Test ID:	1.3.6.1.4.1.25623.1.0.841545
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-1941-1)
Summary:	The remote host is missing an update for the 'linux' package(s) announced via the USN-1941-1 advisory.
Description:	Summary: The remote host is missing an update for the 'linux' package(s) announced via the USN-1941-1 advisory. Vulnerability Insight: Chanam Park reported a Null pointer flaw in the Linux kernel's Ceph client. A remote attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2013-1059) Vasily Kulikov discovered a flaw in the Linux Kernel's perf tool that allows for privilege escalation. A local user could exploit this flaw to run commands as root when using the perf tool. (CVE-2013-1060) Jonathan Salwan discovered an information leak in the Linux kernel's cdrom driver. A local user can exploit this leak to obtain sensitive information from kernel memory if the CD-ROM drive is malfunctioning. (CVE-2013-2164) A flaw was discovered in the Linux kernel when an IPv6 socket is used to connect to an IPv4 destination. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). (CVE-2013-2232) An information leak was discovered in the IPSec key_socket implementation in the Linux kernel. An local user could exploit this flaw to examine potentially sensitive information in kernel memory. (CVE-2013-2234) Kees Cook discovered a format string vulnerability in the Linux kernel's disk block layer. A local user with administrator privileges could exploit this flaw to gain kernel privileges. (CVE-2013-2851) Hannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option in the Linux kernel's IPv6 stack. A local user could exploit this flaw to cause a denial of service (system crash). (CVE-2013-4162) Hannes Frederic Sowa discovered a flaw in the IPv6 subsystem of the Linux kernel when the IPV6_MTU setsockopt option has been specified in combination with the UDP_CORK option. A local user could exploit this flaw to cause a denial of service (system crash). (CVE-2013-4163) Affected Software/OS: 'linux' package(s) on Ubuntu 12.04. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-1059 http://hkpco.kr/advisory/CVE-2013-1059.txt http://www.openwall.com/lists/oss-security/2013/07/09/7 SuSE Security Announcement: SUSE-SU-2013:1161 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00012.html SuSE Security Announcement: SUSE-SU-2013:1473 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html SuSE Security Announcement: SUSE-SU-2013:1474 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html SuSE Security Announcement: openSUSE-SU-2013:1971 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html http://www.ubuntu.com/usn/USN-1941-1 http://www.ubuntu.com/usn/USN-1942-1 Common Vulnerability Exposure (CVE) ID: CVE-2013-1060 https://lists.ubuntu.com/archives/kernel-team/2013-July/031248.html https://lists.ubuntu.com/archives/kernel-team/2013-July/031249.html http://www.ubuntu.com/usn/USN-1938-1 http://www.ubuntu.com/usn/USN-1939-1 http://www.ubuntu.com/usn/USN-1943-1 http://www.ubuntu.com/usn/USN-1944-1 http://www.ubuntu.com/usn/USN-1945-1 http://www.ubuntu.com/usn/USN-1946-1 http://www.ubuntu.com/usn/USN-1947-1 Common Vulnerability Exposure (CVE) ID: CVE-2013-2164 DSA-2766 http://www.debian.org/security/2013/dsa-2766 RHSA-2013:1166 http://rhn.redhat.com/errata/RHSA-2013-1166.html RHSA-2013:1645 http://rhn.redhat.com/errata/RHSA-2013-1645.html SUSE-SU-2013:1473 SUSE-SU-2013:1474 USN-1912-1 http://www.ubuntu.com/usn/USN-1912-1 USN-1913-1 http://www.ubuntu.com/usn/USN-1913-1 USN-1941-1 USN-1942-1 [oss-security] 20130610 Re: CVE Request: Linux Kernel - Leak information in cdrom driver. http://www.openwall.com/lists/oss-security/2013/06/10/9 http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/drivers/cdrom/cdrom.c?id=050e4b8fb7cdd7096c987a9cd556029c622c7fe2 https://bugzilla.redhat.com/show_bug.cgi?id=973100 openSUSE-SU-2013:1971 Common Vulnerability Exposure (CVE) ID: CVE-2013-2232 RHSA-2013:1173 http://rhn.redhat.com/errata/RHSA-2013-1173.html USN-1938-1 USN-1943-1 USN-1944-1 USN-1945-1 USN-1946-1 USN-1947-1 [oss-security] 20130702 Re: CVE Request: kernel: ipv6: using ipv4 vs ipv6 structure during routing lookup in sendmsg http://www.openwall.com/lists/oss-security/2013/07/02/5 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a963a37d384d71ad43b3e9e79d68d42fbe0901f3 https://github.com/torvalds/linux/commit/a963a37d384d71ad43b3e9e79d68d42fbe0901f3 https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.10.bz2 Common Vulnerability Exposure (CVE) ID: CVE-2013-2234 [oss-security] 20130702 Re: CVE Request: information leak in AF_KEY notify messages http://www.openwall.com/lists/oss-security/2013/07/02/7 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a5cc68f3d63306d0d288f31edfc2ae6ef8ecd887 https://bugzilla.redhat.com/show_bug.cgi?id=980995 https://github.com/torvalds/linux/commit/a5cc68f3d63306d0d288f31edfc2ae6ef8ecd887 Common Vulnerability Exposure (CVE) ID: CVE-2013-2851 Debian Security Information: DSA-2766 (Google Search) http://marc.info/?l=linux-kernel&m=137055204522556&w=2 http://www.openwall.com/lists/oss-security/2013/06/06/13 RedHat Security Advisories: RHSA-2013:1645 RedHat Security Advisories: RHSA-2013:1783 http://rhn.redhat.com/errata/RHSA-2013-1783.html RedHat Security Advisories: RHSA-2014:0284 http://rhn.redhat.com/errata/RHSA-2014-0284.html Common Vulnerability Exposure (CVE) ID: CVE-2013-4162 54148 http://secunia.com/advisories/54148 55055 http://secunia.com/advisories/55055 61411 http://www.securityfocus.com/bid/61411 RHSA-2013:1436 http://rhn.redhat.com/errata/RHSA-2013-1436.html RHSA-2013:1460 http://rhn.redhat.com/errata/RHSA-2013-1460.html RHSA-2013:1520 http://rhn.redhat.com/errata/RHSA-2013-1520.html USN-1939-1 [oss-security] 20130723 Re: CVE Request: Linux kernel: panic while pushing pending data out of an IPv6 socket with UDP_CORK enabled. http://www.openwall.com/lists/oss-security/2013/07/23/9 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8822b64a0fa64a5dd1dfcf837c5b0be83f8c05d1 https://bugzilla.redhat.com/show_bug.cgi?id=987627 https://github.com/torvalds/linux/commit/8822b64a0fa64a5dd1dfcf837c5b0be83f8c05d1 Common Vulnerability Exposure (CVE) ID: CVE-2013-4163 61412 http://www.securityfocus.com/bid/61412 [oss-security] 20130723 Re: CVE request: Linux kernel: panic while appending data to a corked IPv6 socket in ip6_append_data_mtu http://www.openwall.com/lists/oss-security/2013/07/23/10 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=75a493e60ac4bbe2e977e7129d6d8cbb0dd236be https://bugzilla.redhat.com/show_bug.cgi?id=987633 https://github.com/torvalds/linux/commit/75a493e60ac4bbe2e977e7129d6d8cbb0dd236be
Copyright	Copyright (C) 2013 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.