| Description: | Summary:
The remote host is missing an update for the 'linux' package(s) announced via the USN-2290-1 advisory.
Vulnerability Insight:
Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol
(PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user
could exploit this flaw to gain administrative privileges. (CVE-2014-4943)
Salva Peiro discovered an information leak in the Linux kernel's media-
device driver. A local attacker could exploit this flaw to obtain sensitive
information from kernel memory. (CVE-2014-1739)
A bounds check error was discovered in the socket filter subsystem of the
Linux kernel. A local user could exploit this flaw to cause a denial of
service (system crash) via crafted BPF instructions. (CVE-2014-3144)
A remainder calculation error was discovered in the socket filter subsystem
of the Linux kernel. A local user could exploit this flaw to cause a denial
of service (system crash) via crafted BPF instructions. (CVE-2014-3145)
A flaw was discovered in the Linux kernel's handling of hugetlb entries. A
local user could exploit this flaw to cause a denial service (memory
corruption or system crash). (CVE-2014-3940)
Don Bailey and Ludvig Strigeus discovered an integer overflow in the Linux
kernel's implementation of the LZ4 decompression algorithm, when used by
code not complying with API limitations. An attacker could exploit this
flaw to cause a denial of service (memory corruption) or possibly other
unspecified impact. (CVE-2014-4611)
Tuomas Rasanen reported the Linux kernel on certain Intel processors does
not properly initialize random seeds for network operations, causing TCP
sequence numbers, TCP and UDP port numbers and IP ID values to be
predictable. A remote attacker could exploit this flaw to spoof or disrupt
IP communication. (CVE-2014-7284)
Affected Software/OS:
'linux' package(s) on Ubuntu 14.04.
Solution:
Please install the updated package(s).
CVSS Score:
6.9
CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
|
