English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.1.2.2014.103
Category:Debian Local Security Checks
Title:Debian: Security Advisory (DLA-103-1)
Summary:The remote host is missing an update for the Debian 'linux-2.6' package(s) announced via the DLA-103-1 advisory.
Description:Summary:
The remote host is missing an update for the Debian 'linux-2.6' package(s) announced via the DLA-103-1 advisory.

Vulnerability Insight:
This security upload has been prepared in cooperation of the Debian Kernel, Security and LTS Teams and features the upstream stable release 2.6.32.64 (see [link moved to references] for more information for that). It fixes the CVEs described below. Note: if you are using the openvz flavors, please consider three things: a.) we haven't got any feedback on them (while we have for all other flavors) b.) so do your test before deploying them and c.) once you have done so, please give feedback to debian-lts@lists.debian.org. If you are not using openvz flavors, please still consider b+c :-) CVE-2012-6657 Fix the sock_setsockopt function to prevent local users from being able to cause a denial of service (system crash) attack. CVE-2013-0228 Fix a XEN priviledge escalation, which allowed guest OS users to gain guest OS priviledges. CVE-2013-7266 Fix the mISDN_sock_recvmsg function to prevent local users from obtaining sensitive information from kernel memory. CVE-2014-4157 MIPS platform: prevent local users from bypassing intended PR_SET_SECCOMP restrictions. CVE-2014-4508 Prevent local users from causing a denial of service (OOPS and system crash) when syscall auditing is enabled . CVE-2014-4653 CVE-2014-4654 CVE-2014-4655 Fix the ALSA control implementation to prevent local users from causing a denial of service attack and from obtaining sensitive information from kernel memory. CVE-2014-4943 Fix PPPoL2TP feature to prevent local users to from gaining privileges. CVE-2014-5077 Prevent remote attackers from causing a denial of service attack involving SCTP. CVE-2014-5471 CVE-2014-5472 Fix the parse_rock_ridge_inode_internal function to prevent local users from causing a denial of service attack via a crafted iso9660 images. CVE-2014-9090 Fix the do_double_fault function to prevent local users from causing a denial of service (panic) attack. For Debian 6 Squeeze, these issues have been fixed in linux-2.6 version 2.6.32-48squeeze9

Affected Software/OS:
'linux-2.6' package(s) on Debian 6.

Solution:
Please install the updated package(s).

CVSS Score:
7.1

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-6657
HPSBGN03282
http://marc.info/?l=bugtraq&m=142722544401658&w=2
HPSBGN03285
http://marc.info/?l=bugtraq&m=142722450701342&w=2
SUSE-SU-2015:0652
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html
SUSE-SU-2015:0812
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
[oss-security] 20140915 Re: CVE request Linux kernel: net: guard tcp_set_keepalive against crash
http://www.openwall.com/lists/oss-security/2014/09/15/8
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3e10986d1d698140747fcfc2761ec9cb64c1d582
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.7
https://bugzilla.redhat.com/show_bug.cgi?id=1141742
https://github.com/torvalds/linux/commit/3e10986d1d698140747fcfc2761ec9cb64c1d582
Common Vulnerability Exposure (CVE) ID: CVE-2013-0228
MDVSA-2013:176
http://www.mandriva.com/security/advisories?name=MDVSA-2013:176
USN-1795-1
http://www.ubuntu.com/usn/USN-1795-1
USN-1796-1
http://www.ubuntu.com/usn/USN-1796-1
USN-1797-1
http://www.ubuntu.com/usn/USN-1797-1
USN-1805-1
http://www.ubuntu.com/usn/USN-1805-1
USN-1808-1
http://www.ubuntu.com/usn/USN-1808-1
[oss-security] 20130213 Xen Security Advisory 42 (CVE-2013-0228) - Linux kernel hits general protection if %ds is corrupt for 32-bit PVOPS.
http://www.openwall.com/lists/oss-security/2013/02/13/10
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=13d2b4d11d69a92574a55bfd985cfb0ca77aebdc
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.9
https://bugzilla.redhat.com/show_bug.cgi?id=906309
https://github.com/torvalds/linux/commit/13d2b4d11d69a92574a55bfd985cfb0ca77aebdc
Common Vulnerability Exposure (CVE) ID: CVE-2013-7266
http://www.openwall.com/lists/oss-security/2013/12/31/7
http://secunia.com/advisories/55882
http://secunia.com/advisories/56036
http://www.ubuntu.com/usn/USN-2109-1
http://www.ubuntu.com/usn/USN-2110-1
http://www.ubuntu.com/usn/USN-2113-1
http://www.ubuntu.com/usn/USN-2117-1
http://www.ubuntu.com/usn/USN-2128-1
http://www.ubuntu.com/usn/USN-2129-1
http://www.ubuntu.com/usn/USN-2135-1
http://www.ubuntu.com/usn/USN-2136-1
http://www.ubuntu.com/usn/USN-2138-1
http://www.ubuntu.com/usn/USN-2139-1
http://www.ubuntu.com/usn/USN-2141-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-4157
http://openwall.com/lists/oss-security/2014/06/16/1
http://www.openwall.com/lists/oss-security/2014/06/17/17
Common Vulnerability Exposure (CVE) ID: CVE-2014-4508
BugTraq ID: 68126
http://www.securityfocus.com/bid/68126
http://article.gmane.org/gmane.linux.kernel/1726110
http://openwall.com/lists/oss-security/2014/06/20/1
http://www.openwall.com/lists/oss-security/2014/06/20/10
http://www.openwall.com/lists/oss-security/2020/11/12/3
http://secunia.com/advisories/58964
http://secunia.com/advisories/60564
SuSE Security Announcement: SUSE-SU-2014:1316 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html
SuSE Security Announcement: SUSE-SU-2014:1319 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html
SuSE Security Announcement: openSUSE-SU-2015:0566 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html
http://www.ubuntu.com/usn/USN-2334-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-4653
BugTraq ID: 68164
http://www.securityfocus.com/bid/68164
http://www.openwall.com/lists/oss-security/2014/06/26/6
RedHat Security Advisories: RHSA-2014:1083
http://rhn.redhat.com/errata/RHSA-2014-1083.html
http://secunia.com/advisories/59434
http://secunia.com/advisories/59777
http://secunia.com/advisories/60545
SuSE Security Announcement: SUSE-SU-2015:0812 (Google Search)
http://www.ubuntu.com/usn/USN-2335-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-4654
BugTraq ID: 68162
http://www.securityfocus.com/bid/68162
Common Vulnerability Exposure (CVE) ID: CVE-2014-4655
http://www.securitytracker.com/id/1036763
Common Vulnerability Exposure (CVE) ID: CVE-2014-4943
Debian Security Information: DSA-2992 (Google Search)
http://www.debian.org/security/2014/dsa-2992
http://www.exploit-db.com/exploits/36267
http://openwall.com/lists/oss-security/2014/07/17/1
http://osvdb.org/show/osvdb/109277
RedHat Security Advisories: RHSA-2014:1025
http://rhn.redhat.com/errata/RHSA-2014-1025.html
http://www.securitytracker.com/id/1030610
http://secunia.com/advisories/59790
http://secunia.com/advisories/60011
http://secunia.com/advisories/60071
http://secunia.com/advisories/60220
http://secunia.com/advisories/60380
http://secunia.com/advisories/60393
SuSE Security Announcement: SUSE-SU-2015:0481 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html
XForce ISS Database: linux-kernel-cve20144943-priv-esc(94665)
https://exchange.xforce.ibmcloud.com/vulnerabilities/94665
Common Vulnerability Exposure (CVE) ID: CVE-2014-5077
1030681
http://www.securitytracker.com/id/1030681
59777
60430
http://secunia.com/advisories/60430
60545
60564
60744
http://secunia.com/advisories/60744
62563
http://secunia.com/advisories/62563
68881
http://www.securityfocus.com/bid/68881
RHSA-2014:1083
RHSA-2014:1668
http://rhn.redhat.com/errata/RHSA-2014-1668.html
RHSA-2014:1763
http://rhn.redhat.com/errata/RHSA-2014-1763.html
SUSE-SU-2014:1316
SUSE-SU-2014:1319
USN-2334-1
USN-2335-1
USN-2358-1
http://www.ubuntu.com/usn/USN-2358-1
USN-2359-1
http://www.ubuntu.com/usn/USN-2359-1
[oss-security] 20140725 Re: CVE request Linux Kernel: net: SCTP: NULL pointer dereference
http://www.openwall.com/lists/oss-security/2014/07/26/1
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1be9a950c646c9092fb3618197f7b6bfb50e82aa
https://bugzilla.redhat.com/show_bug.cgi?id=1122982
https://github.com/torvalds/linux/commit/1be9a950c646c9092fb3618197f7b6bfb50e82aa
linux-kernel-cve20145077-dos(95134)
https://exchange.xforce.ibmcloud.com/vulnerabilities/95134
Common Vulnerability Exposure (CVE) ID: CVE-2014-5471
BugTraq ID: 69396
http://www.securityfocus.com/bid/69396
HPdes Security Advisory: HPSBGN03282
HPdes Security Advisory: HPSBGN03285
https://code.google.com/p/google-security-research/issues/detail?id=88
http://seclists.org/oss-sec/2014/q3/450
http://www.openwall.com/lists/oss-security/2014/08/27/1
RedHat Security Advisories: RHSA-2014:1318
http://rhn.redhat.com/errata/RHSA-2014-1318.html
RedHat Security Advisories: RHSA-2015:0102
http://rhn.redhat.com/errata/RHSA-2015-0102.html
RedHat Security Advisories: RHSA-2015:0695
http://rhn.redhat.com/errata/RHSA-2015-0695.html
RedHat Security Advisories: RHSA-2015:0782
http://rhn.redhat.com/errata/RHSA-2015-0782.html
RedHat Security Advisories: RHSA-2015:0803
http://rhn.redhat.com/errata/RHSA-2015-0803.html
http://www.ubuntu.com/usn/USN-2354-1
http://www.ubuntu.com/usn/USN-2355-1
http://www.ubuntu.com/usn/USN-2356-1
http://www.ubuntu.com/usn/USN-2357-1
XForce ISS Database: linux-kernel-isofs-bo(95481)
https://exchange.xforce.ibmcloud.com/vulnerabilities/95481
Common Vulnerability Exposure (CVE) ID: CVE-2014-5472
BugTraq ID: 69428
http://www.securityfocus.com/bid/69428
XForce ISS Database: linux-kernel-cve20145472-dos(95556)
https://exchange.xforce.ibmcloud.com/vulnerabilities/95556
Common Vulnerability Exposure (CVE) ID: CVE-2014-9090
Debian Security Information: DSA-3093 (Google Search)
http://www.debian.org/security/2014/dsa-3093
http://www.openwall.com/lists/oss-security/2014/11/26/5
http://secunia.com/advisories/62336
SuSE Security Announcement: SUSE-SU-2015:0736 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html
CopyrightCopyright (C) 2023 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.