Test ID:	1.3.6.1.4.1.25623.1.0.842081
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-2490-1)
Summary:	The remote host is missing an update for the 'linux' package(s) announced via the USN-2490-1 advisory.
Description:	Summary: The remote host is missing an update for the 'linux' package(s) announced via the USN-2490-1 advisory. Vulnerability Insight: Andy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-8133) Prasad J Pandit reported a flaw in the rock_continue function of the Linux kernel's ISO 9660 CDROM file system. A local user could exploit this flaw to cause a denial of service (system crash or hang). (CVE-2014-9420) Affected Software/OS: 'linux' package(s) on Ubuntu 10.04. Solution: Please install the updated package(s). CVSS Score: 4.9 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-8133 62801 http://secunia.com/advisories/62801 71684 http://www.securityfocus.com/bid/71684 DSA-3128 http://www.debian.org/security/2015/dsa-3128 MDVSA-2015:058 http://www.mandriva.com/security/advisories?name=MDVSA-2015:058 RHSA-2015:1272 http://rhn.redhat.com/errata/RHSA-2015-1272.html SUSE-SU-2015:0736 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html USN-2490-1 http://www.ubuntu.com/usn/USN-2490-1 USN-2491-1 http://www.ubuntu.com/usn/USN-2491-1 USN-2492-1 http://www.ubuntu.com/usn/USN-2492-1 USN-2493-1 http://www.ubuntu.com/usn/USN-2493-1 USN-2515-1 http://www.ubuntu.com/usn/USN-2515-1 USN-2516-1 http://www.ubuntu.com/usn/USN-2516-1 USN-2517-1 http://www.ubuntu.com/usn/USN-2517-1 USN-2518-1 http://www.ubuntu.com/usn/USN-2518-1 [oss-security] 20141215 Linux kernel: multiple x86_64 vulnerabilities http://www.openwall.com/lists/oss-security/2014/12/15/6 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=41bdc78544b8a93a9c6814b8bbbfef966272abbe https://bugzilla.redhat.com/show_bug.cgi?id=1172797 https://github.com/torvalds/linux/commit/41bdc78544b8a93a9c6814b8bbbfef966272abbe openSUSE-SU-2015:0566 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html Common Vulnerability Exposure (CVE) ID: CVE-2014-9420 FEDORA-2015-0515 http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147973.html FEDORA-2015-0517 http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147864.html RHSA-2015:1081 http://rhn.redhat.com/errata/RHSA-2015-1081.html RHSA-2015:1137 http://rhn.redhat.com/errata/RHSA-2015-1137.html RHSA-2015:1138 http://rhn.redhat.com/errata/RHSA-2015-1138.html SUSE-SU-2015:0178 http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html SUSE-SU-2015:0652 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html SUSE-SU-2015:0812 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html [oss-security] 20141225 Re: CVE Request Linux kernel: fs: isofs: infinite loop in CE records http://www.openwall.com/lists/oss-security/2014/12/25/4 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f54e18f1b831c92f6512d2eedb224cd63d607d3d http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html https://bugzilla.redhat.com/show_bug.cgi?id=1175235 https://github.com/torvalds/linux/commit/f54e18f1b831c92f6512d2eedb224cd63d607d3d https://source.android.com/security/bulletin/2017-01-01.html openSUSE-SU-2015:0714 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.