Test ID:	1.3.6.1.4.1.25623.1.0.841870
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-2260-1)
Summary:	The remote host is missing an update for the 'linux-lts-trusty' package(s) announced via the USN-2260-1 advisory.
Description:	Summary: The remote host is missing an update for the 'linux-lts-trusty' package(s) announced via the USN-2260-1 advisory. Vulnerability Insight: A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges. (CVE-2014-0196) Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges. (CVE-2014-3153) Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-1738) Matthew Daley reported a flaw in the handling of ioctl commands by the floppy disk driver in the Linux kernel. An unprivileged local user could exploit this flaw to gain administrative privileges if the floppy disk module is loaded. (CVE-2014-1737) A flaw was discovered in the handling of network packets when mergeable buffers are disabled for virtual machines in the Linux kernel. Guest OS users may exploit this flaw to cause a denial of service (host OS crash) or possibly gain privilege on the host OS. (CVE-2014-0077) An information leak was discovered in the netfilter subsystem of the Linux kernel. An attacker could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2014-2568) Torok Edwin discovered a flaw with Xen netback driver when used with Linux configurations that do not allow sleeping in softirq context. A guest administrator could exploit this flaw to cause a denial of service (system crash) on the host. (CVE-2014-2580) A flaw was discovered in the Linux kernel's ping sockets. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or possibly gain privileges via a crafted application. (CVE-2014-2851) Sasha Levin reported a bug in the Linux kernel's virtual memory management subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). (CVE-2014-3122) Hannes Frederic Sowa reported a hash collision ordering problem in the xfs filesystem in the Linux kernel. A local user could exploit this flaw to cause filesystem corruption and a denial of service (oops or panic). (CVE-2014-7283) Affected Software/OS: 'linux-lts-trusty' package(s) on Ubuntu 12.04. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0077 59386 http://secunia.com/advisories/59386 59599 http://secunia.com/advisories/59599 66678 http://www.securityfocus.com/bid/66678 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d8316f3991d207fe32881a9ac20241be8fa2bad0 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.10 https://bugzilla.redhat.com/show_bug.cgi?id=1064440 https://github.com/torvalds/linux/commit/d8316f3991d207fe32881a9ac20241be8fa2bad0 Common Vulnerability Exposure (CVE) ID: CVE-2014-0196 106646 http://www.osvdb.org/106646 33516 http://www.exploit-db.com/exploits/33516 59218 http://secunia.com/advisories/59218 59262 http://secunia.com/advisories/59262 DSA-2926 http://www.debian.org/security/2014/dsa-2926 DSA-2928 http://www.debian.org/security/2014/dsa-2928 RHSA-2014:0512 http://rhn.redhat.com/errata/RHSA-2014-0512.html SUSE-SU-2014:0667 http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html SUSE-SU-2014:0683 http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html USN-2196-1 http://www.ubuntu.com/usn/USN-2196-1 USN-2197-1 http://www.ubuntu.com/usn/USN-2197-1 USN-2198-1 http://www.ubuntu.com/usn/USN-2198-1 USN-2199-1 http://www.ubuntu.com/usn/USN-2199-1 USN-2200-1 http://www.ubuntu.com/usn/USN-2200-1 USN-2201-1 http://www.ubuntu.com/usn/USN-2201-1 USN-2202-1 http://www.ubuntu.com/usn/USN-2202-1 USN-2203-1 http://www.ubuntu.com/usn/USN-2203-1 USN-2204-1 http://www.ubuntu.com/usn/USN-2204-1 [oss-security] 20140429 CVE-2014-0196: Linux kernel pty layer race condition memory corruption http://www.openwall.com/lists/oss-security/2014/05/05/6 http://bugzilla.novell.com/show_bug.cgi?id=875690 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4291086b1f081b869c6d79e5b7441633dc3ace00 http://linux.oracle.com/errata/ELSA-2014-0771.html http://pastebin.com/raw.php?i=yTSFUBgZ http://source.android.com/security/bulletin/2016-07-01.html http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15319.html https://bugzilla.redhat.com/show_bug.cgi?id=1094232 https://github.com/torvalds/linux/commit/4291086b1f081b869c6d79e5b7441633dc3ace00 Common Vulnerability Exposure (CVE) ID: CVE-2014-1737 BugTraq ID: 67300 http://www.securityfocus.com/bid/67300 Debian Security Information: DSA-2926 (Google Search) Debian Security Information: DSA-2928 (Google Search) http://www.openwall.com/lists/oss-security/2014/05/09/2 RedHat Security Advisories: RHSA-2014:0800 http://rhn.redhat.com/errata/RHSA-2014-0800.html RedHat Security Advisories: RHSA-2014:0801 http://rhn.redhat.com/errata/RHSA-2014-0801.html http://www.securitytracker.com/id/1030474 http://secunia.com/advisories/59309 http://secunia.com/advisories/59406 SuSE Security Announcement: SUSE-SU-2014:0667 (Google Search) SuSE Security Announcement: SUSE-SU-2014:0683 (Google Search) Common Vulnerability Exposure (CVE) ID: CVE-2014-1738 BugTraq ID: 67302 http://www.securityfocus.com/bid/67302 Common Vulnerability Exposure (CVE) ID: CVE-2014-2568 BugTraq ID: 66348 http://www.securityfocus.com/bid/66348 https://lkml.org/lkml/2014/3/20/421 http://seclists.org/oss-sec/2014/q1/627 http://www.openwall.com/lists/oss-security/2014/03/20/16 http://www.ubuntu.com/usn/USN-2240-1 XForce ISS Database: linux-kernel-cve20142568-info-disclosure(91922) https://exchange.xforce.ibmcloud.com/vulnerabilities/91922 Common Vulnerability Exposure (CVE) ID: CVE-2014-2580 BugTraq ID: 66386 http://www.securityfocus.com/bid/66386 http://www.openwall.com/lists/oss-security/2014/03/24/8 http://www.openwall.com/lists/oss-security/2014/03/24/6 http://www.securitytracker.com/id/1029949 Common Vulnerability Exposure (CVE) ID: CVE-2014-2851 BugTraq ID: 66779 http://www.securityfocus.com/bid/66779 https://lkml.org/lkml/2014/4/10/736 http://www.openwall.com/lists/oss-security/2014/04/11/4 http://www.securitytracker.com/id/1030769 Common Vulnerability Exposure (CVE) ID: CVE-2014-3122 67162 http://www.securityfocus.com/bid/67162 USN-2240-1 [oss-security] 20140430 Re: CVE request Linux kernel: mm: try_to_unmap_cluster() should lock_page() before mlocking http://www.openwall.com/lists/oss-security/2014/05/01/7 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=57e68e9cd65b4b8eb4045a1e0d0746458502554c http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.3 https://bugzilla.redhat.com/show_bug.cgi?id=1093076 https://github.com/torvalds/linux/commit/57e68e9cd65b4b8eb4045a1e0d0746458502554c Common Vulnerability Exposure (CVE) ID: CVE-2014-3153 BugTraq ID: 67906 http://www.securityfocus.com/bid/67906 Debian Security Information: DSA-2949 (Google Search) http://www.debian.org/security/2014/dsa-2949 http://www.exploit-db.com/exploits/35370 https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.html https://github.com/elongl/CVE-2014-3153 https://www.openwall.com/lists/oss-security/2021/02/01/4 http://www.openwall.com/lists/oss-security/2014/06/05/22 http://openwall.com/lists/oss-security/2014/06/05/24 http://openwall.com/lists/oss-security/2014/06/06/20 http://www.openwall.com/lists/oss-security/2021/02/01/4 http://www.securitytracker.com/id/1030451 http://secunia.com/advisories/58500 http://secunia.com/advisories/58990 http://secunia.com/advisories/59029 http://secunia.com/advisories/59092 http://secunia.com/advisories/59153 SuSE Security Announcement: SUSE-SU-2014:0775 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.html SuSE Security Announcement: SUSE-SU-2014:0796 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.html SuSE Security Announcement: SUSE-SU-2014:0837 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.html SuSE Security Announcement: SUSE-SU-2014:1316 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html SuSE Security Announcement: SUSE-SU-2014:1319 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html SuSE Security Announcement: openSUSE-SU-2014:0878 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.html http://www.ubuntu.com/usn/USN-2237-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-7283 BugTraq ID: 70261 http://www.securityfocus.com/bid/70261 http://www.openwall.com/lists/oss-security/2014/10/01/29 http://marc.info/?l=linux-xfs&m=139590613002926&w=2 RedHat Security Advisories: RHSA-2014:1943 http://rhn.redhat.com/errata/RHSA-2014-1943.html
Copyright	Copyright (C) 2014 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.