Test ID:	1.3.6.1.4.1.25623.1.0.841518
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-1912-1)
Summary:	The remote host is missing an update for the 'linux' package(s) announced via the USN-1912-1 advisory.
Description:	Summary: The remote host is missing an update for the 'linux' package(s) announced via the USN-1912-1 advisory. Vulnerability Insight: Jonathan Salwan discovered an information leak in the Linux kernel's cdrom driver. A local user can exploit this leak to obtain sensitive information from kernel memory if the CD-ROM drive is malfunctioning. (CVE-2013-2164) A flaw was discovered in the Linux kernel when an IPv6 socket is used to connect to an IPv4 destination. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). (CVE-2013-2232) An information leak was discovered in the IPSec key_socket implementation in the Linux kernel. An local user could exploit this flaw to examine potentially sensitive information in kernel memory. (CVE-2013-2234) An information leak was discovered in the Linux kernel when reading broadcast messages from the notify_policy interface of the IPSec key_socket. A local user could exploit this flaw to examine potentially sensitive information in kernel memory. (CVE-2013-2237) Kees Cook discovered a format string vulnerability in the Linux kernel's disk block layer. A local user with administrator privileges could exploit this flaw to gain kernel privileges. (CVE-2013-2851) Affected Software/OS: 'linux' package(s) on Ubuntu 10.04. Solution: Please install the updated package(s). CVSS Score: 6.0 CVSS Vector: AV:L/AC:H/Au:S/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-2164 DSA-2766 http://www.debian.org/security/2013/dsa-2766 RHSA-2013:1166 http://rhn.redhat.com/errata/RHSA-2013-1166.html RHSA-2013:1645 http://rhn.redhat.com/errata/RHSA-2013-1645.html SUSE-SU-2013:1473 http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html SUSE-SU-2013:1474 http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html USN-1912-1 http://www.ubuntu.com/usn/USN-1912-1 USN-1913-1 http://www.ubuntu.com/usn/USN-1913-1 USN-1941-1 http://www.ubuntu.com/usn/USN-1941-1 USN-1942-1 http://www.ubuntu.com/usn/USN-1942-1 [oss-security] 20130610 Re: CVE Request: Linux Kernel - Leak information in cdrom driver. http://www.openwall.com/lists/oss-security/2013/06/10/9 http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/drivers/cdrom/cdrom.c?id=050e4b8fb7cdd7096c987a9cd556029c622c7fe2 https://bugzilla.redhat.com/show_bug.cgi?id=973100 openSUSE-SU-2013:1971 http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html Common Vulnerability Exposure (CVE) ID: CVE-2013-2232 RHSA-2013:1173 http://rhn.redhat.com/errata/RHSA-2013-1173.html USN-1938-1 http://www.ubuntu.com/usn/USN-1938-1 USN-1943-1 http://www.ubuntu.com/usn/USN-1943-1 USN-1944-1 http://www.ubuntu.com/usn/USN-1944-1 USN-1945-1 http://www.ubuntu.com/usn/USN-1945-1 USN-1946-1 http://www.ubuntu.com/usn/USN-1946-1 USN-1947-1 http://www.ubuntu.com/usn/USN-1947-1 [oss-security] 20130702 Re: CVE Request: kernel: ipv6: using ipv4 vs ipv6 structure during routing lookup in sendmsg http://www.openwall.com/lists/oss-security/2013/07/02/5 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a963a37d384d71ad43b3e9e79d68d42fbe0901f3 https://github.com/torvalds/linux/commit/a963a37d384d71ad43b3e9e79d68d42fbe0901f3 https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.10.bz2 Common Vulnerability Exposure (CVE) ID: CVE-2013-2234 [oss-security] 20130702 Re: CVE Request: information leak in AF_KEY notify messages http://www.openwall.com/lists/oss-security/2013/07/02/7 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a5cc68f3d63306d0d288f31edfc2ae6ef8ecd887 https://bugzilla.redhat.com/show_bug.cgi?id=980995 https://github.com/torvalds/linux/commit/a5cc68f3d63306d0d288f31edfc2ae6ef8ecd887 Common Vulnerability Exposure (CVE) ID: CVE-2013-2237 USN-1970-1 http://www.ubuntu.com/usn/USN-1970-1 USN-1972-1 http://www.ubuntu.com/usn/USN-1972-1 USN-1973-1 http://www.ubuntu.com/usn/USN-1973-1 USN-1992-1 http://www.ubuntu.com/usn/USN-1992-1 USN-1993-1 http://www.ubuntu.com/usn/USN-1993-1 USN-1995-1 http://www.ubuntu.com/usn/USN-1995-1 USN-1998-1 http://www.ubuntu.com/usn/USN-1998-1 [oss-security] 20130703 Re: CVE Request: Earlier AF_KEY in key_notify_policy_flush http://www.openwall.com/lists/oss-security/2013/07/04/3 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=85dfb745ee40232876663ae206cba35f24ab2a40 https://bugzilla.redhat.com/show_bug.cgi?id=981220 https://github.com/torvalds/linux/commit/85dfb745ee40232876663ae206cba35f24ab2a40 https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.9.bz2 Common Vulnerability Exposure (CVE) ID: CVE-2013-2851 Debian Security Information: DSA-2766 (Google Search) http://marc.info/?l=linux-kernel&m=137055204522556&w=2 http://www.openwall.com/lists/oss-security/2013/06/06/13 RedHat Security Advisories: RHSA-2013:1645 RedHat Security Advisories: RHSA-2013:1783 http://rhn.redhat.com/errata/RHSA-2013-1783.html RedHat Security Advisories: RHSA-2014:0284 http://rhn.redhat.com/errata/RHSA-2014-0284.html SuSE Security Announcement: SUSE-SU-2013:1473 (Google Search) SuSE Security Announcement: SUSE-SU-2013:1474 (Google Search) SuSE Security Announcement: openSUSE-SU-2013:1971 (Google Search)
Copyright	Copyright (C) 2013 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.