MEDIUM6.2
Уязвимость операционной системы Linux, позволяющая злоумышленнику вызвать отказ в обслуживании, повысить свои привилегии или выполнить произвольный код
CVSS 2.0MEDIUM 6.2
CVSS:2.0/AV:L/AC:H/Au:N/C:C/I:C/A:CReferences
ALT-PU-2014-1375-1Package update kernel-image-el-def in branch sisyphus
Severity:
Closed issues (11)
MEDIUM5.5
Уязвимость операционной системы Linux, позволяющая злоумышленнику вызвать отказ в обслуживании
CVSS 2.0MEDIUM 5.5
CVSS:2.0/AV:A/AC:L/Au:S/C:N/I:N/A:CReferences
HIGH7.1
Уязвимость операционной системы Linux, позволяющая злоумышленнику вызвать отказ в обслуживании
CVSS 2.0HIGH 7.1
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:CReferences
CRITICAL10.0
Уязвимости операционной системы SUSE Linux Enterprise, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:CReferences
- CVE-2012-2372
- CVE-2013-2929
- CVE-2013-4299
- CVE-2013-4579
- CVE-2013-6382
- CVE-2013-7339
- CVE-2014-0055
- CVE-2014-0077
- CVE-2014-0101
- CVE-2014-0131
- CVE-2014-0155
- CVE-2014-1444
- CVE-2014-1445
- CVE-2014-1446
- CVE-2014-1874
- CVE-2014-2309
- CVE-2014-2523
- CVE-2014-2678
- CVE-2014-2851
- CVE-2014-3122
- CVE-2014-3144
- CVE-2014-3145
- CVE-2014-3917
- CVE-2014-4652
- CVE-2014-4653
- CVE-2014-4654
- CVE-2014-4655
- CVE-2014-4656
- CVE-2014-4699
CRITICAL10.0
Уязвимости операционной системы SUSE Linux Enterprise, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:CReferences
- CVE-2012-2372
- CVE-2013-2929
- CVE-2013-4299
- CVE-2013-4579
- CVE-2013-6382
- CVE-2013-7339
- CVE-2014-0055
- CVE-2014-0077
- CVE-2014-0101
- CVE-2014-0131
- CVE-2014-0155
- CVE-2014-1444
- CVE-2014-1445
- CVE-2014-1446
- CVE-2014-1874
- CVE-2014-2309
- CVE-2014-2523
- CVE-2014-2678
- CVE-2014-2851
- CVE-2014-3122
- CVE-2014-3144
- CVE-2014-3145
- CVE-2014-3917
- CVE-2014-4652
- CVE-2014-4653
- CVE-2014-4654
- CVE-2014-4655
- CVE-2014-4656
- CVE-2014-4699
CRITICAL10.0
Уязвимости операционной системы SUSE Linux Enterprise, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:CReferences
- CVE-2012-2372
- CVE-2013-2929
- CVE-2013-4299
- CVE-2013-4579
- CVE-2013-6382
- CVE-2013-7339
- CVE-2014-0055
- CVE-2014-0077
- CVE-2014-0101
- CVE-2014-0131
- CVE-2014-0155
- CVE-2014-1444
- CVE-2014-1445
- CVE-2014-1446
- CVE-2014-1874
- CVE-2014-2309
- CVE-2014-2523
- CVE-2014-2678
- CVE-2014-2851
- CVE-2014-3122
- CVE-2014-3144
- CVE-2014-3145
- CVE-2014-3917
- CVE-2014-4652
- CVE-2014-4653
- CVE-2014-4654
- CVE-2014-4655
- CVE-2014-4656
- CVE-2014-4699
CRITICAL10.0
Уязвимости операционной системы SUSE Linux Enterprise, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:CReferences
- CVE-2012-2372
- CVE-2013-2929
- CVE-2013-4299
- CVE-2013-4579
- CVE-2013-6382
- CVE-2013-7339
- CVE-2014-0055
- CVE-2014-0077
- CVE-2014-0101
- CVE-2014-0131
- CVE-2014-0155
- CVE-2014-1444
- CVE-2014-1445
- CVE-2014-1446
- CVE-2014-1874
- CVE-2014-2309
- CVE-2014-2523
- CVE-2014-2678
- CVE-2014-2851
- CVE-2014-3122
- CVE-2014-3144
- CVE-2014-3145
- CVE-2014-3917
- CVE-2014-4652
- CVE-2014-4653
- CVE-2014-4654
- CVE-2014-4655
- CVE-2014-4656
- CVE-2014-4699
MEDIUM6.9
Heap-based buffer overflow in the wdm_in_callback function in drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted cdc-wdm USB device.
CVSS 2.0MEDIUM 6.9
CVSS:2.0/AV:L/AC:M/Au:N/C:C/I:C/A:CReferences
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c0f5ecee4e741667b2493c742b60b6218d40b3aa
- http://rhn.redhat.com/errata/RHSA-2014-0328.html
- http://rhn.redhat.com/errata/RHSA-2014-0339.html
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:176
- http://www.openwall.com/lists/oss-security/2013/03/15/3
- http://www.securityfocus.com/bid/58510
- http://www.ubuntu.com/usn/USN-1809-1
- http://www.ubuntu.com/usn/USN-1811-1
- http://www.ubuntu.com/usn/USN-1812-1
- http://www.ubuntu.com/usn/USN-1813-1
- http://www.ubuntu.com/usn/USN-1814-1
- http://www.ubuntu.com/usn/USN-1829-1
- https://bugzilla.redhat.com/show_bug.cgi?id=921970
- https://github.com/torvalds/linux/commit/c0f5ecee4e741667b2493c742b60b6218d40b3aa
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c0f5ecee4e741667b2493c742b60b6218d40b3aa
- http://rhn.redhat.com/errata/RHSA-2014-0328.html
- http://rhn.redhat.com/errata/RHSA-2014-0339.html
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:176
- http://www.openwall.com/lists/oss-security/2013/03/15/3
- http://www.securityfocus.com/bid/58510
- http://www.ubuntu.com/usn/USN-1809-1
- http://www.ubuntu.com/usn/USN-1811-1
- http://www.ubuntu.com/usn/USN-1812-1
- http://www.ubuntu.com/usn/USN-1813-1
- http://www.ubuntu.com/usn/USN-1814-1
- http://www.ubuntu.com/usn/USN-1829-1
- https://bugzilla.redhat.com/show_bug.cgi?id=921970
- https://github.com/torvalds/linux/commit/c0f5ecee4e741667b2493c742b60b6218d40b3aa
MEDIUM5.5
The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle vhost_get_vq_desc errors, which allows guest OS users to cause a denial of service (host OS crash) via unspecified vectors.
CVSS 2.0MEDIUM 5.5
CVSS:2.0/AV:A/AC:L/Au:S/C:N/I:N/A:CReferences
- http://rhn.redhat.com/errata/RHSA-2014-0328.html
- http://rhn.redhat.com/errata/RHSA-2014-0339.html
- http://secunia.com/advisories/59386
- http://www.securityfocus.com/bid/66441
- https://bugzilla.redhat.com/show_bug.cgi?id=1062577
- http://rhn.redhat.com/errata/RHSA-2014-0328.html
- http://rhn.redhat.com/errata/RHSA-2014-0339.html
- http://secunia.com/advisories/59386
- http://www.securityfocus.com/bid/66441
- https://bugzilla.redhat.com/show_bug.cgi?id=1062577
HIGH7.2
The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer.
CVSS 2.0HIGH 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:CReferences
- http://article.gmane.org/gmane.linux.kernel.cifs/9401
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5d81de8e8667da7135d3a32a964087c0faf5483f
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00026.html
- http://rhn.redhat.com/errata/RHSA-2014-0328.html
- http://www.openwall.com/lists/oss-security/2014/02/17/4
- http://www.securityfocus.com/bid/65588
- https://bugzilla.redhat.com/show_bug.cgi?id=1064253
- https://github.com/torvalds/linux/commit/5d81de8e8667da7135d3a32a964087c0faf5483f
- http://article.gmane.org/gmane.linux.kernel.cifs/9401
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5d81de8e8667da7135d3a32a964087c0faf5483f
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00026.html
- http://rhn.redhat.com/errata/RHSA-2014-0328.html
- http://www.openwall.com/lists/oss-security/2014/02/17/4
- http://www.securityfocus.com/bid/65588
- https://bugzilla.redhat.com/show_bug.cgi?id=1064253
- https://github.com/torvalds/linux/commit/5d81de8e8667da7135d3a32a964087c0faf5483f
HIGH7.8
The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk.
CVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:CReferences
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ec0223ec48a90cb605244b45f7c62de856403729
- http://rhn.redhat.com/errata/RHSA-2014-0328.html
- http://rhn.redhat.com/errata/RHSA-2014-0419.html
- http://rhn.redhat.com/errata/RHSA-2014-0432.html
- http://secunia.com/advisories/59216
- http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15317.html
- http://www.openwall.com/lists/oss-security/2014/03/04/6
- http://www.securityfocus.com/bid/65943
- http://www.ubuntu.com/usn/USN-2173-1
- http://www.ubuntu.com/usn/USN-2174-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1070705
- https://github.com/torvalds/linux/commit/ec0223ec48a90cb605244b45f7c62de856403729
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ec0223ec48a90cb605244b45f7c62de856403729
- http://rhn.redhat.com/errata/RHSA-2014-0328.html
- http://rhn.redhat.com/errata/RHSA-2014-0419.html
- http://rhn.redhat.com/errata/RHSA-2014-0432.html
- http://secunia.com/advisories/59216
- http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15317.html
- http://www.openwall.com/lists/oss-security/2014/03/04/6
- http://www.securityfocus.com/bid/65943
- http://www.ubuntu.com/usn/USN-2173-1
- http://www.ubuntu.com/usn/USN-2174-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1070705
- https://github.com/torvalds/linux/commit/ec0223ec48a90cb605244b45f7c62de856403729