Test ID:	1.3.6.1.4.1.25623.1.0.842145
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-2543-1)
Summary:	The remote host is missing an update for the 'linux-lts-trusty' package(s) announced via the USN-2543-1 advisory.
Description:	Summary: The remote host is missing an update for the 'linux-lts-trusty' package(s) announced via the USN-2543-1 advisory. Vulnerability Insight: Eric Windisch discovered flaw in how the Linux kernel's XFS file system replaces remote attributes. A local access with access to an XFS file system could exploit this flaw to escalate their privileges. (CVE-2015-0274) A flaw was discovered in the automatic loading of modules in the crypto subsystem of the Linux kernel. A local user could exploit this flaw to load installed kernel modules, increasing the attack surface and potentially using this to gain administrative privileges. (CVE-2013-7421) The Linux kernel's splice system call did not correctly validate its parameters. A local, unprivileged user could exploit this flaw to cause a denial of service (system crash). (CVE-2014-7822) A flaw was discovered in the crypto subsystem when screening module names for automatic module loading if the name contained a valid crypto module name, eg. vfat(aes). A local user could exploit this flaw to load installed kernel modules, increasing the attack surface and potentially using this to gain administrative privileges. (CVE-2014-9644) Carl H Lunde discovered that the UDF file system (CONFIG_UDF_FS) failed to verify symlink size info. A local attacker, who is able to mount a malicious UDF file system image, could exploit this flaw to cause a denial of service (system crash) or possibly cause other undesired behaviors. (CVE-2014-9728) Carl H Lunde discovered that the UDF file system (CONFIG_UDF_FS) did not valid inode size information . A local attacker, who is able to mount a malicious UDF file system image, could exploit this flaw to cause a denial of service (system crash) or possibly cause other undesired behaviors. (CVE-2014-9729) Carl H Lunde discovered that the UDF file system (CONFIG_UDF_FS) did not correctly verify the component length for symlinks. A local attacker, who is able to mount a malicious UDF file system image, could exploit this flaw to cause a denial of service (system crash) or possibly cause other undesired behaviors. (CVE-2014-9730) Carl H Lunde discovered an information leak in the UDF file system (CONFIG_UDF_FS). A local attacker, who is able to mount a malicious UDF file system image, could exploit this flaw to read potential sensitive kernel memory. (CVE-2014-9731) Affected Software/OS: 'linux-lts-trusty' package(s) on Ubuntu 12.04. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-7421 BugTraq ID: 72322 http://www.securityfocus.com/bid/72322 Debian Security Information: DSA-3170 (Google Search) http://www.debian.org/security/2015/dsa-3170 http://www.mandriva.com/security/advisories?name=MDVSA-2015:057 http://www.mandriva.com/security/advisories?name=MDVSA-2015:058 https://plus.google.com/+MathiasKrause/posts/PqFCo4bfrWu https://lkml.org/lkml/2013/3/4/70 http://www.openwall.com/lists/oss-security/2015/01/24/4 RedHat Security Advisories: RHSA-2016:0068 http://rhn.redhat.com/errata/RHSA-2016-0068.html http://www.ubuntu.com/usn/USN-2513-1 http://www.ubuntu.com/usn/USN-2514-1 http://www.ubuntu.com/usn/USN-2543-1 http://www.ubuntu.com/usn/USN-2544-1 http://www.ubuntu.com/usn/USN-2545-1 http://www.ubuntu.com/usn/USN-2546-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-7822 117810 http://www.osvdb.org/117810 36743 https://www.exploit-db.com/exploits/36743/ 72347 http://www.securityfocus.com/bid/72347 DSA-3170 RHSA-2015:0102 http://rhn.redhat.com/errata/RHSA-2015-0102.html RHSA-2015:0164 http://rhn.redhat.com/errata/RHSA-2015-0164.html RHSA-2015:0674 http://rhn.redhat.com/errata/RHSA-2015-0674.html RHSA-2015:0694 http://rhn.redhat.com/errata/RHSA-2015-0694.html SUSE-SU-2015:0529 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html SUSE-SU-2015:0736 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html SUSE-SU-2015:1488 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html SUSE-SU-2015:1489 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html USN-2541-1 http://www.ubuntu.com/usn/USN-2541-1 USN-2542-1 http://www.ubuntu.com/usn/USN-2542-1 USN-2543-1 USN-2544-1 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8d0207652cbe27d1f962050737848e5ad4671958 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html https://bugzilla.redhat.com/show_bug.cgi?id=1163792 https://github.com/torvalds/linux/commit/8d0207652cbe27d1f962050737848e5ad4671958 openSUSE-SU-2015:0714 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html Common Vulnerability Exposure (CVE) ID: CVE-2014-9644 BugTraq ID: 72320 http://www.securityfocus.com/bid/72320 Common Vulnerability Exposure (CVE) ID: CVE-2014-9728 74964 http://www.securityfocus.com/bid/74964 SUSE-SU-2015:1224 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html SUSE-SU-2015:1324 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html SUSE-SU-2015:1592 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html SUSE-SU-2015:1611 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html [oss-security] 20150602 CVE request Linux kernel: fs: udf heap overflow in __udf_adinicb_readpage http://www.openwall.com/lists/oss-security/2015/06/02/7 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a1d47b262952a45aae62bd49cfaf33dd76c11a2c http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e159332b9af4b04d882dbcfe1bb0117f0a6d4b58 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e237ec37ec154564f8690c5bd1795339955eeef9 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.2 https://bugzilla.redhat.com/show_bug.cgi?id=1228229 https://github.com/torvalds/linux/commit/a1d47b262952a45aae62bd49cfaf33dd76c11a2c https://github.com/torvalds/linux/commit/e159332b9af4b04d882dbcfe1bb0117f0a6d4b58 https://github.com/torvalds/linux/commit/e237ec37ec154564f8690c5bd1795339955eeef9 openSUSE-SU-2015:1382 http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html Common Vulnerability Exposure (CVE) ID: CVE-2014-9729 Common Vulnerability Exposure (CVE) ID: CVE-2014-9730 Common Vulnerability Exposure (CVE) ID: CVE-2014-9731 75001 http://www.securityfocus.com/bid/75001 [oss-security] 20150603 CVE request Linux kernel: udf: information leakage when reading symlink http://www.openwall.com/lists/oss-security/2015/06/03/4 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0e5cc9a40ada6046e6bc3bdfcd0c0d7e4b706b14 https://bugzilla.redhat.com/show_bug.cgi?id=1228220 https://github.com/torvalds/linux/commit/0e5cc9a40ada6046e6bc3bdfcd0c0d7e4b706b14 https://source.android.com/security/bulletin/2017-07-01 Common Vulnerability Exposure (CVE) ID: CVE-2015-0274 1031853 http://www.securitytracker.com/id/1031853 RHSA-2015:0290 http://rhn.redhat.com/errata/RHSA-2015-0290.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8275cdd0e7ac550dcce2b3ef6d2fb3b808c1ae59 https://bugzilla.redhat.com/show_bug.cgi?id=1195248 https://github.com/torvalds/linux/commit/8275cdd0e7ac550dcce2b3ef6d2fb3b808c1ae59
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.