Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.871487
Category:Red Hat Local Security Checks
Title:RedHat Update for kernel RHSA-2015:2152-02
Summary:The remote host is missing an update for the 'kernel'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'kernel'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The kernel packages contain the Linux kernel,
the core of any Linux operating system.

* A flaw was found in the way the Linux kernel's file system implementation
handled rename operations in which the source was inside and the
destination was outside of a bind mount. A privileged user inside a
container could use this flaw to escape the bind mount and, potentially,
escalate their privileges on the system. (CVE-2015-2925, Important)

* A race condition flaw was found in the way the Linux kernel's IPC
subsystem initialized certain fields in an IPC object structure that were
later used for permission checking before inserting the object into a
globally visible list. A local, unprivileged user could potentially use
this flaw to elevate their privileges on the system. (CVE-2015-7613,
Important)

* It was found that reporting emulation failures to user space could lead
to either a local (CVE-2014-7842) or a L2- L1 (CVE-2010-5313) denial of
service. In the case of a local denial of service, an attacker must have
access to the MMIO area or be able to access an I/O port. (CVE-2010-5313,
CVE-2014-7842, Moderate)

* A flaw was found in the way the Linux kernel's KVM subsystem handled
non-canonical addresses when emulating instructions that change the RIP
(for example, branches or calls). A guest user with access to an I/O or
MMIO region could use this flaw to crash the guest. (CVE-2014-3647,
Moderate)

* It was found that the Linux kernel memory resource controller's (memcg)
handling of OOM (out of memory) conditions could lead to deadlocks.
An attacker could use this flaw to lock up the system. (CVE-2014-8171,
Moderate)

* A race condition flaw was found between the chown and execve system
calls. A local, unprivileged user could potentially use this flaw to
escalate their privileges on the system. (CVE-2015-3339, Moderate)

* A flaw was discovered in the way the Linux kernel's TTY subsystem handled
the tty shutdown phase. A local, unprivileged user could use this flaw to
cause a denial of service on the system. (CVE-2015-4170, Moderate)

* A NULL pointer dereference flaw was found in the SCTP implementation.
A local user could use this flaw to cause a denial of service on the system
by triggering a kernel panic when creating multiple sockets in parallel
while the system did not have the SCTP module loaded. (CVE-2015-5283,
Moderate)

* A flaw was found in the way the Linux kernel's perf subsystem retrieved
userlevel stack traces on PowerPC systems. A local, unprivileged user could
use this flaw to cause a denial of service on the system. (CVE-2015-6526,
Moderate)

* A flaw was ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
kernel on Red Hat Enterprise Linux Server (v. 7)

Solution:
Please Install the Updated Packages.

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-5313
BugTraq ID: 71363
http://www.securityfocus.com/bid/71363
http://www.openwall.com/lists/oss-security/2014/11/13/7
RedHat Security Advisories: RHSA-2016:0855
http://rhn.redhat.com/errata/RHSA-2016-0855.html
SuSE Security Announcement: SUSE-SU-2015:0652 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-7421
BugTraq ID: 72322
http://www.securityfocus.com/bid/72322
Debian Security Information: DSA-3170 (Google Search)
http://www.debian.org/security/2015/dsa-3170
http://www.mandriva.com/security/advisories?name=MDVSA-2015:057
http://www.mandriva.com/security/advisories?name=MDVSA-2015:058
https://plus.google.com/+MathiasKrause/posts/PqFCo4bfrWu
https://lkml.org/lkml/2013/3/4/70
http://www.openwall.com/lists/oss-security/2015/01/24/4
RedHat Security Advisories: RHSA-2016:0068
http://rhn.redhat.com/errata/RHSA-2016-0068.html
http://www.ubuntu.com/usn/USN-2513-1
http://www.ubuntu.com/usn/USN-2514-1
http://www.ubuntu.com/usn/USN-2543-1
http://www.ubuntu.com/usn/USN-2544-1
http://www.ubuntu.com/usn/USN-2545-1
http://www.ubuntu.com/usn/USN-2546-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-3647
BugTraq ID: 70748
http://www.securityfocus.com/bid/70748
Debian Security Information: DSA-3060 (Google Search)
http://www.debian.org/security/2014/dsa-3060
http://www.openwall.com/lists/oss-security/2014/10/24/9
SuSE Security Announcement: SUSE-SU-2015:0481 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html
SuSE Security Announcement: openSUSE-SU-2015:0566 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html
http://www.ubuntu.com/usn/USN-2394-1
http://www.ubuntu.com/usn/USN-2417-1
http://www.ubuntu.com/usn/USN-2418-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-7842
BugTraq ID: 71078
http://www.securityfocus.com/bid/71078
http://secunia.com/advisories/62305
http://secunia.com/advisories/62326
http://secunia.com/advisories/62336
SuSE Security Announcement: SUSE-SU-2015:0736 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-8171
BugTraq ID: 74293
http://www.securityfocus.com/bid/74293
RedHat Security Advisories: RHSA-2015:0864
http://rhn.redhat.com/errata/RHSA-2015-0864.html
RedHat Security Advisories: RHSA-2015:2152
http://rhn.redhat.com/errata/RHSA-2015-2152.html
RedHat Security Advisories: RHSA-2015:2411
http://rhn.redhat.com/errata/RHSA-2015-2411.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-9419
BugTraq ID: 71794
http://www.securityfocus.com/bid/71794
Debian Security Information: DSA-3128 (Google Search)
http://www.debian.org/security/2015/dsa-3128
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147973.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147864.html
http://www.openwall.com/lists/oss-security/2014/12/25/1
RedHat Security Advisories: RHSA-2015:1081
http://rhn.redhat.com/errata/RHSA-2015-1081.html
SuSE Security Announcement: SUSE-SU-2015:0529 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html
SuSE Security Announcement: openSUSE-SU-2015:0714 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html
http://www.ubuntu.com/usn/USN-2515-1
http://www.ubuntu.com/usn/USN-2516-1
http://www.ubuntu.com/usn/USN-2517-1
http://www.ubuntu.com/usn/USN-2518-1
http://www.ubuntu.com/usn/USN-2541-1
http://www.ubuntu.com/usn/USN-2542-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-9644
BugTraq ID: 72320
http://www.securityfocus.com/bid/72320
Common Vulnerability Exposure (CVE) ID: CVE-2015-0239
BugTraq ID: 72842
http://www.securityfocus.com/bid/72842
http://permalink.gmane.org/gmane.linux.kernel.commits.head/502245
http://www.openwall.com/lists/oss-security/2015/01/27/6
RedHat Security Advisories: RHSA-2015:1272
http://rhn.redhat.com/errata/RHSA-2015-1272.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-2925
BugTraq ID: 73926
http://www.securityfocus.com/bid/73926
Debian Security Information: DSA-3364 (Google Search)
http://www.debian.org/security/2015/dsa-3364
Debian Security Information: DSA-3372 (Google Search)
http://www.debian.org/security/2015/dsa-3372
http://permalink.gmane.org/gmane.linux.kernel.containers/29173
http://permalink.gmane.org/gmane.linux.kernel.containers/29177
http://www.openwall.com/lists/oss-security/2015/04/04/4
RedHat Security Advisories: RHSA-2015:2636
http://rhn.redhat.com/errata/RHSA-2015-2636.html
SuSE Security Announcement: SUSE-SU-2015:2194 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html
SuSE Security Announcement: SUSE-SU-2015:2292 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html
SuSE Security Announcement: SUSE-SU-2016:0335 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00007.html
SuSE Security Announcement: SUSE-SU-2016:0337 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00009.html
SuSE Security Announcement: SUSE-SU-2016:0380 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00017.html
SuSE Security Announcement: SUSE-SU-2016:0381 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00018.html
SuSE Security Announcement: SUSE-SU-2016:0383 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00019.html
SuSE Security Announcement: SUSE-SU-2016:0384 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00020.html
SuSE Security Announcement: SUSE-SU-2016:0386 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00021.html
SuSE Security Announcement: SUSE-SU-2016:0387 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00022.html
SuSE Security Announcement: SUSE-SU-2016:0434 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00034.html
http://www.ubuntu.com/usn/USN-2792-1
http://www.ubuntu.com/usn/USN-2794-1
http://www.ubuntu.com/usn/USN-2795-1
http://www.ubuntu.com/usn/USN-2798-1
http://www.ubuntu.com/usn/USN-2799-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-3339
Debian Security Information: DSA-3237 (Google Search)
http://www.debian.org/security/2015/dsa-3237
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157897.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158804.html
http://www.openwall.com/lists/oss-security/2015/04/20/5
http://www.securitytracker.com/id/1032412
SuSE Security Announcement: SUSE-SU-2015:1487 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html
SuSE Security Announcement: SUSE-SU-2015:1488 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html
SuSE Security Announcement: SUSE-SU-2015:1489 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html
SuSE Security Announcement: SUSE-SU-2015:1491 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html
SuSE Security Announcement: SUSE-SU-2016:2074 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html
SuSE Security Announcement: openSUSE-SU-2015:1382 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-4170
BugTraq ID: 74820
http://www.securityfocus.com/bid/74820
http://www.openwall.com/lists/oss-security/2015/05/26/1
RedHat Security Advisories: RHSA-2016:1395
https://access.redhat.com/errata/RHSA-2016:1395
Common Vulnerability Exposure (CVE) ID: CVE-2015-5283
BugTraq ID: 77058
http://www.securityfocus.com/bid/77058
http://www.securitytracker.com/id/1033808
SuSE Security Announcement: SUSE-SU-2015:1727 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html
http://www.ubuntu.com/usn/USN-2823-1
http://www.ubuntu.com/usn/USN-2826-1
http://www.ubuntu.com/usn/USN-2829-1
http://www.ubuntu.com/usn/USN-2829-2
Common Vulnerability Exposure (CVE) ID: CVE-2015-6526
BugTraq ID: 76401
http://www.securityfocus.com/bid/76401
http://www.openwall.com/lists/oss-security/2015/08/18/4
http://www.securitytracker.com/id/1033728
http://www.ubuntu.com/usn/USN-2759-1
http://www.ubuntu.com/usn/USN-2760-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-7613
BugTraq ID: 76977
http://www.securityfocus.com/bid/76977
http://www.openwall.com/lists/oss-security/2015/10/01/8
http://www.securitytracker.com/id/1034094
http://www.securitytracker.com/id/1034592
SuSE Security Announcement: SUSE-SU-2015:2084 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00026.html
SuSE Security Announcement: SUSE-SU-2015:2085 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00027.html
SuSE Security Announcement: SUSE-SU-2015:2086 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00028.html
SuSE Security Announcement: SUSE-SU-2015:2087 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00029.html
SuSE Security Announcement: SUSE-SU-2015:2089 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00030.html
SuSE Security Announcement: SUSE-SU-2015:2090 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00031.html
SuSE Security Announcement: SUSE-SU-2015:2091 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00032.html
http://www.ubuntu.com/usn/USN-2761-1
http://www.ubuntu.com/usn/USN-2762-1
http://www.ubuntu.com/usn/USN-2763-1
http://www.ubuntu.com/usn/USN-2764-1
http://www.ubuntu.com/usn/USN-2765-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-7837
BugTraq ID: 77097
http://www.securityfocus.com/bid/77097
http://www.openwall.com/lists/oss-security/2015/10/15/6
CopyrightCopyright (C) 2015 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.