Test ID:	1.3.6.1.4.1.25623.1.0.841834
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-2225-1)
Summary:	The remote host is missing an update for the 'linux-lts-saucy' package(s) announced via the USN-2225-1 advisory.
Description:	Summary: The remote host is missing an update for the 'linux-lts-saucy' package(s) announced via the USN-2225-1 advisory. Vulnerability Insight: Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-1738) Matthew Daley reported a flaw in the handling of ioctl commands by the floppy disk driver in the Linux kernel. An unprivileged local user could exploit this flaw to gain administrative privileges if the floppy disk module is loaded. (CVE-2014-1737) A flaw was discovered in the vhost-net subsystem of the Linux kernel. Guest OS users could exploit this flaw to cause a denial of service (host OS crash). (CVE-2014-0055) A flaw was discovered in the handling of network packets when mergeable buffers are disabled for virtual machines in the Linux kernel. Guest OS users may exploit this flaw to cause a denial of service (host OS crash) or possibly gain privilege on the host OS. (CVE-2014-0077) Nikolay Aleksandrov discovered a race condition in Linux kernel's IPv4 fragment handling code. Remote attackers could exploit this flaw to cause a denial of service (system crash) or possibly have other unspecified impact. (CVE-2014-0100) A flaw was discovered in the Linux kernel's handling of the SCTP handshake. A remote attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2014-0101) A flaw was discovered in the handling of routing information in Linux kernel's IPv6 stack. A remote attacker could exploit this flaw to cause a denial of service (memory consumption) via a flood of ICMPv6 router advertisement packets. (CVE-2014-2309) An error was discovered in the Linux kernel's DCCP protocol support. A remote attacked could exploit this flaw to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2014-2523) Max Sydorenko discovered a race condition in the Atheros 9k wireless driver in the Linux kernel. This race could be exploited by remote attackers to cause a denial of service (system crash). (CVE-2014-2672) Adhemerval Zanella Neto discovered a flaw the in the Transactional Memory (TM) implementation for powerpc based machine. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). (CVE-2014-2673) An error was discovered in the Reliable Datagram Sockets (RDS) protocol stack in the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) or possibly have unspecified other impact. (CVE-2014-2678) Yaara Rozenblum discovered a race condition in the Linux kernel's Generic IEEE 802.11 Networking Stack (mac80211). Remote attackers could exploit this flaw to cause a denial of service (system crash). (CVE-2014-2706) A flaw was discovered in the Linux kernel's ping sockets. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or possibly gain privileges via a crafted ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'linux-lts-saucy' package(s) on Ubuntu 12.04. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0055 59386 http://secunia.com/advisories/59386 66441 http://www.securityfocus.com/bid/66441 RHSA-2014:0328 http://rhn.redhat.com/errata/RHSA-2014-0328.html RHSA-2014:0339 http://rhn.redhat.com/errata/RHSA-2014-0339.html https://bugzilla.redhat.com/show_bug.cgi?id=1062577 Common Vulnerability Exposure (CVE) ID: CVE-2014-0077 59599 http://secunia.com/advisories/59599 66678 http://www.securityfocus.com/bid/66678 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d8316f3991d207fe32881a9ac20241be8fa2bad0 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.10 https://bugzilla.redhat.com/show_bug.cgi?id=1064440 https://github.com/torvalds/linux/commit/d8316f3991d207fe32881a9ac20241be8fa2bad0 Common Vulnerability Exposure (CVE) ID: CVE-2014-0100 [oss-security] 20140304 CVE-2014-0100 -- Linux kernel: net: inet frag code race condition leading to user-after-free http://www.openwall.com/lists/oss-security/2014/03/04/4 http://patchwork.ozlabs.org/patch/325844/ https://bugzilla.redhat.com/show_bug.cgi?id=1070618 Common Vulnerability Exposure (CVE) ID: CVE-2014-0101 59216 http://secunia.com/advisories/59216 65943 http://www.securityfocus.com/bid/65943 RHSA-2014:0419 http://rhn.redhat.com/errata/RHSA-2014-0419.html RHSA-2014:0432 http://rhn.redhat.com/errata/RHSA-2014-0432.html USN-2173-1 http://www.ubuntu.com/usn/USN-2173-1 USN-2174-1 http://www.ubuntu.com/usn/USN-2174-1 [oss-security] 20140304 CVE-2014-0101 -- Linux kernel: net: sctp: null pointer dereference when processing authenticated cookie_echo chunk http://www.openwall.com/lists/oss-security/2014/03/04/6 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ec0223ec48a90cb605244b45f7c62de856403729 http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15317.html https://bugzilla.redhat.com/show_bug.cgi?id=1070705 https://github.com/torvalds/linux/commit/ec0223ec48a90cb605244b45f7c62de856403729 Common Vulnerability Exposure (CVE) ID: CVE-2014-1737 BugTraq ID: 67300 http://www.securityfocus.com/bid/67300 Debian Security Information: DSA-2926 (Google Search) http://www.debian.org/security/2014/dsa-2926 Debian Security Information: DSA-2928 (Google Search) http://www.debian.org/security/2014/dsa-2928 http://www.openwall.com/lists/oss-security/2014/05/09/2 RedHat Security Advisories: RHSA-2014:0800 http://rhn.redhat.com/errata/RHSA-2014-0800.html RedHat Security Advisories: RHSA-2014:0801 http://rhn.redhat.com/errata/RHSA-2014-0801.html http://www.securitytracker.com/id/1030474 http://secunia.com/advisories/59262 http://secunia.com/advisories/59309 http://secunia.com/advisories/59406 SuSE Security Announcement: SUSE-SU-2014:0667 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html SuSE Security Announcement: SUSE-SU-2014:0683 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html Common Vulnerability Exposure (CVE) ID: CVE-2014-1738 BugTraq ID: 67302 http://www.securityfocus.com/bid/67302 Common Vulnerability Exposure (CVE) ID: CVE-2014-2309 BugTraq ID: 66095 http://www.securityfocus.com/bid/66095 http://www.openwall.com/lists/oss-security/2014/03/08/1 http://www.securitytracker.com/id/1029894 http://secunia.com/advisories/57250 SuSE Security Announcement: SUSE-SU-2015:0481 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html SuSE Security Announcement: openSUSE-SU-2015:0566 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html Common Vulnerability Exposure (CVE) ID: CVE-2014-2523 BugTraq ID: 66279 http://www.securityfocus.com/bid/66279 http://twitter.com/grsecurity/statuses/445496197399461888 http://www.openwall.com/lists/oss-security/2014/03/17/7 http://www.securitytracker.com/id/1029945 http://secunia.com/advisories/57446 XForce ISS Database: linux-kernel-cve20142523-code-exec(91910) https://exchange.xforce.ibmcloud.com/vulnerabilities/91910 Common Vulnerability Exposure (CVE) ID: CVE-2014-2672 BugTraq ID: 66492 http://www.securityfocus.com/bid/66492 http://www.openwall.com/lists/oss-security/2014/03/30/5 http://secunia.com/advisories/57468 Common Vulnerability Exposure (CVE) ID: CVE-2014-2673 BugTraq ID: 66477 http://www.securityfocus.com/bid/66477 http://secunia.com/advisories/57436 XForce ISS Database: linux-kernel-cve20142673-dos(92113) https://exchange.xforce.ibmcloud.com/vulnerabilities/92113 Common Vulnerability Exposure (CVE) ID: CVE-2014-2678 BugTraq ID: 66543 http://www.securityfocus.com/bid/66543 http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131276.html https://lkml.org/lkml/2014/3/29/188 http://www.openwall.com/lists/oss-security/2014/03/31/10 http://secunia.com/advisories/60130 http://secunia.com/advisories/60471 Common Vulnerability Exposure (CVE) ID: CVE-2014-2706 BugTraq ID: 66591 http://www.securityfocus.com/bid/66591 http://www.openwall.com/lists/oss-security/2014/04/01/8 http://www.securitytracker.com/id/1038201 http://secunia.com/advisories/60613 SuSE Security Announcement: SUSE-SU-2014:1316 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html SuSE Security Announcement: SUSE-SU-2014:1319 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html Common Vulnerability Exposure (CVE) ID: CVE-2014-2851 BugTraq ID: 66779 http://www.securityfocus.com/bid/66779 https://lkml.org/lkml/2014/4/10/736 http://www.openwall.com/lists/oss-security/2014/04/11/4 http://www.securitytracker.com/id/1030769 Common Vulnerability Exposure (CVE) ID: CVE-2014-9715 BugTraq ID: 73953 http://www.securityfocus.com/bid/73953 Debian Security Information: DSA-3237 (Google Search) http://www.debian.org/security/2015/dsa-3237 http://marc.info/?l=netfilter-devel&m=140112364215200&w=2 http://www.openwall.com/lists/oss-security/2015/04/08/1 RedHat Security Advisories: RHSA-2015:1534 http://rhn.redhat.com/errata/RHSA-2015-1534.html RedHat Security Advisories: RHSA-2015:1564 http://rhn.redhat.com/errata/RHSA-2015-1564.html http://www.securitytracker.com/id/1032415
Copyright	Copyright (C) 2014 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.