Test ID:	1.3.6.1.4.1.25623.1.0.842275
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-2662-1)
Summary:	The remote host is missing an update for the 'linux-lts-trusty' package(s) announced via the USN-2662-1 advisory.
Description:	Summary: The remote host is missing an update for the 'linux-lts-trusty' package(s) announced via the USN-2662-1 advisory. Vulnerability Insight: Alexandre Oliva reported a race condition flaw in the btrfs file system's handling of extended attributes (xattrs). A local attacker could exploit this flaw to bypass ACLs and potentially escalate privileges. (CVE-2014-9710) A race condition was discovered in the Linux kernel's file_handle size verification. A local user could exploit this flaw to read potentially sensitive memory locations. (CVE-2015-1420) A underflow error was discovered in the Linux kernel's Ozmo Devices USB over WiFi host controller driver. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially execute arbitrary code via a specially crafted packet. (CVE-2015-4001) A bounds check error was discovered in the Linux kernel's Ozmo Devices USB over WiFi host controller driver. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially execute arbitrary code via a specially crafted packet. (CVE-2015-4002) A division by zero error was discovered in the Linux kernel's Ozmo Devices USB over WiFi host controller driver. A remote attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2015-4003) Carl H Lunde discovered missing consistency checks in the Linux kernel's UDF file system (CONFIG_UDF_FS). A local attacker could exploit this flaw to cause a denial of service (system crash) by using a corrupted file system image. (CVE-2015-4167) Affected Software/OS: 'linux-lts-trusty' package(s) on Ubuntu 12.04. Solution: Please install the updated package(s). CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-9710 1032418 http://www.securitytracker.com/id/1032418 SUSE-SU-2015:1224 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html SUSE-SU-2015:1489 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html [oss-security] 20150324 CVE request Linux kernel: fs: btrfs: non-atomic xattr replace operation http://www.openwall.com/lists/oss-security/2015/03/24/11 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5f5bc6b1e2d5a6f827bc860ef2dc5b6f365d1339 https://bugzilla.redhat.com/show_bug.cgi?id=1205079 https://github.com/torvalds/linux/commit/5f5bc6b1e2d5a6f827bc860ef2dc5b6f365d1339 Common Vulnerability Exposure (CVE) ID: CVE-2015-1420 BugTraq ID: 72357 http://www.securityfocus.com/bid/72357 Debian Security Information: DSA-3170 (Google Search) http://www.debian.org/security/2015/dsa-3170 http://marc.info/?l=linux-kernel&m=142247707318982&w=2 http://www.openwall.com/lists/oss-security/2015/01/29/12 SuSE Security Announcement: SUSE-SU-2015:1224 (Google Search) SuSE Security Announcement: SUSE-SU-2015:1478 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html SuSE Security Announcement: SUSE-SU-2015:1592 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html SuSE Security Announcement: SUSE-SU-2015:1611 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html SuSE Security Announcement: openSUSE-SU-2015:1382 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html http://www.ubuntu.com/usn/USN-2660-1 http://www.ubuntu.com/usn/USN-2661-1 http://www.ubuntu.com/usn/USN-2665-1 http://www.ubuntu.com/usn/USN-2667-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-4001 BugTraq ID: 74672 http://www.securityfocus.com/bid/74672 http://openwall.com/lists/oss-security/2015/06/05/7 Common Vulnerability Exposure (CVE) ID: CVE-2015-4002 BugTraq ID: 74668 http://www.securityfocus.com/bid/74668 Common Vulnerability Exposure (CVE) ID: CVE-2015-4003 Common Vulnerability Exposure (CVE) ID: CVE-2015-4167 1033187 http://www.securitytracker.com/id/1033187 74963 http://www.securityfocus.com/bid/74963 DSA-3290 http://www.debian.org/security/2015/dsa-3290 DSA-3313 http://www.debian.org/security/2015/dsa-3313 SUSE-SU-2015:1324 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html SUSE-SU-2015:1592 SUSE-SU-2015:1611 USN-2631-1 http://www.ubuntu.com/usn/USN-2631-1 USN-2632-1 http://www.ubuntu.com/usn/USN-2632-1 [oss-security] 20150602 CVE request Linux kernel: fs: udf kernel oops http://www.openwall.com/lists/oss-security/2015/06/02/6 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23b133bdc452aa441fcb9b82cbf6dd05cfd342d0 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.1 https://bugzilla.redhat.com/show_bug.cgi?id=1228204 https://github.com/torvalds/linux/commit/23b133bdc452aa441fcb9b82cbf6dd05cfd342d0 openSUSE-SU-2015:1382
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.