Test ID:	1.3.6.1.4.1.25623.1.0.841838
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-2223-1)
Summary:	The remote host is missing an update for the 'linux-lts-quantal' package(s) announced via the USN-2223-1 advisory.
Description:	Summary: The remote host is missing an update for the 'linux-lts-quantal' package(s) announced via the USN-2223-1 advisory. Vulnerability Insight: Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-1738) Matthew Daley reported a flaw in the handling of ioctl commands by the floppy disk driver in the Linux kernel. An unprivileged local user could exploit this flaw to gain administrative privileges if the floppy disk module is loaded. (CVE-2014-1737) A flaw was discovered in the Linux kernel's IPC reference counting. An unprivileged local user could exploit this flaw to cause a denial of service (OOM system crash). (CVE-2013-4483) A flaw was discovered in the vhost-net subsystem of the Linux kernel. Guest OS users could exploit this flaw to cause a denial of service (host OS crash). (CVE-2014-0055) A flaw was discovered in the handling of network packets when mergeable buffers are disabled for virtual machines in the Linux kernel. Guest OS users may exploit this flaw to cause a denial of service (host OS crash) or possibly gain privilege on the host OS. (CVE-2014-0077) A flaw was discovered in the Linux kernel's handling of the SCTP handshake. A remote attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2014-0101) A flaw was discovered in the handling of routing information in Linux kernel's IPv6 stack. A remote attacker could exploit this flaw to cause a denial of service (memory consumption) via a flood of ICMPv6 router advertisement packets. (CVE-2014-2309) An error was discovered in the Linux kernel's DCCP protocol support. A remote attacked could exploit this flaw to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2014-2523) Max Sydorenko discovered a race condition in the Atheros 9k wireless driver in the Linux kernel. This race could be exploited by remote attackers to cause a denial of service (system crash). (CVE-2014-2672) An error was discovered in the Reliable Datagram Sockets (RDS) protocol stack in the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) or possibly have unspecified other impact. (CVE-2014-2678) Yaara Rozenblum discovered a race condition in the Linux kernel's Generic IEEE 802.11 Networking Stack (mac80211). Remote attackers could exploit this flaw to cause a denial of service (system crash). (CVE-2014-2706) A flaw was discovered in the Linux kernel's ping sockets. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or possibly gain privileges via a crafted application. (CVE-2014-2851) Sasha Levin reported a bug in the Linux kernel's virtual memory management subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). (CVE-2014-3122) Affected Software/OS: 'linux-lts-quantal' package(s) on Ubuntu 12.04. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-4483 RHSA-2014:0285 http://rhn.redhat.com/errata/RHSA-2014-0285.html RHSA-2015:0284 http://rhn.redhat.com/errata/RHSA-2015-0284.html [oss-security] 20131030 Re: CVE Request -- Linux kernel: ipc: ipc_rcu_putref refcount races http://www.openwall.com/lists/oss-security/2013/10/30/4 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6062a8dc0517bce23e3c2f7d2fea5e22411269a3 https://bugzilla.redhat.com/show_bug.cgi?id=1024854 https://github.com/torvalds/linux/commit/6062a8dc0517bce23e3c2f7d2fea5e22411269a3 https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.10.bz2 openSUSE-SU-2014:0247 http://lists.opensuse.org/opensuse-updates/2014-02/msg00045.html Common Vulnerability Exposure (CVE) ID: CVE-2014-0055 59386 http://secunia.com/advisories/59386 66441 http://www.securityfocus.com/bid/66441 RHSA-2014:0328 http://rhn.redhat.com/errata/RHSA-2014-0328.html RHSA-2014:0339 http://rhn.redhat.com/errata/RHSA-2014-0339.html https://bugzilla.redhat.com/show_bug.cgi?id=1062577 Common Vulnerability Exposure (CVE) ID: CVE-2014-0077 59599 http://secunia.com/advisories/59599 66678 http://www.securityfocus.com/bid/66678 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d8316f3991d207fe32881a9ac20241be8fa2bad0 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.10 https://bugzilla.redhat.com/show_bug.cgi?id=1064440 https://github.com/torvalds/linux/commit/d8316f3991d207fe32881a9ac20241be8fa2bad0 Common Vulnerability Exposure (CVE) ID: CVE-2014-0101 59216 http://secunia.com/advisories/59216 65943 http://www.securityfocus.com/bid/65943 RHSA-2014:0419 http://rhn.redhat.com/errata/RHSA-2014-0419.html RHSA-2014:0432 http://rhn.redhat.com/errata/RHSA-2014-0432.html USN-2173-1 http://www.ubuntu.com/usn/USN-2173-1 USN-2174-1 http://www.ubuntu.com/usn/USN-2174-1 [oss-security] 20140304 CVE-2014-0101 -- Linux kernel: net: sctp: null pointer dereference when processing authenticated cookie_echo chunk http://www.openwall.com/lists/oss-security/2014/03/04/6 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ec0223ec48a90cb605244b45f7c62de856403729 http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15317.html https://bugzilla.redhat.com/show_bug.cgi?id=1070705 https://github.com/torvalds/linux/commit/ec0223ec48a90cb605244b45f7c62de856403729 Common Vulnerability Exposure (CVE) ID: CVE-2014-1737 BugTraq ID: 67300 http://www.securityfocus.com/bid/67300 Debian Security Information: DSA-2926 (Google Search) http://www.debian.org/security/2014/dsa-2926 Debian Security Information: DSA-2928 (Google Search) http://www.debian.org/security/2014/dsa-2928 http://www.openwall.com/lists/oss-security/2014/05/09/2 RedHat Security Advisories: RHSA-2014:0800 http://rhn.redhat.com/errata/RHSA-2014-0800.html RedHat Security Advisories: RHSA-2014:0801 http://rhn.redhat.com/errata/RHSA-2014-0801.html http://www.securitytracker.com/id/1030474 http://secunia.com/advisories/59262 http://secunia.com/advisories/59309 http://secunia.com/advisories/59406 SuSE Security Announcement: SUSE-SU-2014:0667 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html SuSE Security Announcement: SUSE-SU-2014:0683 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html Common Vulnerability Exposure (CVE) ID: CVE-2014-1738 BugTraq ID: 67302 http://www.securityfocus.com/bid/67302 Common Vulnerability Exposure (CVE) ID: CVE-2014-2309 BugTraq ID: 66095 http://www.securityfocus.com/bid/66095 http://www.openwall.com/lists/oss-security/2014/03/08/1 http://www.securitytracker.com/id/1029894 http://secunia.com/advisories/57250 SuSE Security Announcement: SUSE-SU-2015:0481 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html SuSE Security Announcement: openSUSE-SU-2015:0566 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html Common Vulnerability Exposure (CVE) ID: CVE-2014-2523 BugTraq ID: 66279 http://www.securityfocus.com/bid/66279 http://twitter.com/grsecurity/statuses/445496197399461888 http://www.openwall.com/lists/oss-security/2014/03/17/7 http://www.securitytracker.com/id/1029945 http://secunia.com/advisories/57446 XForce ISS Database: linux-kernel-cve20142523-code-exec(91910) https://exchange.xforce.ibmcloud.com/vulnerabilities/91910 Common Vulnerability Exposure (CVE) ID: CVE-2014-2672 BugTraq ID: 66492 http://www.securityfocus.com/bid/66492 http://www.openwall.com/lists/oss-security/2014/03/30/5 http://secunia.com/advisories/57468 Common Vulnerability Exposure (CVE) ID: CVE-2014-2678 BugTraq ID: 66543 http://www.securityfocus.com/bid/66543 http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131276.html https://lkml.org/lkml/2014/3/29/188 http://www.openwall.com/lists/oss-security/2014/03/31/10 http://secunia.com/advisories/60130 http://secunia.com/advisories/60471 Common Vulnerability Exposure (CVE) ID: CVE-2014-2706 BugTraq ID: 66591 http://www.securityfocus.com/bid/66591 http://www.openwall.com/lists/oss-security/2014/04/01/8 http://www.securitytracker.com/id/1038201 http://secunia.com/advisories/60613 SuSE Security Announcement: SUSE-SU-2014:1316 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html SuSE Security Announcement: SUSE-SU-2014:1319 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html Common Vulnerability Exposure (CVE) ID: CVE-2014-2851 BugTraq ID: 66779 http://www.securityfocus.com/bid/66779 https://lkml.org/lkml/2014/4/10/736 http://www.openwall.com/lists/oss-security/2014/04/11/4 http://www.securitytracker.com/id/1030769 Common Vulnerability Exposure (CVE) ID: CVE-2014-3122 67162 http://www.securityfocus.com/bid/67162 DSA-2926 USN-2240-1 http://www.ubuntu.com/usn/USN-2240-1 [oss-security] 20140430 Re: CVE request Linux kernel: mm: try_to_unmap_cluster() should lock_page() before mlocking http://www.openwall.com/lists/oss-security/2014/05/01/7 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=57e68e9cd65b4b8eb4045a1e0d0746458502554c http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.3 https://bugzilla.redhat.com/show_bug.cgi?id=1093076 https://github.com/torvalds/linux/commit/57e68e9cd65b4b8eb4045a1e0d0746458502554c
Copyright	Copyright (C) 2014 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.