Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:30431
HistoryMar 31, 2014 - 12:00 a.m.

[USN-2140-1] Linux kernel vulnerabilities

2014-03-3100:00:00
vulners.com
31
JSON

==========================================================================
Ubuntu Security Notice USN-2140-1
March 07, 2014

linux vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 13.10

Summary:

Several security issues were fixed in the kernel.

Software Description:

  • linux: Linux kernel

Details:

An information leak was discovered in the Linux kernel when built with the
NetFilter Connection Tracking (NF_CONNTRACK) support for IRC protocol
(NF_NAT_IRC). A remote attacker could exploit this flaw to obtain
potentially sensitive kernel information when communicating over a client-
to-client IRC connection(/dcc) via a NAT-ed network. (CVE-2014-1690)

Matthew Thode reported a denial of service vulnerability in the Linux
kernel when SELinux support is enabled. A local user with the CAP_MAC_ADMIN
capability (and the SELinux mac_admin permission if running in enforcing
mode) could exploit this flaw to cause a denial of service (kernel crash).
(CVE-2014-1874)

An information leak was discovered in the Linux kernel's NFS filesystem. A
local users with write access to an NFS share could exploit this flaw to
obtain potential sensative information from kernel memory. (CVE-2014-2038)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.10:
linux-image-3.11.0-18-generic 3.11.0-18.32
linux-image-3.11.0-18-generic-lpae 3.11.0-18.32

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-2140-1
CVE-2014-1690, CVE-2014-1874, CVE-2014-2038

Package Information:
https://launchpad.net/ubuntu/+source/linux/3.11.0-18.32

– ubuntu-security-announce mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Related

openvas 85
ubuntu 12
nessus 32
cve 4
debiancve 3
prion 4
ubuntucve 3
mageia 7
redhat 4
veracode 6
amazon 1
oraclelinux 4
centos 2
suse 10
altlinux 1
fedora 18
securityvulns 1
debian 1
osv 1
openvas
openvas
Ubuntu Update for linux-lts-saucy USN-2137-1
2014-03-12 00:00:00
Ubuntu: Security Advisory (USN-2140-1)
2014-03-12 00:00:00
Ubuntu Update for linux USN-2140-1
2014-03-12 00:00:00
ubuntu
ubuntu
Linux kernel (Saucy HWE) vulnerabilities
2014-03-07 00:00:00
Linux kernel vulnerabilities
2014-03-07 00:00:00
Linux kernel (Raring HWE) vulnerabilities
2014-04-01 00:00:00
nessus
nessus
Ubuntu 12.04 LTS : linux-lts-saucy vulnerabilities (USN-2137-1)
2014-03-10 00:00:00
Ubuntu 13.10 : linux vulnerabilities (USN-2140-1)
2014-03-10 00:00:00
Fedora 20 : kernel-3.13.3-201.fc20 (2014-2576)
2014-02-18 00:00:00
cve
cve
CVE-2014-2038
2014-02-28 06:18:00
CVE-2014-1874
2014-02-28 06:18:00
CVE-2014-1690
2014-02-28 06:18:00
debiancve
debiancve
CVE-2014-2038
2014-02-28 06:18:00
CVE-2014-1874
2014-02-28 06:18:00
CVE-2014-1690
2014-02-28 06:18:00
prion
prion
Memory corruption
2014-02-28 06:18:00
Code injection
2014-02-28 06:18:00
Information disclosure
2014-02-28 06:18:00
ubuntucve
ubuntucve
CVE-2014-2038
2014-02-28 00:00:00
CVE-2014-1874
2014-02-07 00:00:00
CVE-2014-1690
2014-02-28 00:00:00
mageia
mageia
Updated kernel fixes security vulnerabilities
2014-02-26 22:37:33
Updated kernel-vserver packages fix security vulnerability
2014-02-13 02:53:19
Updated kernel package fixes one critical and a few other security issues
2014-02-08 23:01:59
redhat
redhat
(RHSA-2014:0439) Important: kernel-rt security, bug fix, and enhancement update
2014-04-28 00:00:00
(RHSA-2014:0328) Important: kernel security and bug fix update
2014-03-25 00:00:00
(RHSA-2014:0771) Important: kernel security and bug fix update
2014-06-19 00:00:00
veracode
veracode
Sensitive Information Disclosure
2019-05-02 04:57:44
Denial Of Service (DoS)
2019-05-02 04:57:44
Denial Of Service (DoS) Through Memory Consumption
2019-05-02 04:57:44
amazon
amazon
Medium: kernel
2014-02-26 14:26:00
oraclelinux
oraclelinux
unbreakable enterprise kernel security update
2014-06-20 00:00:00
unbreakable enterprise kernel security update
2014-06-20 00:00:00
kernel security and bug fix update
2014-06-19 00:00:00
centos
centos
kernel, perf, python security update
2014-03-25 21:39:34
kernel, perf, python security update
2014-06-20 10:10:41
suse
suse
kernel: security and bugfix update (important)
2014-05-19 14:04:14
kernel: security and bugfix update (important)
2014-05-19 14:10:36
Security update for Linux Kernel (important)
2014-06-18 01:04:38
altlinux
altlinux
Security fix for the ALT Linux 7 package kernel-image-el-def version 2.6.32-alt25
2014-06-21 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: kernel-3.13.3-201.fc20
2014-02-17 21:05:53
[SECURITY] Fedora 20 Update: kernel-3.13.5-200.fc20
2014-02-28 18:35:59
[SECURITY] Fedora 20 Update: kernel-3.13.5-202.fc20
2014-03-06 08:10:04
securityvulns
securityvulns
Linux kernel security vulnerabilities
2014-03-31 00:00:00
debian
debian
[SECURITY] [DSA 2906-1] linux-2.6 security update
2014-04-25 00:12:10
osv
osv
linux-2.6 - several
2014-04-24 00:00:00
JSON
Related for SECURITYVULNS:DOC:30431
openvas85ubuntu12nessus32cve4debiancve3prion4ubuntucve3mageia7redhat4veracode6amazon1oraclelinux4centos2suse10altlinux1fedora18securityvulns1debian1osv1