Test ID:	1.3.6.1.4.1.25623.1.0.841602
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-1995-1)
Summary:	The remote host is missing an update for the 'linux-lts-raring' package(s) announced via the USN-1995-1 advisory.
Description:	Summary: The remote host is missing an update for the 'linux-lts-raring' package(s) announced via the USN-1995-1 advisory. Vulnerability Insight: An information leak was discovered in the Linux kernel when reading broadcast messages from the notify_policy interface of the IPSec key_socket. A local user could exploit this flaw to examine potentially sensitive information in kernel memory. (CVE-2013-2237) Kees Cook discovered flaw in the Human Interface Device (HID) subsystem of the Linux kernel. A physically proximate attacker could exploit this flaw to execute arbitrary code or cause a denial of service (heap memory corruption) via a specially crafted device that provides an invalid Report ID. (CVE-2013-2888) Kees Cook discovered a flaw in the Human Interface Device (HID) subsystem of the Linux kernel when CONFIG_HID_PANTHERLORD is enabled. A physically proximate attacker could cause a denial of service (heap out-of-bounds write) via a specially crafted device. (CVE-2013-2892) Kees Cook discovered a vulnerability in the Linux Kernel's Human Interface Device (HID) subsystem's support for N-Trig touch screens. A physically proximate attacker could exploit this flaw to cause a denial of service (OOPS) via a specially crafted device. (CVE-2013-2896) Kees Cook discovered an information leak in the Linux kernel's Human Interface Device (HID) subsystem when CONFIG_HID_SENSOR_HUB is enabled. A physically proximate attacker could obtain potentially sensitive information from kernel memory via a specially crafted device. (CVE-2013-2898) Kees Cook discovered a flaw in the Human Interface Device (HID) subsystem of the Linux kernel whenCONFIG_HID_PICOLCD is enabled. A physically proximate attacker could exploit this flaw to cause a denial of service (OOPS) via a specially crafted device. (CVE-2013-2899) A flaw was discovered in how the Linux Kernel's networking stack checks scm credentials when used with namespaces. A local attacker could exploit this flaw to gain privileges. (CVE-2013-4300) Affected Software/OS: 'linux-lts-raring' package(s) on Ubuntu 12.04. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-2237 DSA-2766 http://www.debian.org/security/2013/dsa-2766 RHSA-2013:1166 http://rhn.redhat.com/errata/RHSA-2013-1166.html RHSA-2013:1173 http://rhn.redhat.com/errata/RHSA-2013-1173.html SUSE-SU-2013:1473 http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html SUSE-SU-2013:1474 http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html USN-1912-1 http://www.ubuntu.com/usn/USN-1912-1 USN-1913-1 http://www.ubuntu.com/usn/USN-1913-1 USN-1970-1 http://www.ubuntu.com/usn/USN-1970-1 USN-1972-1 http://www.ubuntu.com/usn/USN-1972-1 USN-1973-1 http://www.ubuntu.com/usn/USN-1973-1 USN-1992-1 http://www.ubuntu.com/usn/USN-1992-1 USN-1993-1 http://www.ubuntu.com/usn/USN-1993-1 USN-1995-1 http://www.ubuntu.com/usn/USN-1995-1 USN-1998-1 http://www.ubuntu.com/usn/USN-1998-1 [oss-security] 20130703 Re: CVE Request: Earlier AF_KEY in key_notify_policy_flush http://www.openwall.com/lists/oss-security/2013/07/04/3 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=85dfb745ee40232876663ae206cba35f24ab2a40 https://bugzilla.redhat.com/show_bug.cgi?id=981220 https://github.com/torvalds/linux/commit/85dfb745ee40232876663ae206cba35f24ab2a40 https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.9.bz2 openSUSE-SU-2013:1971 http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html Common Vulnerability Exposure (CVE) ID: CVE-2013-2888 Debian Security Information: DSA-2766 (Google Search) http://marc.info/?l=linux-input&m=137772180514608&w=1 http://openwall.com/lists/oss-security/2013/08/28/13 RedHat Security Advisories: RHSA-2013:1490 http://rhn.redhat.com/errata/RHSA-2013-1490.html RedHat Security Advisories: RHSA-2013:1645 http://rhn.redhat.com/errata/RHSA-2013-1645.html http://www.ubuntu.com/usn/USN-1976-1 http://www.ubuntu.com/usn/USN-1977-1 http://www.ubuntu.com/usn/USN-2019-1 http://www.ubuntu.com/usn/USN-2021-1 http://www.ubuntu.com/usn/USN-2022-1 http://www.ubuntu.com/usn/USN-2024-1 http://www.ubuntu.com/usn/USN-2038-1 http://www.ubuntu.com/usn/USN-2039-1 http://www.ubuntu.com/usn/USN-2050-1 Common Vulnerability Exposure (CVE) ID: CVE-2013-2892 BugTraq ID: 62049 http://www.securityfocus.com/bid/62049 http://marc.info/?l=linux-input&m=137772185414625&w=1 Common Vulnerability Exposure (CVE) ID: CVE-2013-2896 http://marc.info/?l=linux-input&m=137772189314633&w=1 Common Vulnerability Exposure (CVE) ID: CVE-2013-2898 http://marc.info/?l=linux-input&m=137772191114645&w=1 Common Vulnerability Exposure (CVE) ID: CVE-2013-2899 http://marc.info/?l=linux-input&m=137772191714649&w=1 SuSE Security Announcement: SUSE-SU-2015:0481 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html SuSE Security Announcement: openSUSE-SU-2015:0566 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html Common Vulnerability Exposure (CVE) ID: CVE-2013-4300 [oss-security] 20130904 Re: CVE request: Kernel PID Spoofing Privilege Escalation Vulnerability http://www.openwall.com/lists/oss-security/2013/09/05/3 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d661684cf6820331feae71146c35da83d794467e https://bugzilla.redhat.com/show_bug.cgi?id=1004736 https://github.com/torvalds/linux/commit/d661684cf6820331feae71146c35da83d794467e https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.11.bz2
Copyright	Copyright (C) 2013 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.