compat processes. A local user could exploit this flaw to examine potentially sensitive kernel memory. (CVE-2013-2141) Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges. (CVE-2013-2852) Affected Software/OS: 'linux' package(s) on Ubuntu 10.04. Solution: Please install the updated package(s). CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-4508 FEDORA-2012-17479 http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091110.html RHSA-2012:1540 http://rhn.redhat.com/errata/RHSA-2012-1540.html RHSA-2013:0496 http://rhn.redhat.com/errata/RHSA-2013-0496.html RHSA-2013:1519 http://rhn.redhat.com/errata/RHSA-2013-1519.html RHSA-2013:1783 http://rhn.redhat.com/errata/RHSA-2013-1783.html SUSE-SU-2012:1679 https://www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html USN-1645-1 http://www.ubuntu.com/usn/USN-1645-1 USN-1899-1 http://www.ubuntu.com/usn/USN-1899-1 USN-1900-1 http://www.ubuntu.com/usn/USN-1900-1 [oss-security] 20121025 CVE-2012-4508 -- kernel: ext4: AIO vs fallocate stale data exposure http://www.openwall.com/lists/oss-security/2012/10/25/1 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=dee1f973ca341c266229faa5a1a5bb268bed3531 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.16 https://bugzilla.redhat.com/show_bug.cgi?id=869904 https://github.com/torvalds/linux/commit/dee1f973ca341c266229faa5a1a5bb268bed3531 Common Vulnerability Exposure (CVE) ID: CVE-2012-6657 HPSBGN03282 http://marc.info/?l=bugtraq&m=142722544401658&w=2 HPSBGN03285 http://marc.info/?l=bugtraq&m=142722450701342&w=2 SUSE-SU-2015:0652 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html SUSE-SU-2015:0812 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html [oss-security] 20140915 Re: CVE request Linux kernel: net: guard tcp_set_keepalive against crash http://www.openwall.com/lists/oss-security/2014/09/15/8 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3e10986d1d698140747fcfc2761ec9cb64c1d582 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.7 https://bugzilla.redhat.com/show_bug.cgi?id=1141742 https://github.com/torvalds/linux/commit/3e10986d1d698140747fcfc2761ec9cb64c1d582 Common Vulnerability Exposure (CVE) ID: CVE-2013-2141 55055 http://secunia.com/advisories/55055 DSA-2766 http://www.debian.org/security/2013/dsa-2766 MDVSA-2013:176 http://www.mandriva.com/security/advisories?name=MDVSA-2013:176 RHSA-2013:1801 http://rhn.redhat.com/errata/RHSA-2013-1801.html [oss-security] 20130604 Re: CVE Request: kernel info leak in tkill/tgkill http://www.openwall.com/lists/oss-security/2013/06/04/10 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b9e146d8eb3b9ecae5086d373b50fa0c1f3e7f0f http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9 https://bugzilla.redhat.com/show_bug.cgi?id=970873 https://github.com/torvalds/linux/commit/b9e146d8eb3b9ecae5086d373b50fa0c1f3e7f0f openSUSE-SU-2013:1971 http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html Common Vulnerability Exposure (CVE) ID: CVE-2013-2852 Debian Security Information: DSA-2766 (Google Search) http://www.openwall.com/lists/oss-security/2013/06/06/13 RedHat Security Advisories: RHSA-2013:1051 http://rhn.redhat.com/errata/RHSA-2013-1051.html RedHat Security Advisories: RHSA-2013:1450 http://rhn.redhat.com/errata/RHSA-2013-1450.html SuSE Security Announcement: SUSE-SU-2013:1473 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html SuSE Security Announcement: openSUSE-SU-2013:1971 (Google Search) http://www.ubuntu.com/usn/USN-1914-1 http://www.ubuntu.com/usn/USN-1915-1 http://www.ubuntu.com/usn/USN-1916-1 http://www.ubuntu.com/usn/USN-1917-1 http://www.ubuntu.com/usn/USN-1918-1 http://www.ubuntu.com/usn/USN-1919-1 http://www.ubuntu.com/usn/USN-1920-1 http://www.ubuntu.com/usn/USN-1930-1
Copyright	Copyright (C) 2013 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.