- Home
- CVEs with nessus.description==The+SUSE+Linux+Enterprise+Server+10+Service+Pack+4+LTSS+kernel+has+been+updated+to+fix+various+security+issues+and+several+bugs.%0A%0AThe+following+security+issues+have+been+addressed+%3A%0A%0ACVE-2013-6382%3A+Multiple+buffer+underflows+in+the+XFS+implementation+in+the+Linux+kernel+through+3.12.1+allow+local+users+to+cause+a+denial+of+service+%28memory+corruption%29+or+possibly+have+unspecified+other+impact+by+leveraging+the+CAP_SYS_ADMIN+capability+for+a+%281%29+XFS_IOC_ATTRLIST_BY_HANDLE+or+%282%29+XFS_IOC_ATTRLIST_BY_HANDLE_32+ioctl+call+with+a+crafted+length+value%2C+related+to+the+xfs_attrlist_by_handle+function+in+fs%2Fxfs%2Fxfs_ioctl.c+and+the+xfs_compat_attrlist_by_handle+function+in+fs%2Fxfs%2Fxfs_ioctl32.c.%0A%28bnc%23852553%29%0A%0ACVE-2013-7263%3A+The+Linux+kernel+before+3.12.4+updates+certain+length+values+before+ensuring+that+associated+data+structures+have+been+initialized%2C+which+allows+local+users+to+obtain+sensitive+information+from+kernel+stack+memory+via+a+%281%29+recvfrom%2C+%282%29+recvmmsg%2C+or+%283%29+recvmsg+system+call%2C+related+to+net%2Fipv4%2Fping.c%2C+net%2Fipv4%2Fraw.c%2C+net%2Fipv4%2Fudp.c%2C+net%2Fipv6%2Fraw.c%2C+and+net%2Fipv6%2Fudp.c.+%28bnc%23857643%29%0A%0ACVE-2013-7264%3A+The+l2tp_ip_recvmsg+function+in+net%2Fl2tp%2Fl2tp_ip.c+in+the+Linux+kernel+before+3.12.4+updates+a+certain+length+value+before+ensuring+that+an+associated+data+structure+has+been+initialized%2C+which+allows+local+users+to+obtain+sensitive+information+from+kernel+stack+memory+via+a+%281%29+recvfrom%2C+%282%29+recvmmsg%2C+or+%283%29+recvmsg+system+call.+%28bnc%23857643%29%0A%0ACVE-2013-7265%3A+The+pn_recvmsg+function+in+net%2Fphonet%2Fdatagram.c+in+the+Linux+kernel+before+3.12.4+updates+a+certain+length+value+before+ensuring+that+an+associated+data+structure+has+been+initialized%2C+which+allows+local+users+to+obtain+sensitive+information+from+kernel+stack+memory+via+a+%281%29+recvfrom%2C+%282%29+recvmmsg%2C+or+%283%29+recvmsg+system+call.+%28bnc%23857643%29%0A%0ACVE-2014-1737%3A+The+raw_cmd_copyin+function+in+drivers%2Fblock%2Ffloppy.c+in+the+Linux+kernel+through+3.14.3+does+not+properly+handle+error+conditions+during+processing+of+an+FDRAWCMD+ioctl+call%2C+which+allows+local+users+to+trigger+kfree+operations+and+gain+privileges+by+leveraging+write+access+to+a+%2Fdev%2Ffd+device.+%28bnc%23875798%29%0A%0ACVE-2014-1738%3A+The+raw_cmd_copyout+function+in+drivers%2Fblock%2Ffloppy.c+in+the+Linux+kernel+through+3.14.3+does+not+properly+restrict+access+to+certain+pointers+during+processing+of+an+FDRAWCMD+ioctl+call%2C+which+allows+local+users+to+obtain+sensitive+information+from+kernel+heap+memory+by+leveraging+write+access+to+a+%2Fdev%2Ffd+device.%0A%28bnc%23875798%29%0A%0AAdditionally%2C+the+following+non-security+bugs+have+been+fixed+%3A%0A%0A++-+tcp%3A+syncookies%3A+reduce+cookie+lifetime+to+128+seconds+++++%28bnc%23833968%29.%0A%0A++-+tcp%3A+syncookies%3A+reduce+mss+table+to+four+values+++++%28bnc%23833968%29.%0A%0A++-+ia64%3A+Change+default+PSR.ac+from+%271%27+to+%270%27+%28Fix+erratum+++++%23237%29+%28bnc%23874108%29.%0A%0A++-+tty%3A+fix+up+atime%2Fmtime+mess%2C+take+three+%28bnc%23797175%29.%0A%0ANote+that+Tenable+Network+Security+has+extracted+the+preceding+description+block+directly+from+the+SUSE+security+advisory.+Tenable+has+attempted+to+automatically+clean+and+format+it+as+much+as+possible+without+introducing+additional+issues
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top