| Descripción: | Summary:
The remote host is missing an update for the 'kernel'
package(s) announced via the referenced advisory.
Vulnerability Insight:
The Linux kernel was updated to fix various bugs and security issues.
The following security issues were fixed:
- CVE-2014-8173: A NULL pointer dereference flaw was found in the way the
Linux kernels madvise MADV_WILLNEED functionality handled page table
locking. A local, unprivileged user could have used this flaw to crash
the system.
- CVE-2015-1593: A integer overflow reduced the effectiveness of the stack
randomization on 64-bit systems.
- CVE-2014-7822: A flaw was found in the way the Linux kernels splice()
system call validated its parameters. On certain file systems, a local,
unprivileged user could have used this flaw to write past the maximum
file size, and thus crash the system.
- CVE-2014-9419: The __switch_to function in arch/x86/kernel/process_64.c
in the Linux kernel did not ensure that Thread Local Storage (TLS)
descriptors are loaded before proceeding with other steps, which made it
easier for local users to bypass the ASLR protection mechanism via a
crafted application that reads a TLS base address.
- CVE-2014-8134: The paravirt_ops_setup function in arch/x86/kernel/kvm.c
in the Linux kernel used an improper paravirt_enabled setting for KVM
guest kernels, which made it easier for guest OS users to bypass the
ASLR protection mechanism via a crafted application that reads a 16-bit
value.
- CVE-2014-8160: net/netfilter/nf_conntrack_proto_generic.c in the Linux
kernel generated incorrect conntrack entries during handling of certain
iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols,
which allowed remote attackers to bypass intended access restrictions
via packets with disallowed port numbers.
- CVE-2014-9529: Race condition in the key_gc_unused_keys function in
security/keys/gc.c in the Linux kernel allowed local users to cause a
denial of service (memory corruption or panic) or possibly have
unspecified other impact via keyctl commands that trigger access to a
key structure member during garbage collection of a key.
- CVE-2014-8559: The d_walk function in fs/dcache.c in the Linux kernel
through did not properly maintain the semantics of rename_lock, which
allowed local users to cause a denial of service (deadlock and system
hang) via a crafted application.
- CVE-2014-9420: The rock_continue function in fs/isofs/rock.c in the
Linux kernel did not restrict the number of Rock Ridge continuation
entries, which allowed local users to cause a denial of service
(infinite loop, and system crash or hang) via a crafted iso9660 image.
- CVE-2014-9584: The parse_rock_ridge_inode_internal fu ...
Description truncated, please see the referenced URL(s) for more information.
Affected Software/OS:
kernel on openSUSE 13.1
Solution:
Please install the updated package(s).
CVSS Score:
7.2
CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
