Test ID:	1.3.6.1.4.1.25623.1.0.842106
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-2514-1)
Summary:	The remote host is missing an update for the 'linux-ti-omap4' package(s) announced via the USN-2514-1 advisory.
Description:	Summary: The remote host is missing an update for the 'linux-ti-omap4' package(s) announced via the USN-2514-1 advisory. Vulnerability Insight: A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. (CVE-2015-0239) A flaw was discovered in the automatic loading of modules in the crypto subsystem of the Linux kernel. A local user could exploit this flaw to load installed kernel modules, increasing the attack surface and potentially using this to gain administrative privileges. (CVE-2013-7421) Andy Lutomirski discovered a flaw in how the Linux kernel handles pivot_root when used with a chroot directory. A local user could exploit this flaw to cause a denial of service (mount-tree loop). (CVE-2014-7970) A restriction bypass was discovered in iptables when conntrack rules are specified and the conntrack protocol handler module is not loaded into the Linux kernel. This flaw can cause the firewall rules on the system to be bypassed when conntrack rules are used. (CVE-2014-8160) A race condition was discovered in the Linux kernel's key ring. A local user could cause a denial of service (memory corruption or panic) or possibly have unspecified impact via the keyctl commands. (CVE-2014-9529) A memory leak was discovered in the ISO 9660 CDROM file system when parsing rock ridge ER records. A local user could exploit this flaw to obtain sensitive information from kernel memory via a crafted iso9660 image. (CVE-2014-9584) A flaw was discovered in the Address Space Layout Randomization (ASLR) of the Virtual Dynamically linked Shared Objects (vDSO) location. This flaw makes it easier for a local user to bypass the ASLR protection mechanism. (CVE-2014-9585) A flaw was discovered in the crypto subsystem when screening module names for automatic module loading if the name contained a valid crypto module name, eg. vfat(aes). A local user could exploit this flaw to load installed kernel modules, increasing the attack surface and potentially using this to gain administrative privileges. (CVE-2014-9644) Affected Software/OS: 'linux-ti-omap4' package(s) on Ubuntu 12.04. Solution: Please install the updated package(s). CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-7421 BugTraq ID: 72322 http://www.securityfocus.com/bid/72322 Debian Security Information: DSA-3170 (Google Search) http://www.debian.org/security/2015/dsa-3170 http://www.mandriva.com/security/advisories?name=MDVSA-2015:057 http://www.mandriva.com/security/advisories?name=MDVSA-2015:058 https://plus.google.com/+MathiasKrause/posts/PqFCo4bfrWu https://lkml.org/lkml/2013/3/4/70 http://www.openwall.com/lists/oss-security/2015/01/24/4 RedHat Security Advisories: RHSA-2016:0068 http://rhn.redhat.com/errata/RHSA-2016-0068.html http://www.ubuntu.com/usn/USN-2513-1 http://www.ubuntu.com/usn/USN-2514-1 http://www.ubuntu.com/usn/USN-2543-1 http://www.ubuntu.com/usn/USN-2544-1 http://www.ubuntu.com/usn/USN-2545-1 http://www.ubuntu.com/usn/USN-2546-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-7970 BugTraq ID: 70319 http://www.securityfocus.com/bid/70319 http://www.spinics.net/lists/linux-fsdevel/msg79153.html http://www.openwall.com/lists/oss-security/2014/10/08/21 RedHat Security Advisories: RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:1842 RedHat Security Advisories: RHSA-2017:2077 https://access.redhat.com/errata/RHSA-2017:2077 http://www.securitytracker.com/id/1030991 http://secunia.com/advisories/60174 http://secunia.com/advisories/61142 SuSE Security Announcement: SUSE-SU-2015:0736 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html http://www.ubuntu.com/usn/USN-2419-1 http://www.ubuntu.com/usn/USN-2420-1 XForce ISS Database: linux-kernel-cve20147970-dos(96921) https://exchange.xforce.ibmcloud.com/vulnerabilities/96921 Common Vulnerability Exposure (CVE) ID: CVE-2014-8160 72061 http://www.securityfocus.com/bid/72061 DSA-3170 MDVSA-2015:057 MDVSA-2015:058 RHSA-2015:0284 http://rhn.redhat.com/errata/RHSA-2015-0284.html RHSA-2015:0290 http://rhn.redhat.com/errata/RHSA-2015-0290.html RHSA-2015:0674 http://rhn.redhat.com/errata/RHSA-2015-0674.html SUSE-SU-2015:0529 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html SUSE-SU-2015:0652 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html SUSE-SU-2015:0736 USN-2513-1 USN-2514-1 USN-2515-1 http://www.ubuntu.com/usn/USN-2515-1 USN-2516-1 http://www.ubuntu.com/usn/USN-2516-1 USN-2517-1 http://www.ubuntu.com/usn/USN-2517-1 USN-2518-1 http://www.ubuntu.com/usn/USN-2518-1 [netfilter-devel] 20140925 [PATCH nf] netfilter: conntrack: disable generic protocol tracking http://www.spinics.net/lists/netfilter-devel/msg33430.html [oss-security] 20150114 CVE-2014-8160 Linux Kernel: SCTP firewalling fails until SCTP module is loaded http://www.openwall.com/lists/oss-security/2015/01/14/3 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=db29a9508a9246e77087c5531e45b2c88ec6988b https://bugzilla.redhat.com/show_bug.cgi?id=1182059 https://github.com/torvalds/linux/commit/db29a9508a9246e77087c5531e45b2c88ec6988b openSUSE-SU-2015:0714 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html Common Vulnerability Exposure (CVE) ID: CVE-2014-9529 BugTraq ID: 71880 http://www.securityfocus.com/bid/71880 Debian Security Information: DSA-3128 (Google Search) http://www.debian.org/security/2015/dsa-3128 http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147973.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147864.html http://www.openwall.com/lists/oss-security/2015/01/06/10 RedHat Security Advisories: RHSA-2015:0864 http://rhn.redhat.com/errata/RHSA-2015-0864.html RedHat Security Advisories: RHSA-2015:1137 http://rhn.redhat.com/errata/RHSA-2015-1137.html RedHat Security Advisories: RHSA-2015:1138 http://rhn.redhat.com/errata/RHSA-2015-1138.html http://www.securitytracker.com/id/1036763 SuSE Security Announcement: openSUSE-SU-2015:0714 (Google Search) http://www.ubuntu.com/usn/USN-2511-1 http://www.ubuntu.com/usn/USN-2512-1 XForce ISS Database: linux-kernel-cve20149529-dos(99641) https://exchange.xforce.ibmcloud.com/vulnerabilities/99641 Common Vulnerability Exposure (CVE) ID: CVE-2014-9584 71883 http://www.securityfocus.com/bid/71883 DSA-3128 RHSA-2015:0864 RHSA-2015:1137 RHSA-2015:1138 SUSE-SU-2015:0481 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html SUSE-SU-2015:0812 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html USN-2511-1 USN-2512-1 [oss-security] 20150109 Re: CVE request Linux kernel: isofs: unchecked printing of ER records http://www.openwall.com/lists/oss-security/2015/01/09/4 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4e2024624e678f0ebb916e6192bd23c1f9fdf696 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.2 http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html https://bugzilla.redhat.com/show_bug.cgi?id=1180119 https://github.com/torvalds/linux/commit/4e2024624e678f0ebb916e6192bd23c1f9fdf696 openSUSE-SU-2015:0566 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html Common Vulnerability Exposure (CVE) ID: CVE-2014-9585 BugTraq ID: 71990 http://www.securityfocus.com/bid/71990 http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148480.html http://git.kernel.org/?p=linux/kernel/git/luto/linux.git;a=commit;h=bc3b94c31d65e761ddfe150d02932c65971b74e2 http://v0ids3curity.blogspot.in/2014/12/return-to-vdso-using-elf-auxiliary.html http://www.openwall.com/lists/oss-security/2014/12/09/10 http://www.openwall.com/lists/oss-security/2015/01/09/8 RedHat Security Advisories: RHSA-2015:1081 http://rhn.redhat.com/errata/RHSA-2015-1081.html RedHat Security Advisories: RHSA-2015:1778 http://rhn.redhat.com/errata/RHSA-2015-1778.html RedHat Security Advisories: RHSA-2015:1787 http://rhn.redhat.com/errata/RHSA-2015-1787.html SuSE Security Announcement: SUSE-SU-2015:0178 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html SuSE Security Announcement: SUSE-SU-2015:0481 (Google Search) SuSE Security Announcement: SUSE-SU-2015:0652 (Google Search) SuSE Security Announcement: openSUSE-SU-2015:0566 (Google Search) Common Vulnerability Exposure (CVE) ID: CVE-2014-9644 BugTraq ID: 72320 http://www.securityfocus.com/bid/72320 Common Vulnerability Exposure (CVE) ID: CVE-2015-0239 72842 http://www.securityfocus.com/bid/72842 RHSA-2015:1272 http://rhn.redhat.com/errata/RHSA-2015-1272.html [bk-commits-head] 20150123 KVM: x86: SYSENTER emulation is broken http://permalink.gmane.org/gmane.linux.kernel.commits.head/502245 [oss-security] 20150127 KVM SYSENTER emulation vulnerability - CVE-2015-0239 http://www.openwall.com/lists/oss-security/2015/01/27/6 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f3747379accba8e95d70cec0eae0582c8c182050 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.5 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html https://bugzilla.redhat.com/show_bug.cgi?id=1186448 https://github.com/torvalds/linux/commit/f3747379accba8e95d70cec0eae0582c8c182050
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.