http://ftp.osuosl.org/pub/linux/kernel/v3.0/ChangeLog-3.0

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a5b2c5b2ad5853591a6cac6134cd0f599a720865

[oss-security] 20111017 Re: CVE request: kernel/AppArmor local denial of service

https://github.com/torvalds/linux/commit/a5b2c5b2ad5853591a6cac6134cd0f599a720865

The openSUSE 11.4 kernel was updated to fix various bugs and security issues.

This is the final update of the 2.6.37 kernel of openSUSE 11.4.

This kernel update of the openSUSE 12.1 kernel fixes lots of bugs and security issues.

Following issues were fixed :

  - tcp: drop SYN+FIN messages (bnc#765102).

  - net: sock: validate data_len before allocating skb in     sock_alloc_send_pskb() (bnc#765320, CVE-2012-2136).

  - fcaps: clear the same personality flags as suid when     fcaps are used (bnc#758260 CVE-2012-2123).

  - macvtap: zerocopy: validate vectors before building skb     (bnc#758243 CVE-2012-2119).

  - hfsplus: Fix potential buffer overflows (bnc#760902     CVE-2009-4020).

  - xfrm: take net hdr len into account for esp payload size     calculation (bnc#759545).

  - ext4: fix undefined behavior in ext4_fill_flex_info()     (bnc#757278).

  - igb: fix rtnl race in PM resume path (bnc#748859).

  - ixgbe: add missing rtnl_lock in PM resume path     (bnc#748859).

  - b43: allocate receive buffers big enough for max frame     len + offset (bnc#717749).

  - xenbus: Reject replies with payload >     XENSTORE_PAYLOAD_MAX.

  - xenbus_dev: add missing error checks to watch handling.

  - hwmon: (coretemp-xen) Fix TjMax detection for older     CPUs.

  - hwmon: (coretemp-xen) Relax target temperature range     check.

  - Refresh other Xen patches.

  - tlan: add cast needed for proper 64 bit operation     (bnc#756840).

  - dl2k: Tighten ioctl permissions (bnc#758813).

  - [media] cx22702: Fix signal strength.

  - fs: cachefiles: Add support for large files in     filesystem caching (bnc#747038).

  - bridge: correct IPv6 checksum after pull (bnc#738644).

  - bridge: fix a possible use after free (bnc#738644).

  - bridge: Pseudo-header required for the checksum of     ICMPv6 (bnc#738644).

  - bridge: mcast snooping, fix length check of snooped     MLDv1/2 (bnc#738644).

  - PCI/ACPI: Report ASPM support to BIOS if not disabled     from command line (bnc#714455).

  - ipc/sem.c: fix race with concurrent semtimedop()     timeouts and IPC_RMID (bnc#756203).

  - drm/i915/crt: Remove 0xa0 probe for VGA.

  - tty_audit: fix tty_audit_add_data live lock on audit     disabled (bnc#721366).

  - drm/i915: suspend fbdev device around suspend/hibernate     (bnc#732908).

  - dlm: Do not allocate a fd for peeloff (bnc#729247).

  - sctp: Export sctp_do_peeloff (bnc#729247).

  - i2c-algo-bit: Fix spurious SCL timeouts under heavy     load.

  - patches.fixes/epoll-dont-limit-non-nested.patch: Don't     limit non-nested epoll paths (bnc#676204).

  - Update patches.suse/sd_init.mark_majors_busy.patch     (bnc#744658).

  - igb: Fix for Alt MAC Address feature on 82580 and later     devices (bnc#746980).

  - mark busy sd majors as allocated (bug#744658).

  - regset: Return -EFAULT, not -EIO, on host-side memory     fault (bnc# 750079 CVE-2012-1097).

  - regset: Prevent NULL pointer reference on readonly     regsets (bnc#750079 CVE-2012-1097).

  - mm: memcg: Correct unregistring of events attached to     the same eventfd (CVE-2012-1146 bnc#750959).

  - befs: Validate length of long symbolic links     (CVE-2011-2928 bnc#713430).

  - si4713-i2c: avoid potential buffer overflow on si4713     (CVE-2011-2700 bnc#707332).

  - staging: comedi: fix infoleak to userspace     (CVE-2011-2909 bnc#711941).

  - hfs: add sanity check for file name length     (CVE-2011-4330 bnc#731673).

  - cifs: fix dentry refcount leak when opening a FIFO on     lookup (CVE-2012-1090 bnc#749569).

  - drm: integer overflow in drm_mode_dirtyfb_ioctl()     (CVE-2012-0044 bnc#740745).

  - xfs: fix acl count validation in xfs_acl_from_disk()     (CVE-2012-0038 bnc#740703).

  - xfs: validate acl count (CVE-2012-0038 bnc#740703).

  -     patches.fixes/xfs-fix-possible-memory-corruption-in-xfs_     readlink: Work around missing xfs_alert().

  - xfs: Fix missing xfs_iunlock() on error recovery path in     xfs_readlink() (CVE-2011-4077 bnc#726600).

  - xfs: Fix possible memory corruption in xfs_readlink     (CVE-2011-4077 bnc#726600).

  - ext4: make ext4_split_extent() handle error correctly.

  - ext4: ext4_ext_convert_to_initialized bug found in     extended FSX testing.

  - ext4: add ext4_split_extent_at() and     ext4_split_extent().

  - ext4: reimplement convert and split_unwritten     (CVE-2011-3638 bnc#726045).

  - patches.fixes/epoll-limit-paths.patch: epoll: limit     paths (bnc#676204 CVE-2011-1083).

  - patches.kabi/epoll-kabi-fix.patch: epoll: hide kabi     change in struct file (bnc#676204 CVE-2011-1083).

  - NAT/FTP: Fix broken conntrack (bnc#681639 bnc#466279     bnc#747660).

  - igmp: Avoid zero delay when receiving odd mixture of     IGMP queries (bnc#740448 CVE-2012-0207).

  - jbd2: clear BH_Delay & BH_Unwritten in     journal_unmap_buffer (bnc#745832 CVE-2011-4086).

  - AppArmor: fix oops in apparmor_setprocattr (bnc#717209     CVE-2011-3619).

  - Refresh patches.suse/SoN-22-netvm.patch. Clean and
    *working* patches.

  - Refresh patches.suse/SoN-22-netvm.patch. (bnc#683671)     Fix an rcu locking imbalance in the receive path     triggered when using vlans.

  - Fix mangled patch (invalid date) Although accepted by     `patch`, this is rejected by `git apply`

  - Fix mangled diff lines (leading space tab vs tab)     Although accepted by `patch`, these are rejected by `git     apply`

  - jbd/jbd2: validate sb->s_first in     journal_get_superblock() (bnc#730118).

  - fsnotify: don't BUG in fsnotify_destroy_mark()     (bnc#689860).

  - Fix     patches.fixes/x25-Handle-undersized-fragmented-skbs.patc     h (CVE-2010-3873 bnc#651219).

  - Fix     patches.fixes/x25-Prevent-skb-overreads-when-checking-ca     ll-user-da.patch (CVE-2010-3873 bnc#651219).

  - Fix     patches.fixes/x25-Validate-incoming-call-user-data-lengt     hs.patch (CVE-2010-3873 bnc#651219).

  - Fix     patches.fixes/x25-possible-skb-leak-on-bad-facilities.pa     tch (CVE-2010-3873 bnc#651219 CVE-2010-4164 bnc#653260).

  - Update     patches.fixes/econet-4-byte-infoleak-to-the-network.patc     h (bnc#681186 CVE-2011-1173). Fix reference.

  - hwmon: (w83627ehf) Properly report thermal diode     sensors.

  - nl80211: fix overflow in ssid_len (bnc#703410     CVE-2011-2517).

  - nl80211: fix check for valid SSID size in scan     operations (bnc#703410 CVE-2011-2517).

  - x25: Prevent skb overreads when checking call user data     (CVE-2010-3873 bnc#737624).

  - x25: Handle undersized/fragmented skbs (CVE-2010-3873     bnc#737624).

  - x25: Validate incoming call user data lengths     (CVE-2010-3873 bnc#737624).

  - x25: possible skb leak on bad facilities (CVE-2010-3873     bnc#737624).

  - net: Add a flow_cache_flush_deferred function     (bnc#737624).

  - xfrm: avoid possible oopse in xfrm_alloc_dst     (bnc#737624).

  - scm: lower SCM_MAX_FD (bnc#655696 CVE-2010-4249).

Aristide Fattori and Roberto Paleari reported a flaw in the Linux kernel's handling of IPv4 icmp packets. A remote user could exploit this to cause a denial of service. (CVE-2011-1927)

Vegard Nossum discovered a leak in the kernel's inotify_init() system call. A local, unprivileged user could exploit this to cause a denial of service. (CVE-2010-4250)

An error was discovered in the kernel's handling of CUSE (Character device in Userspace). A local attacker might exploit this flaw to escalate privilege, if access to /dev/cuse has been modified to allow non-root users. (CVE-2010-4650)

A flaw was found in the kernel's Integrity Measurement Architecture (IMA). Changes made by an attacker might not be discovered by IMA, if SELinux was disabled, and a new IMA rule was loaded. (CVE-2011-0006)

A flaw was found in the Linux Ethernet bridge's handling of IGMP (Internet Group Management Protocol) packets. An unprivileged local user could exploit this flaw to crash the system. (CVE-2011-0716)

Dan Rosenberg reported errors in the OSS (Open Sound System) MIDI interface. A local attacker on non-x86 systems might be able to cause a denial of service. (CVE-2011-1476)

Dan Rosenberg reported errors in the kernel's OSS (Open Sound System) driver for Yamaha FM synthesizer chips. A local user can exploit this to cause memory corruption, causing a denial of service or privilege escalation. (CVE-2011-1477)

Dan Rosenberg reported an error in the old ABI compatibility layer of ARM kernels. A local attacker could exploit this flaw to cause a denial of service or gain root privileges. (CVE-2011-1759)

Ben Hutchings reported a flaw in the kernel's handling of corrupt LDM partitions. A local user could exploit this to cause a denial of service or escalate privileges. (CVE-2011-2182)

A flaw was discovered in the Linux kernel's AppArmor security interface when invalid information was written to it. An unprivileged local user could use this to cause a denial of service on the system.
(CVE-2011-3619)

It was discovered that some import kernel threads can be blocked by a user level process. An unprivileged local user could exploit this flaw to cause a denial of service. (CVE-2011-4621)

A flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system. (CVE-2012-0038)

Chen Haogang discovered an integer overflow that could result in memory corruption. A local unprivileged user could use this to crash the system. (CVE-2012-0044)

Aristide Fattori and Roberto Paleari reported a flaw in the Linux kernel's handling of IPv4 icmp packets. A remote user could exploit this to cause a denial of service. (CVE-2011-1927)

A flaw was found in the Linux Ethernet bridge's handling of IGMP (Internet Group Management Protocol) packets. An unprivileged local user could exploit this flaw to crash the system. (CVE-2011-0716)

Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service.
(CVE-2011-3353)

A flaw was discovered in the Linux kernel's AppArmor security interface when invalid information was written to it. An unprivileged local user could use this to cause a denial of service on the system.
(CVE-2011-3619)

A flaw was found in KVM's Programmable Interval Timer (PIT). When a virtual interrupt control is not available a local user could use this to cause a denial of service by starting a timer. (CVE-2011-4622)

A flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system. (CVE-2012-0038)

Chen Haogang discovered an integer overflow that could result in memory corruption. A local unprivileged user could use this to crash the system. (CVE-2012-0044).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Aristide Fattori and Roberto Paleari reported a flaw in the Linux kernel's handling of IPv4 icmp packets. A remote user could exploit this to cause a denial of service. (CVE-2011-1927)

Dan Rosenberg reported an error in the old ABI compatibility layer of ARM kernels. A local attacker could exploit this flaw to cause a denial of service or gain root privileges. (CVE-2011-1759)

Ben Hutchings reported a flaw in the kernel's handling of corrupt LDM partitions. A local user could exploit this to cause a denial of service or escalate privileges. (CVE-2011-2182)

The linux kernel did not properly account for PTE pages when deciding which task to kill in out of memory conditions. A local, unprivileged could exploit this flaw to cause a denial of service. (CVE-2011-2498)

A flaw was discovered in the TOMOYO LSM's handling of mount system calls. An unprivileged user could oops the system causing a denial of service. (CVE-2011-2518)

A flaw was discovered in the Linux kernel's AppArmor security interface when invalid information was written to it. An unprivileged local user could use this to cause a denial of service on the system.
(CVE-2011-3619)

Aristide Fattori and Roberto Paleari reported a flaw in the Linux kernel's handling of IPv4 icmp packets. A remote user could exploit this to cause a denial of service. (CVE-2011-1927)

A flaw was found in the Linux Ethernet bridge's handling of IGMP (Internet Group Management Protocol) packets. An unprivileged local user could exploit this flaw to crash the system. (CVE-2011-0716)

A flaw was discovered in the Linux kernel's AppArmor security interface when invalid information was written to it. An unprivileged local user could use this to cause a denial of service on the system.
(CVE-2011-3619).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. (CVE-2011-1020)

Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-1078)

Vasiliy Kulikov discovered that the Bluetooth stack did not correctly check that device name strings were NULL terminated. A local attacker could exploit this to crash the system, leading to a denial of service, or leak contents of kernel stack memory, leading to a loss of privacy. (CVE-2011-1079)

Vasiliy Kulikov discovered that bridge network filtering did not check that name fields were NULL terminated. A local attacker could exploit this to leak contents of kernel stack memory, leading to a loss of privacy. (CVE-2011-1080)

Johan Hovold discovered that the DCCP network stack did not correctly handle certain packet combinations. A remote attacker could send specially crafted network traffic that would crash the system, leading to a denial of service. (CVE-2011-1093)

Peter Huewe discovered that the TPM device did not correctly initialize memory. A local attacker could exploit this to read kernel heap memory contents, leading to a loss of privacy. (CVE-2011-1160)

Dan Rosenberg discovered that the IRDA subsystem did not correctly check certain field sizes. If a system was using IRDA, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-1180)

Ryan Sweat discovered that the GRO code did not correctly validate memory. In some configurations on systems using VLANs, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1478)

It was discovered that the security fix for CVE-2010-4250 introduced a regression. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-1479)

Dan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. (CVE-2011-1493)

It was discovered that the Stream Control Transmission Protocol (SCTP) implementation incorrectly calculated lengths. If the net.sctp.addip_enable variable was turned on, a remote attacker could send specially crafted traffic to crash the system. (CVE-2011-1573)

Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service.
(CVE-2011-1576)

Timo Warns discovered that the GUID partition parsing routines did not correctly validate certain structures. A local attacker with physical access could plug in a specially crafted block device to crash the system, leading to a denial of service. (CVE-2011-1577)

Phil Oester discovered that the network bonding system did not correctly handle large queues. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1581)

It was discovered that CIFS incorrectly handled authentication. When a user had a CIFS share mounted that required authentication, a local user could mount the same share without knowing the correct password.
(CVE-2011-1585)

It was discovered that the GRE protocol incorrectly handled netns initialization. A remote attacker could send a packet while the ip_gre module was loading, and crash the system, leading to a denial of service. (CVE-2011-1767)

It was discovered that the IP/IP protocol incorrectly handled netns initialization. A remote attacker could send a packet while the ipip module was loading, and crash the system, leading to a denial of service. (CVE-2011-1768)

Ben Greear discovered that CIFS did not correctly handle direct I/O. A local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service. (CVE-2011-1771)

Timo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. (CVE-2011-1776)

Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. (CVE-2011-1833)

Ben Hutchings reported a flaw in the kernel's handling of corrupt LDM partitions. A local user could exploit this to cause a denial of service or escalate privileges. (CVE-2011-2182)

Dan Rosenberg discovered that the IPv4 diagnostic routines did not correctly validate certain requests. A local attacker could exploit this to consume CPU resources, leading to a denial of service.
(CVE-2011-2213)

It was discovered that an mmap() call with the MAP_PRIVATE flag on '/dev/zero' was incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service.
(CVE-2011-2479)

Vasiliy Kulikov discovered that taskstats listeners were not correctly handled. A local attacker could exploit this to exhaust memory and CPU resources, leading to a denial of service. (CVE-2011-2484)

It was discovered that Bluetooth l2cap and rfcomm did not correctly initialize structures. A local attacker could exploit this to read portions of the kernel stack, leading to a loss of privacy.
(CVE-2011-2492)

Sami Liedes discovered that ext4 did not correctly handle missing root inodes. A local attacker could trigger the mount of a specially crafted filesystem to cause the system to crash, leading to a denial of service. (CVE-2011-2493)

Robert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2496)

Dan Rosenberg discovered that the Bluetooth stack incorrectly handled certain L2CAP requests. If a system was using Bluetooth, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-2497)

Ben Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2525)

It was discovered that GFS2 did not correctly check block sizes. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2689)

It was discovered that the EXT4 filesystem contained multiple off-by-one flaws. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2695)

Fernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service.
(CVE-2011-2699)

Mauro Carvalho Chehab discovered that the si4713 radio driver did not correctly check the length of memory copies. If this hardware was available, a local attacker could exploit this to crash the system or gain root privileges. (CVE-2011-2700)

Herbert Xu discovered that certain fields were incorrectly handled when Generic Receive Offload (CVE-2011-2723)

The performance counter subsystem did not correctly handle certain counters. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2918)

Time Warns discovered that long symlinks were incorrectly handled on Be filesystems. A local attacker could exploit this with a malformed Be filesystem and crash the system, leading to a denial of service.
(CVE-2011-2928)

Qianfeng Zhang discovered that the bridge networking interface incorrectly handled certain network packets. A remote attacker could exploit this to crash the system, leading to a denial of service.
(CVE-2011-2942)

Dan Kaminsky discovered that the kernel incorrectly handled random sequence number generation. An attacker could use this flaw to possibly predict sequence numbers and inject packets. (CVE-2011-3188)

Darren Lavender discovered that the CIFS client incorrectly handled certain large values. A remote attacker with a malicious server could exploit this to crash the system or possibly execute arbitrary code as the root user. (CVE-2011-3191)

Yasuaki Ishimatsu discovered a flaw in the kernel's clock implementation. A local unprivileged attacker could exploit this causing a denial of service. (CVE-2011-3209)

Yogesh Sharma discovered that CIFS did not correctly handle UNCs that had no prefixpaths. A local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service. (CVE-2011-3363)

A flaw was discovered in the Linux kernel's AppArmor security interface when invalid information was written to it. An unprivileged local user could use this to cause a denial of service on the system.
(CVE-2011-3619)

A flaw was found in the Linux kernel's /proc/*/*map* interface. A local, unprivileged user could exploit this flaw to cause a denial of service. (CVE-2011-3637)

Scot Doyle discovered that the bridge networking interface incorrectly handled certain network packets. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-4087)

A bug was found in the way headroom check was performed in udp6_ufo_fragment() function. A remote attacker could use this flaw to crash the system. (CVE-2011-4326)

Ben Hutchings discovered several flaws in the Linux Rose (X.25 PLP) layer. A local user or a remote user on an X.25 network could exploit these flaws to execute arbitrary code as root. (CVE-2011-4914).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Timo Warns discovered that the GUID partition parsing routines did not correctly validate certain structures. A local attacker with physical access could plug in a specially crafted block device to crash the system, leading to a denial of service. (CVE-2011-1577)

Phil Oester discovered that the network bonding system did not correctly handle large queues. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1581)

Ben Hutchings reported a flaw in the kernel's handling of corrupt LDM partitions. A local user could exploit this to cause a denial of service or escalate privileges. (CVE-2011-2182)

Vasiliy Kulikov discovered that taskstats listeners were not correctly handled. A local attacker could exploit this to exhaust memory and CPU resources, leading to a denial of service. (CVE-2011-2484)

Sami Liedes discovered that ext4 did not correctly handle missing root inodes. A local attacker could trigger the mount of a specially crafted filesystem to cause the system to crash, leading to a denial of service. (CVE-2011-2493)

A flaw was discovered in the Linux kernel's AppArmor security interface when invalid information was written to it. An unprivileged local user could use this to cause a denial of service on the system.
(CVE-2011-3619)

Scot Doyle discovered that the bridge networking interface incorrectly handled certain network packets. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-4087)

A bug was found in the way headroom check was performed in udp6_ufo_fragment() function. A remote attacker could use this flaw to crash the system. (CVE-2011-4326).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
74801	openSUSE Security Update : kernel (openSUSE-SU-2012:1439-1)	Nessus	SuSE Local Security Checks	critical
74658	openSUSE Security Update : Kernel (openSUSE-SU-2012:0799-1)	Nessus	SuSE Local Security Checks	critical
58289	USN-1394-1 : Linux kernel (OMAP4) vulnerabilities	Nessus	Ubuntu Local Security Checks	high
58268	Ubuntu 10.04 LTS : linux-lts-backport-maverick vulnerabilities (USN-1387-1)	Nessus	Ubuntu Local Security Checks	high
58264	USN-1383-1 : linux-ti-omap4 vulnerabilities	Nessus	Ubuntu Local Security Checks	high
58169	Ubuntu 10.10 : linux vulnerabilities (USN-1379-1)	Nessus	Ubuntu Local Security Checks	medium
56768	Ubuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1256-1)	Nessus	Ubuntu Local Security Checks	critical
55923	Ubuntu 11.04 : linux vulnerabilities (USN-1193-1)	Nessus	Ubuntu Local Security Checks	high

CVE-2011-3619

medium

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

Vulnerable Software

Configuration 1

Tenable Plugins

critical

critical

high

high

high

medium

critical

high