Mandriva Linux Security Advisory 2013-176 - Multiple vulnerabilities has been found and corrected in the Linux kernel. The updated packages provides a solution for these security issues.
ae2f3459ec3bdf76b4bab9b9b1aed7e5bb62fecbaa5d70cf041846a180464d66Red Hat Security Advisory 2013-0807-01 - The hypervkvpd package contains hypervkvpd, the guest Microsoft Hyper-V Key-Value Pair daemon. The daemon passes basic information to the host through VMBus, such as the guest IP address, fully qualified domain name, operating system name, and operating system release number. A denial of service flaw was found in the way hypervkvpd processed certain Netlink messages. A local, unprivileged user in a guest could send a Netlink message that, when processed, would cause the guest's hypervkvpd daemon to exit. The CVE-2012-5532 issue was discovered by Florian Weimer of the Red Hat Product Security Team.
48444d8e9b2d2d4946cba8d7dcfbf3961ed54d4d33d2f2fbb222fba97c6e7fbdUbuntu Security Notice 1726-1 - It was discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating the origin on Netlink messages. An untrusted local user can cause a denial of service of Linux guests in Hyper-V virtualization environments. Dmitry Monakhov reported a race condition flaw the Linux ext4 filesystem that can expose stale data. An unprivileged user could exploit this flaw to cause an information leak. Various other issues were also addressed.
a3d55b9ff0b73d1df8e7409074747aabe37ecb3203cc3a90ab56e3dba8a7c4f8Ubuntu Security Notice 1720-1 - It was discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating the origin on Netlink messages. An untrusted local user can cause a denial of service of Linux guests in Hyper-V virtualization environments. Dmitry Monakhov reported a race condition flaw the Linux ext4 filesystem that can expose stale data. An unprivileged user could exploit this flaw to cause an information leak. Various other issues were also addressed.
e44f09d2e5a972aa796e430101537128cafec69256c99de889a29ded2edd3bcfUbuntu Security Notice 1704-2 - USN-1704-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression inotify/fanotify stopped working after upgrading. This update fixes the problem. Brad Spengler discovered a flaw in the Linux kernel's uname system call. An unprivileged user could exploit this flaw to read kernel stack memory. Jon Howell reported a flaw in the Linux kernel's KVM (Kernel-based virtual machine) subsystem's handling of the XSAVE feature. On hosts, using qemu userspace, without the XSAVE feature an unprivileged local attacker could exploit this flaw to crash the system. Dmitry Monakhov reported a race condition flaw the Linux ext4 filesystem that can expose stale data. An unprivileged user could exploit this flaw to cause an information leak. A flaw was discovered in the Linux kernel's handling of script execution when module loading is enabled. A local attacker could exploit this flaw to cause a leak of kernel stack contents. Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois congestion control algorithm. A local attacker could use this to cause a denial of service. A flaw was discovered in the Linux kernel's handling of new hot-plugged memory. An unprivileged local user could exploit this flaw to cause a denial of service by crashing the system. Florian Weimer discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating source addresses of netlink packets. An untrusted local user can cause a denial of service by causing hypervkvpd to exit. Various other issues were also addressed.
e9e792aadc97786927427c783a1b1572627f4f272916fcaa582f0780c5890272Ubuntu Security Notice 1698-2 - USN-1698-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression inotify/fanotify stopped working after upgrading. This update fixes the problem. A flaw was discovered in the Linux kernel's handling of script execution when module loading is enabled. A local attacker could exploit this flaw to cause a leak of kernel stack contents. Florian Weimer discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating source addresses of netlink packets. An untrusted local user can cause a denial of service by causing hypervkvpd to exit. Various other issues were also addressed.
c46a8944c6adf5f34311710cc344aabe4f1d2d9345df52ca204adc9b0c6bdfc1Ubuntu Security Notice 1696-2 - USN-1696-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression inotify/fanotify stopped working after upgrading. This update fixes the problem. Jon Howell reported a flaw in the Linux kernel's KVM (Kernel-based virtual machine) subsystem's handling of the XSAVE feature. On hosts, using qemu userspace, without the XSAVE feature an unprivileged local attacker could exploit this flaw to crash the system. A flaw was discovered in the Linux kernel's handling of script execution when module loading is enabled. A local attacker could exploit this flaw to cause a leak of kernel stack contents. Florian Weimer discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating source addresses of netlink packets. An untrusted local user can cause a denial of service by causing hypervkvpd to exit. Various other issues were also addressed.
e408a3102f01f5fccf4da6ee68f082b7cb946810d6adaf4f91a34a0cd7d733acUbuntu Security Notice 1700-2 - USN-1700-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression inotify/fanotify stopped working after upgrading. This update fixes the problem. A flaw was discovered in the Linux kernel's handling of script execution when module loading is enabled. A local attacker could exploit this flaw to cause a leak of kernel stack contents. Florian Weimer discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating source addresses of netlink packets. An untrusted local user can cause a denial of service by causing hypervkvpd to exit. Various other issues were also addressed.
21c11ff5e2b4a56b072c318b8324099c90ae3de4a7b9f266fe9b4e164e3ad3aaUbuntu Security Notice 1699-2 - USN-1699-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression inotify/fanotify stopped working after upgrading. This update fixes the problem. Jon Howell reported a flaw in the Linux kernel's KVM (Kernel-based virtual machine) subsystem's handling of the XSAVE CPU feature. On hosts without the XSAVE CPU feature, using qemu userspace, an unprivileged local attacker could exploit this flaw to crash the system. A flaw was discovered in the Linux kernel's handling of script execution when module loading is enabled. A local attacker could exploit this flaw to cause a leak of kernel stack contents. Florian Weimer discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating source addresses of netlink packets. An untrusted local user can cause a denial of service by causing hypervkvpd to exit. Various other issues were also addressed.
dd6ff2e0e516de16930d5650c1e19da4171a897ed4034dbca85ee945498d6aaeUbuntu Security Notice 1704-1 - Brad Spengler discovered a flaw in the Linux kernel's uname system call. An unprivileged user could exploit this flaw to read kernel stack memory. Jon Howell reported a flaw in the Linux kernel's KVM (Kernel-based virtual machine) subsystem's handling of the XSAVE feature. On hosts, using qemu userspace, without the XSAVE feature an unprivileged local attacker could exploit this flaw to crash the system. Various other issues were also addressed.
cee34c70ba2a3639f0d2c6c944ab8c33eaab079317385ea3e05356964547c138Ubuntu Security Notice 1700-1 - A flaw was discovered in the Linux kernel's handling of script execution when module loading is enabled. A local attacker could exploit this flaw to cause a leak of kernel stack contents. Florian Weimer discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating source addresses of netlink packets. An untrusted local user can cause a denial of service by causing hypervkvpd to exit. Various other issues were also addressed.
4b711a1032c43404c0e37835be4261d9e099772127d146641dec44e28a1e8401Ubuntu Security Notice 1699-1 - Jon Howell reported a flaw in the Linux kernel's KVM (Kernel-based virtual machine) subsystem's handling of the XSAVE CPU feature. On hosts without the XSAVE CPU feature, using qemu userspace, an unprivileged local attacker could exploit this flaw to crash the system. A flaw was discovered in the Linux kernel's handling of script execution when module loading is enabled. A local attacker could exploit this flaw to cause a leak of kernel stack contents. Various other issues were also addressed.
2904161141f71136657aa5feccfaf06d5562a735552e35829baa201b02b6a654Ubuntu Security Notice 1696-1 - Jon Howell reported a flaw in the Linux kernel's KVM (Kernel-based virtual machine) subsystem's handling of the XSAVE CPU feature. On hosts without the XSAVE CPU feature, using qemu userspace, an unprivileged local attacker could exploit this flaw to crash the system. A flaw was discovered in the Linux kernel's handling of script execution when module loading is enabled. A local attacker could exploit this flaw to cause a leak of kernel stack contents. Various other issues were also addressed.
c1b420569ebc8959d5320509d874c3ac3e68c8ce3904aad9c1f4621cbb321abfUbuntu Security Notice 1698-1 - A flaw was discovered in the Linux kernel's handling of script execution when module loading is enabled. A local attacker could exploit this flaw to cause a leak of kernel stack contents. Florian Weimer discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating source addresses of netlink packets. An untrusted local user can cause a denial of service by causing hypervkvpd to exit. Various other issues were also addressed.
5867502571fddea90398a56293a3dbe716d40185c1b280e5c8f3f22987a5cd52
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed