Test ID:	1.3.6.1.4.1.25623.1.0.842225
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-2615-1)
Summary:	The remote host is missing an update for the 'linux-lts-utopic' package(s) announced via the USN-2615-1 advisory.
Description:	Summary: The remote host is missing an update for the 'linux-lts-utopic' package(s) announced via the USN-2615-1 advisory. Vulnerability Insight: Alexandre Oliva reported a race condition flaw in the btrfs file system's handling of extended attributes (xattrs). A local attacker could exploit this flaw to bypass ACLs and potentially escalate privileges. (CVE-2014-9710) A memory corruption issue was discovered in AES decryption when using the Intel AES-NI accelerated code path. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially escalate privileges on Intel base machines with AEC-GCM mode IPSec security association. (CVE-2015-3331) A flaw was discovered in the Linux kernel's IPv4 networking when using TCP fast open to initiate a connection. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). (CVE-2015-3332) Affected Software/OS: 'linux-lts-utopic' package(s) on Ubuntu 14.04. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-9710 1032418 http://www.securitytracker.com/id/1032418 SUSE-SU-2015:1224 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html SUSE-SU-2015:1489 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html [oss-security] 20150324 CVE request Linux kernel: fs: btrfs: non-atomic xattr replace operation http://www.openwall.com/lists/oss-security/2015/03/24/11 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5f5bc6b1e2d5a6f827bc860ef2dc5b6f365d1339 https://bugzilla.redhat.com/show_bug.cgi?id=1205079 https://github.com/torvalds/linux/commit/5f5bc6b1e2d5a6f827bc860ef2dc5b6f365d1339 Common Vulnerability Exposure (CVE) ID: CVE-2015-3331 Debian Security Information: DSA-3237 (Google Search) http://www.debian.org/security/2015/dsa-3237 http://www.openwall.com/lists/oss-security/2015/04/14/16 RedHat Security Advisories: RHSA-2015:1081 http://rhn.redhat.com/errata/RHSA-2015-1081.html RedHat Security Advisories: RHSA-2015:1199 http://rhn.redhat.com/errata/RHSA-2015-1199.html http://www.securitytracker.com/id/1032416 SuSE Security Announcement: SUSE-SU-2015:1478 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html SuSE Security Announcement: SUSE-SU-2015:1487 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html SuSE Security Announcement: SUSE-SU-2015:1488 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html SuSE Security Announcement: SUSE-SU-2015:1489 (Google Search) SuSE Security Announcement: SUSE-SU-2015:1491 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html http://www.ubuntu.com/usn/USN-2631-1 http://www.ubuntu.com/usn/USN-2632-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-3332 http://article.gmane.org/gmane.linux.network/359588 http://www.openwall.com/lists/oss-security/2015/04/14/14
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.