ID de Prueba:	1.3.6.1.4.1.25623.1.0.841949
Categoría:	Ubuntu Local Security Checks
Título:	Ubuntu Update for linux-lts-trusty USN-2336-1
Resumen:	The remote host is missing an update for the 'linux-lts-trusty'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'linux-lts-trusty' package(s) announced via the referenced advisory. Vulnerability Insight: A flaw was discovered in the Linux kernel virtual machine's (kvm) validation of interrupt requests (irq). A guest OS user could exploit this flaw to cause a denial of service (host OS crash). (CVE-2014-0155) Andy Lutomirski discovered a flaw in the authorization of netlink socket operations when a socket is passed to a process of more privilege. A local user could exploit this flaw to bypass access restrictions by having a privileged executable do something it was not intended to do. (CVE-2014-0181) An information leak was discovered in the Linux kernels aio_read_events_ring function. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-0206) A flaw was discovered in the Linux kernel's implementation of user namespaces with respect to inode permissions. A local user could exploit this flaw by creating a user namespace to gain administrative privileges. (CVE-2014-4014) An information leak was discovered in the rd_mcp backend of the iSCSI target subsystem in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. (CVE-2014-4027) Sasha Levin reported an issue with the Linux kernel's shared memory subsystem when used with range notifications and hole punching. A local user could exploit this flaw to cause a denial of service. (CVE-2014-4171) Toralf Fö rster reported an error in the Linux kernels syscall auditing on 32 bit x86 platforms. A local user could exploit this flaw to cause a denial of service (OOPS and system crash). (CVE-2014-4508) An information leak was discovered in the control implementation of the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2014-4652) A use-after-free flaw was discovered in the Advanced Linux Sound Architecture (ALSA) control implementation of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash). (CVE-2014-4653) A authorization bug was discovered with the snd_ctl_elem_add function of the Advanced Linux Sound Architecture (ALSA) in the Linux kernel. A local user could exploit his bug to cause a denial of service (remove kernel controls). (CVE-2014-4654) A flaw discovered in how the snd_ctl_elem function of the Advanced Linux Sound Architecture (ALSA) handled a reference count. A local user could exploit this flaw to cause a denial of service (integer overflow and limit bypass). (CVE-2014-4655) An integer overflow flaw was ... Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: linux-lts-trusty on Ubuntu 12.04 LTS Solution: Please Install the Updated Packages. CVSS Score: 6.2 CVSS Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0155 http://www.openwall.com/lists/oss-security/2014/04/07/2 Common Vulnerability Exposure (CVE) ID: CVE-2014-0181 http://marc.info/?l=linux-netdev&m=139828832919748&w=2 http://www.openwall.com/lists/oss-security/2014/04/23/6 RedHat Security Advisories: RHSA-2014:1959 http://rhn.redhat.com/errata/RHSA-2014-1959.html SuSE Security Announcement: SUSE-SU-2015:0481 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html SuSE Security Announcement: SUSE-SU-2015:0652 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html SuSE Security Announcement: SUSE-SU-2015:0736 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html SuSE Security Announcement: SUSE-SU-2015:0812 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html SuSE Security Announcement: openSUSE-SU-2015:0566 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html Common Vulnerability Exposure (CVE) ID: CVE-2014-0206 BugTraq ID: 68176 http://www.securityfocus.com/bid/68176 http://www.securitytracker.com/id/1030479 http://www.securitytracker.com/id/1038201 http://secunia.com/advisories/59278 Common Vulnerability Exposure (CVE) ID: CVE-2014-4014 BugTraq ID: 67988 http://www.securityfocus.com/bid/67988 http://www.exploit-db.com/exploits/33824 http://www.openwall.com/lists/oss-security/2014/06/10/4 http://www.securitytracker.com/id/1030394 http://secunia.com/advisories/59220 Common Vulnerability Exposure (CVE) ID: CVE-2014-4027 http://www.openwall.com/lists/oss-security/2014/06/11/1 http://permalink.gmane.org/gmane.linux.scsi.target.devel/6618 http://secunia.com/advisories/59134 http://secunia.com/advisories/59777 http://secunia.com/advisories/60564 http://secunia.com/advisories/61310 SuSE Security Announcement: SUSE-SU-2014:1316 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html SuSE Security Announcement: SUSE-SU-2014:1319 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html http://www.ubuntu.com/usn/USN-2334-1 http://www.ubuntu.com/usn/USN-2335-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-4171 BugTraq ID: 68157 http://www.securityfocus.com/bid/68157 http://marc.info/?l=linux-mm-commits&m=140303745420549&w=2 http://www.openwall.com/lists/oss-security/2014/06/18/11 RedHat Security Advisories: RHSA-2014:1318 http://rhn.redhat.com/errata/RHSA-2014-1318.html RedHat Security Advisories: RHSA-2015:0102 http://rhn.redhat.com/errata/RHSA-2015-0102.html http://www.securitytracker.com/id/1030450 Common Vulnerability Exposure (CVE) ID: CVE-2014-4508 BugTraq ID: 68126 http://www.securityfocus.com/bid/68126 http://article.gmane.org/gmane.linux.kernel/1726110 http://openwall.com/lists/oss-security/2014/06/20/1 http://www.openwall.com/lists/oss-security/2014/06/20/10 http://www.openwall.com/lists/oss-security/2020/11/12/3 http://secunia.com/advisories/58964 Common Vulnerability Exposure (CVE) ID: CVE-2014-4652 http://www.openwall.com/lists/oss-security/2014/06/26/6 RedHat Security Advisories: RHSA-2014:1083 http://rhn.redhat.com/errata/RHSA-2014-1083.html RedHat Security Advisories: RHSA-2015:1272 http://rhn.redhat.com/errata/RHSA-2015-1272.html http://secunia.com/advisories/59434 http://secunia.com/advisories/60545 XForce ISS Database: linux-kernel-cve20144652-info-disc(94412) https://exchange.xforce.ibmcloud.com/vulnerabilities/94412 Common Vulnerability Exposure (CVE) ID: CVE-2014-4653 BugTraq ID: 68164 http://www.securityfocus.com/bid/68164 Common Vulnerability Exposure (CVE) ID: CVE-2014-4654 BugTraq ID: 68162 http://www.securityfocus.com/bid/68162 Common Vulnerability Exposure (CVE) ID: CVE-2014-4655 http://www.securitytracker.com/id/1036763 Common Vulnerability Exposure (CVE) ID: CVE-2014-4656 RedHat Security Advisories: RHSA-2015:0087 http://rhn.redhat.com/errata/RHSA-2015-0087.html Common Vulnerability Exposure (CVE) ID: CVE-2014-4667 BugTraq ID: 68224 http://www.securityfocus.com/bid/68224 Debian Security Information: DSA-2992 (Google Search) http://www.debian.org/security/2014/dsa-2992 http://www.openwall.com/lists/oss-security/2014/06/27/11 http://secunia.com/advisories/59790 http://secunia.com/advisories/60596 Common Vulnerability Exposure (CVE) ID: CVE-2014-5045 BugTraq ID: 68862 http://www.securityfocus.com/bid/68862 http://www.openwall.com/lists/oss-security/2014/07/24/2 RedHat Security Advisories: RHSA-2015:0062 http://rhn.redhat.com/errata/RHSA-2015-0062.html http://secunia.com/advisories/60353
Copyright	Copyright (C) 2014 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.