Test ID:	1.3.6.1.4.1.25623.1.0.842017
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-2395-1)
Summary:	The remote host is missing an update for the 'linux' package(s) announced via the USN-2395-1 advisory.
Description:	Summary: The remote host is missing an update for the 'linux' package(s) announced via the USN-2395-1 advisory. Vulnerability Insight: Nadav Amit reported that the KVM (Kernel Virtual Machine) mishandles noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest. (CVE-2014-3647) A flaw was discovered with the handling of the invept instruction in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. An unprivileged guest user could exploit this flaw to cause a denial of service (system crash) on the guest. (CVE-2014-3646) Lars Bull reported a race condition in the PIT (programmable interrupt timer) emulation in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. A local guest user with access to PIT i/o ports could exploit this flaw to cause a denial of service (crash) on the host. (CVE-2014-3611) Lars Bull and Nadav Amit reported a flaw in how KVM (the Kernel Virtual Machine) handles noncanonical writes to certain MSR registers. A privileged guest user can exploit this flaw to cause a denial of service (kernel panic) on the host. (CVE-2014-3610) A bounds check error was discovered in the driver for the Logitech Unifying receivers and devices. A physically proximate attacker could exploit this flaw to cause a denial of service (invalid kfree) or to execute arbitrary code. (CVE-2014-3182) Raphael Geissert reported a NULL pointer dereference in the Linux kernel's CIFS client. A remote CIFS server could cause a denial of service (system crash) or possibly have other unspecified impact by deleting IPC$ share during resolution of DFS referrals. (CVE-2014-7145) Affected Software/OS: 'linux' package(s) on Ubuntu 14.04. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3182 BugTraq ID: 69770 http://www.securityfocus.com/bid/69770 https://code.google.com/p/google-security-research/issues/detail?id=89 http://www.openwall.com/lists/oss-security/2014/09/11/21 RedHat Security Advisories: RHSA-2014:1318 http://rhn.redhat.com/errata/RHSA-2014-1318.html Common Vulnerability Exposure (CVE) ID: CVE-2014-3610 70742 http://www.securityfocus.com/bid/70742 DSA-3060 http://www.debian.org/security/2014/dsa-3060 RHSA-2015:0869 http://rhn.redhat.com/errata/RHSA-2015-0869.html SUSE-SU-2015:0481 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html USN-2394-1 http://www.ubuntu.com/usn/USN-2394-1 USN-2417-1 http://www.ubuntu.com/usn/USN-2417-1 USN-2418-1 http://www.ubuntu.com/usn/USN-2418-1 USN-2491-1 http://www.ubuntu.com/usn/USN-2491-1 [oss-security] 20141024 kvm issues http://www.openwall.com/lists/oss-security/2014/10/24/9 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=854e8bb1aa06c578c2c9145fa6bfe3680ef63b23 https://bugzilla.redhat.com/show_bug.cgi?id=1144883 https://github.com/torvalds/linux/commit/854e8bb1aa06c578c2c9145fa6bfe3680ef63b23 openSUSE-SU-2015:0566 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html Common Vulnerability Exposure (CVE) ID: CVE-2014-3611 RHSA-2015:0126 http://rhn.redhat.com/errata/RHSA-2015-0126.html RHSA-2015:0284 http://rhn.redhat.com/errata/RHSA-2015-0284.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2febc839133280d5a5e8e1179c94ea674489dae2 https://bugzilla.redhat.com/show_bug.cgi?id=1144878 https://github.com/torvalds/linux/commit/2febc839133280d5a5e8e1179c94ea674489dae2 Common Vulnerability Exposure (CVE) ID: CVE-2014-3646 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a642fc305053cc1c6e47e4f4df327895747ab485 https://bugzilla.redhat.com/show_bug.cgi?id=1144825 https://github.com/torvalds/linux/commit/a642fc305053cc1c6e47e4f4df327895747ab485 Common Vulnerability Exposure (CVE) ID: CVE-2014-3647 70748 http://www.securityfocus.com/bid/70748 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=234f3ce485d54017f15cf5e0699cff4100121601 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d1442d85cc30ea75f7d399474ca738e0bc96f715 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html https://bugzilla.redhat.com/show_bug.cgi?id=1144897 https://github.com/torvalds/linux/commit/234f3ce485d54017f15cf5e0699cff4100121601 https://github.com/torvalds/linux/commit/d1442d85cc30ea75f7d399474ca738e0bc96f715 Common Vulnerability Exposure (CVE) ID: CVE-2014-7145 BugTraq ID: 69867 http://www.securityfocus.com/bid/69867 http://www.openwall.com/lists/oss-security/2014/09/22/4 RedHat Security Advisories: RHSA-2015:0102 http://rhn.redhat.com/errata/RHSA-2015-0102.html
Copyright	Copyright (C) 2014 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.