http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=26c191788f18129af0eb32a358cdaea0c7479626

HPSBGN02970

RHSA-2012:0743

USN-1529-1

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5

[oss-security] 20120518 Re: CVE Request -- kernel: mm: read_pmd_atomic: 32bit PAE pmd walk vs pmd_populate SMP race condition

https://bugzilla.redhat.com/show_bug.cgi?id=822821

https://github.com/torvalds/linux/commit/26c191788f18129af0eb32a358cdaea0c7479626

The remote OracleVM system is missing necessary patches to address critical security updates :

  - Fix bug number for commit 'cciss: Update HPSA_BOUNDARY'     (Joe Jin) [Orabug: 14681166]

  - cciss: Update HPSA_BOUNDARY. (Joe Jin) [Orabug:
    14319765]

  - KVM: introduce kvm_for_each_memslot macro (Maxim Uvarov)     [Bugdb: 13966]

  - dl2k: Clean up rio_ioctl (Jeff Mahoney) [Orabug:
    14126896] (CVE-2012-2313)

  - NFSv4: include bitmap in nfsv4 get acl data (Andy     Adamson) (CVE-2011-4131)

  - KVM: Fix buffer overflow in kvm_set_irq (Avi Kivity)     [Bugdb: 13966] (CVE-2012-2137)

  - net: sock: validate data_len before allocating skb in     sock_alloc_send_pskb (Jason Wang) [Bugdb: 13966]     (CVE-2012-2136)

  - mm: pmd_read_atomic: fix 32bit PAE pmd walk vs     pmd_populate SMP race condition (Andrea Arcangeli)     [Bugdb: 13966] (CVE-2012-2373)

  - KVM: lock slots_lock around device assignment (Alex     Williamson) [Bugdb: 13966] (CVE-2012-2121)

  - KVM: unmap pages from the iommu when slots are removed     (Maxim Uvarov) [Bugdb: 13966] (CVE-2012-2121)

  - fcaps: clear the same personality flags as suid when     fcaps are used (Eric Paris) [Bugdb: 13966]     (CVE-2012-2123)

  - tilegx: enable SYSCALL_WRAPPERS support (Chris Metcalf)     (CVE-2009-0029)

  - drm/i915: fix integer overflow in i915_gem_do_execbuffer     (Xi Wang) [Orabug: 14107456] (CVE-2012-2384)

  - drm/i915: fix integer overflow in i915_gem_execbuffer2     (Xi Wang) [Orabug: 14107445] (CVE-2012-2383)

  - [dm] do not forward ioctls from logical volumes to the     underlying device (Joe Jin) (CVE-2011-4127)

  - [block] fail SCSI passthrough ioctls on partition     devices (Joe Jin) (CVE-2011-4127)

  - [block] add and use scsi_blk_cmd_ioctl (Joe Jin)     [Orabug: 14056755] (CVE-2011-4127)

  - KVM: Ensure all vcpus are consistent with in-kernel     irqchip settings (Avi Kivity) [Bugdb: 13871]     (CVE-2012-1601)

  - regset: Return -EFAULT, not -EIO, on host-side memory     fault (H. Peter Anvin) (CVE-2012-1097)

  - regset: Prevent null pointer reference on readonly     regsets (H. Peter Anvin) (CVE-2012-1097)

  - cifs: fix dentry refcount leak when opening a FIFO on     lookup (Jeff Layton) (CVE-2012-1090)

  - mm: thp: fix pmd_bad triggering in code paths holding     mmap_sem read mode (Andrea Arcangeli) (CVE-2012-1179)

  - ext4: fix undefined behavior in ext4_fill_flex_info (Xi     Wang) (CVE-2009-4307)

  - ocfs2: clear unaligned io flag when dio fails (Junxiao     Bi) [Orabug: 14063941]

  - aio: make kiocb->private NUll in init_sync_kiocb     (Junxiao Bi) [Orabug: 14063941]

  - igb: Fix for Alt MAC Address feature on 82580 and later     devices (Carolyn Wyborny) [Orabug: 14258706]

  - igb: Alternate MAC Address Updates for Func2&3 (Akeem G.
    Abodunrin) [Orabug: 14258706]

  - igb: Alternate MAC Address EEPROM Updates (Akeem G.
    Abodunrin) [Orabug: 14258706]

  - cciss: only enable cciss_allow_hpsa when for ol5 (Joe     Jin) [Orabug: 14106006]

  - Revert 'cciss: remove controllers supported by hpsa'     (Joe Jin) [Orabug: 14106006]

  - [scsi] hpsa: add all support devices for ol5 (Joe Jin)     [Orabug: 14106006]

  - Disable VLAN 0 tagging for none VLAN traffic (Adnan     Misherfi) [Orabug: 14406424]

  - x86: Add Xen kexec control code size check to linker     script (Daniel Kiper)

  - drivers/xen: Export vmcoreinfo through sysfs (Daniel     Kiper)

  - x86/xen/enlighten: Add init and crash kexec/kdump hooks     (Maxim Uvarov)

  - x86/xen: Add kexec/kdump makefile rules (Daniel Kiper)

  - x86/xen: Add x86_64 kexec/kdump implementation (Daniel     Kiper)

  - x86/xen: Add placeholder for i386 kexec/kdump     implementation (Daniel Kiper)

  - x86/xen: Register resources required by kexec-tools     (Daniel Kiper)

  - x86/xen: Introduce architecture dependent data for     kexec/kdump (Daniel Kiper)

  - xen: Introduce architecture independent data for     kexec/kdump (Daniel Kiper)

  - x86/kexec: Add extra pointers to transition page table     PGD, PUD, PMD and PTE (Daniel Kiper)

  - kexec: introduce kexec_ops struct (Daniel Kiper)

  - SPEC: replace DEFAULTKERNEL from kernel-ovs to     kernel-uek

This kernel update of the openSUSE 12.1 kernel brings various bug and security fixes.

Following issues were fixed :

  - tcp: drop SYN+FIN messages (bnc#765102, CVE-2012-2663).

  - net: sock: validate data_len before allocating skb in     sock_alloc_send_pskb() (bnc#765320, CVE-2012-2136).

  - thp: avoid atomic64_read in pmd_read_atomic for 32bit     PAE (bnc#762991).

  - be2net: non-member vlan pkts not received in promiscous     mode (bnc#732006 CVE-2011-3347).

  - fcaps: clear the same personality flags as suid when     fcaps are used (bnc#758260 CVE-2012-2123).

  - macvtap: zerocopy: validate vectors before building skb     (bnc#758243 CVE-2012-2119).

  - macvtap: zerocopy: set SKBTX_DEV_ZEROCOPY only when skb     is built successfully (bnc#758243 CVE-2012-2119).

  - macvtap: zerocopy: put page when fail to get all     requested user pages (bnc#758243 CVE-2012-2119).

  - macvtap: zerocopy: fix offset calculation when building     skb (bnc#758243 CVE-2012-2119).

  - Avoid reading past buffer when calling GETACL     (bnc#762992).

  - Avoid beyond bounds copy while caching ACL (bnc#762992).

  - Fix length of buffer copied in __nfs4_get_acl_uncached     (bnc#762992).

  - hfsplus: Fix potential buffer overflows (bnc#760902     CVE-2009-4020).

  - usb/net: rndis: merge command codes. only net/hyperv     part

  - usb/net: rndis: remove ambiguous status codes. only     net/hyperv part

  - usb/net: rndis: break out <linux/rndis.h> defines. only     net/hyperv part

  - net/hyperv: Add flow control based on hi/low watermark.

  - hv: fix return type of hv_post_message().

  - Drivers: hv: util: Properly handle version negotiations.

  - Drivers: hv: Get rid of an unnecessary check in     vmbus_prep_negotiate_resp().

  - HID: hyperv: Set the hid drvdata correctly.

  - HID: hid-hyperv: Do not use hid_parse_report() directly.

  - [SCSI] storvsc: Properly handle errors from the host     (bnc#747404).

  - Delete patches.suse/suse-hv-storvsc-ignore-ata_16.patch.

  - patches.suse/suse-hv-pata_piix-ignore-disks.patch     replace our version of this patch with upstream variant:
    ata_piix: defer disks to the Hyper-V drivers by default     libata: add a host flag to ignore detected ATA devices.

  - mm: pmd_read_atomic: fix 32bit PAE pmd walk vs     pmd_populate SMP race condition (bnc#762991     CVE-2012-2373).

  - xfrm: take net hdr len into account for esp payload size     calculation (bnc#759545).

  - net/hyperv: Adding cancellation to ensure rndis filter     is closed.

  - xfs: Fix oops on IO error during     xlog_recover_process_iunlinks() (bnc#761681).

  - thp: reduce khugepaged freezing latency (bnc#760860).

  - igb: fix rtnl race in PM resume path (bnc#748859).

  - ixgbe: add missing rtnl_lock in PM resume path     (bnc#748859).

  - cdc_ether: Ignore bogus union descriptor for RNDIS     devices (bnc#735362). Taking the fix from net-next

  - Fix kABI breakage due to including proc_fs.h in     kernel/fork.c modversion changed because of changes in     struct proc_dir_entry (became defined) Refresh     patches.fixes/procfs-namespace-pid_ns-fix-leakage-on-for     k-failure.

  - Disabled MMC_TEST (bnc#760077).

  - Input: ALPS - add semi-MT support for v3 protocol     (bnc#716996).

  - Input: ALPS - add support for protocol versions 3 and 4     (bnc#716996).

  - Input: ALPS - remove assumptions about packet size     (bnc#716996).

  - Input: ALPS - add protocol version field in     alps_model_info (bnc#716996).

  - Input: ALPS - move protocol information to Documentation     (bnc#716996).

  - sysctl/defaults: kernel.hung_task_timeout ->     kernel.hung_task_timeout_secs (bnc#700174)

  - btrfs: partial revert of truncation improvements     (FATE#306586 bnc#748463 bnc#760279).

  - libata: skip old error history when counting probe     trials.

  - procfs, namespace, pid_ns: fix leakage upon fork()     failure (bnc#757783).

  - cdc-wdm: fix race leading leading to memory corruption     (bnc#759554). This patch fixes a race whereby a pointer     to a buffer would be overwritten while the buffer was in     use leading to a double free and a memory leak. This     causes crashes. This bug was introduced in 2.6.34

  - netfront: delay gARP until backend switches to     Connected.

  - xenbus: Reject replies with payload >     XENSTORE_PAYLOAD_MAX.

  - xenbus: check availability of XS_RESET_WATCHES command.

  - xenbus_dev: add missing error checks to watch handling.

  - drivers/xen/: use strlcpy() instead of strncpy().

  - blkfront: properly fail packet requests (bnc#745929).

  - Linux 3.1.10.

  - Update Xen config files.

  - Refresh other Xen patches.

  - tlan: add cast needed for proper 64 bit operation     (bnc#756840).

  - dl2k: Tighten ioctl permissions (bnc#758813).

  - mqueue: fix a vfsmount longterm reference leak     (bnc#757783).

  - cciss: Add IRQF_SHARED back in for the non-MSI(X)     interrupt handler (bnc#757789).

  - procfs: fix a vfsmount longterm reference leak     (bnc#757783).

  - uwb: fix error handling (bnc#731720). This fixes a     kernel error on unplugging an uwb dongle

  - uwb: fix use of del_timer_sync() in interrupt     (bnc#731720). This fixes a kernel warning on plugging in     an uwb dongle

  - acer-wmi: Detect communication hot key number.

  - acer-wmi: replaced the hard coded bitmap by the     communication devices bitmap from SMBIOS.

  - acer-wmi: add ACER_WMID_v2 interface flag to represent     new notebooks.

  - acer-wmi: No wifi rfkill on Sony machines.

  - acer-wmi: No wifi rfkill on Lenovo machines.

  - [media] cx22702: Fix signal strength.

  - fs: cachefiles: Add support for large files in     filesystem caching (bnc#747038).

  - Drivers: scsi: storvsc: Account for in-transit packets     in the RESET path.

  - CPU hotplug, cpusets, suspend: Don't touch cpusets     during suspend/resume (bnc#752460).

  - net: fix a potential rcu_read_lock() imbalance in     rt6_fill_node() (bnc#754186, bnc#736268).

  - This commit fixes suspend to ram breakage reported in     bnc#764864. Remove dud patch. The problem it addressed     is being respun upstream, is in tip, but not yet     mainlined. See bnc#752460 for details regarding the     problem the now removed patch fixed while breaking S2R.
    Delete     patches.fixes/cpusets-Dont-touch-cpusets-during-suspend-     or-resume.patch.

  - Remove dud patch. The problem it addressed is being     respun upstream, is in tip, but not yet mainlined.
    Delete     patches.fixes/cpusets-Dont-touch-cpusets-during-suspend-     or-resume.patch.

  - fix VM_FOREIGN users after c/s 878:eba6fe6d8d53     (bnc#760974).

  - gntdev: fix multi-page slot allocation (bnc#760974).

  - mm: pmd_read_atomic: fix 32bit PAE pmd walk vs     pmd_populateSMP race condition (bnc#762991     CVE-2012-2373).

  - thp: avoid atomic64_read in pmd_read_atomic for 32bit     PAE (bnc#762991).

  - sym53c8xx: Fix NULL pointer dereference in slave_destroy     (bnc#767786).

  - sky2: fix regression on Yukon Optima (bnc#731537).

Description of changes:

* CVE-2012-2123: Privilege escalation when assigning permissions using fcaps.

If a process increases permissions using fcaps, all of the dangerous personality flags which are cleared for suid apps are not cleared. This has allowed programs that gained elevated permissions using fcaps to disable the address space randomization of other processes.


* CVE-2012-2121: Memory leak in KVM device assignment.

KVM uses memory slots to track and map guest regions of memory.  When device assignment is used, the pages backing these slots are pinned in memory and mapped into the iommu.  The problem is that when a memory slot is destroyed the pages for the associated memory slot are neither unpinned nor unmapped from the iommu.


* Memory corruption in KVM device assignment slot handling.

A race condition in the KVM device assignment slot handling caused by missing locks around the unmapping of memory slots could cause a memory corruption.


* CVE-2012-2136: Privilege escalation in TUN/TAP virtual device.

The length of packet fragments to be sent wasn't validated before use, leading to heap overflow. A user having access to TUN/TAP virtual device could use this flaw to crash the system or to potentially escalate their privileges.


* CVE-2012-2137: Buffer overflow in KVM MSI routing entry handler.

A buffer overflow flaw was found in the setup_routing_entry() function in the KVM subsystem of the Linux kernel in the way the Message Signaled Interrupts (MSI) routing entry was handled. A local, unprivileged user could use this flaw to cause a denial of service or, possibly, escalate their privileges.


* CVE-2012-1179 and CVE-2012-2373: Hugepage denial of service.

CVE-2012-1179: Denial of service in page mapping of the hugepage subsystem.

In some cases, the hugepage subsystem would allocate new PMDs when not expected by the memory management subsystem. A privileged user in the KVM guest can use this flaw to crash the host, an unprivileged local user could use this flaw to crash the system.

CVE-2012-2373: Denial of service in PAE page tables.

On a PAE system, a non-atomic load could be corrupted by a page fault resulting in a kernel crash, triggerable by an unprivileged user.


* Regression in handling of bind() with AF_UNSPEC family sockets.

Legacy applications used to bind() with AF_UNSPEC instead of AF_INET. Allow them to continue doing so, but verify that the address is indeed INADDR_ANY.


[2.6.39-100.10.1.el6uek]
- thp: avoid atomic64_read in pmd_read_atomic for 32bit PAE (Andrea Arcangeli)    [Orabug: 14217003]

[2.6.39-100.9.1.el6uek]
- mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP race    condition (Andrea Arcangeli) [Bugdb: 13966] {CVE-2012-2373}
- mm: thp: fix pmd_bad() triggering in code paths holding mmap_sem read mode    (Andrea Arcangeli)  {CVE-2012-1179}
- KVM: Fix buffer overflow in kvm_set_irq() (Avi Kivity) [Bugdb: 13966]    {CVE-2012-2137}
- net: sock: validate data_len before allocating skb in sock_alloc_send_pskb()    (Jason Wang) [Bugdb: 13966] {CVE-2012-2136}
- KVM: lock slots_lock around device assignment (Alex Williamson) [Bugdb:
   13966] {CVE-2012-2121}
- KVM: unmap pages from the iommu when slots are removed (Alex Williamson)    [Bugdb: 13966] {CVE-2012-2121}
- KVM: introduce kvm_for_each_memslot macro (Xiao Guangrong) [Bugdb: 13966]
- fcaps: clear the same personality flags as suid when fcaps are used (Eric    Paris) [Bugdb: 13966] {CVE-2012-2123}

[2.6.39-100.8.1.el6uek]
- net: ipv4: relax AF_INET check in bind() (Eric Dumazet) [Orabug: 14054411]

Description of changes:

* CVE-2012-2123: Privilege escalation when assigning permissions using fcaps.

If a process increases permissions using fcaps, all of the dangerous personality flags which are cleared for suid apps are not cleared. This has allowed programs that gained elevated permissions using fcaps to disable the address space randomization of other processes.


* CVE-2012-2121: Memory leak in KVM device assignment.

KVM uses memory slots to track and map guest regions of memory.  When device assignment is used, the pages backing these slots are pinned in memory and mapped into the iommu.  The problem is that when a memory slot is destroyed the pages for the associated memory slot are neither unpinned nor unmapped from the iommu.


* Memory corruption in KVM device assignment slot handling.

A race condition in the KVM device assignment slot handling caused by missing locks around the unmapping of memory slots could cause a memory corruption.


* CVE-2012-2136: Privilege escalation in TUN/TAP virtual device.

The length of packet fragments to be sent wasn't validated before use, leading to heap overflow. A user having access to TUN/TAP virtual device could use this flaw to crash the system or to potentially escalate their privileges.


* CVE-2012-2137: Buffer overflow in KVM MSI routing entry handler.

A buffer overflow flaw was found in the setup_routing_entry() function in the KVM subsystem of the Linux kernel in the way the Message Signaled Interrupts (MSI) routing entry was handled. A local, unprivileged user could use this flaw to cause a denial of service or, possibly, escalate their privileges.


* CVE-2012-1179 and CVE-2012-2373: Hugepage denial of service.

CVE-2012-1179: Denial of service in page mapping of the hugepage subsystem.

In some cases, the hugepage subsystem would allocate new PMDs when not expected by the memory management subsystem. A privileged user in the KVM guest can use this flaw to crash the host, an unprivileged local user could use this flaw to crash the system.

CVE-2012-2373: Denial of service in PAE page tables.

On a PAE system, a non-atomic load could be corrupted by a page fault resulting in a kernel crash, triggerable by an unprivileged user.


* Regression in handling of bind() with AF_UNSPEC family sockets.

Legacy applications used to bind() with AF_UNSPEC instead of AF_INET. Allow them to continue doing so, but verify that the address is indeed INADDR_ANY.

kernel-uek:

[2.6.32-300.27.1.el6uek]
- net: sock: validate data_len before allocating skb (Jason Wang) [Bugdb: 13966]{CVE-2012-2136}
- fcaps: clear the same personality flags as suid when fcaps are used (Eric Paris) [Bugdb: 13966] {CVE-2012-2123}
- Revert 'nfs: when attempting to open a directory, fall back on normal lookup (Todd Vierling) [Orabug 14141154]

[2.6.32-300.26.1.el6uek]
- mptsas: do not call __mptsas_probe in kthread (Maxim Uvarov) [Orabug:
   14175509]
- mm: check if any page in a pageblock is reserved before marking it    MIGRATE_RESERVE (Maxim Uvarov) [Orabug: 14073214]
- mm: reduce the amount of work done when updating min_free_kbytes (Mel Gorman)    [Orabug: 14073214]
- vmxnet3: Updated to el6-u2 (Guangyu Sun) [Orabug: 14027961]
- xen: expose host uuid via sysfs. (Zhigang Wang)
- sched: Fix cgroup movement of waking process (Daisuke Nishimura) [Orabug:
   13946210]
- sched: Fix cgroup movement of newly created process (Daisuke Nishimura)    [Orabug: 13946210]
- sched: Fix cgroup movement of forking process (Daisuke Nishimura) [Orabug:
   13946210]
- x86, boot: Wait for boot cpu to show up if nr_cpus limit is about to hit    (Zhenzhong Duan) [Orabug: 13629087]
- smp: Use nr_cpus= to set nr_cpu_ids early (Zhenzhong Duan) [Orabug: 13629087]
- net: ipv4: relax AF_INET check in bind() (Maxim Uvarov) [Orabug: 14054411]

ofa-2.6.32-300.27.1.el6uek:

[1.5.1-4.0.58]
- Add Patch 158-169

From Red Hat Security Advisory 2012:0743 :

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

This update fixes the following security issues :

* A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. (CVE-2012-0044, Important)

* A buffer overflow flaw was found in the macvtap device driver, used for creating a bridged network between the guest and the host in KVM (Kernel-based Virtual Machine) environments. A privileged guest user in a KVM guest could use this flaw to crash the host. Note: This issue only affected hosts that have the vhost_net module loaded with the experimental_zcopytx module option enabled (it is not enabled by default), and that also have macvtap configured for at least one guest. (CVE-2012-2119, Important)

* When a set user ID (setuid) application is executed, certain personality flags for controlling the application's behavior are cleared (that is, a privileged application will not be affected by those flags). It was found that those flags were not cleared if the application was made privileged via file system capabilities. A local, unprivileged user could use this flaw to change the behavior of such applications, allowing them to bypass intended restrictions. Note that for default installations, no application shipped by Red Hat for Red Hat Enterprise Linux is made privileged via file system capabilities.
(CVE-2012-2123, Important)

* It was found that the data_len parameter of the sock_alloc_send_pskb() function in the Linux kernel's networking implementation was not validated before use. A privileged guest user in a KVM guest could use this flaw to crash the host or, possibly, escalate their privileges on the host. (CVE-2012-2136, Important)

* A buffer overflow flaw was found in the setup_routing_entry() function in the KVM subsystem of the Linux kernel in the way the Message Signaled Interrupts (MSI) routing entry was handled. A local, unprivileged user could use this flaw to cause a denial of service or, possibly, escalate their privileges. (CVE-2012-2137, Important)

* A race condition was found in the Linux kernel's memory management subsystem in the way pmd_none_or_clear_bad(), when called with mmap_sem in read mode, and Transparent Huge Pages (THP) page faults interacted. A privileged user in a KVM guest with the ballooning functionality enabled could potentially use this flaw to crash the host. A local, unprivileged user could use this flaw to crash the system. (CVE-2012-1179, Moderate)

* A flaw was found in the way device memory was handled during guest device removal. Upon successful device removal, memory used by the device was not properly unmapped from the corresponding IOMMU or properly released from the kernel, leading to a memory leak. A malicious user on a KVM host who has the ability to assign a device to a guest could use this flaw to crash the host. (CVE-2012-2121, Moderate)

* A flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-2372, Moderate)

* A race condition was found in the Linux kernel's memory management subsystem in the way pmd_populate() and pte_offset_map_lock() interacted on 32-bit x86 systems with more than 4GB of RAM. A local, unprivileged user could use this flaw to cause a denial of service.
(CVE-2012-2373, Moderate)

Red Hat would like to thank Chen Haogang for reporting CVE-2012-0044.

This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section.

Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect.

The SUSE Linux Enterprise 11 SP2 kernel was updated to 3.0.34, fixing a lot of bugs and security issues.

The update from Linux kernel 3.0.31 to 3.0.34 also fixes various bugs not listed here.

The following security issues have been fixed :

  - Local attackers could trigger an overflow in     sock_alloc_send_pksb(), potentially crashing the machine     or escalate privileges. (CVE-2012-2136)

  - A memory leak in transparent hugepages on mmap failure     could be used by local attacker to run the machine out     of memory (local denial of service). (CVE-2012-2390)

  - A malicious guest driver could overflow the host stack     by passing a long descriptor, so potentially crashing     the host system or escalating privileges on the host.
    (CVE-2012-2119)

  - Malicious NFS server could crash the clients when more     than 2 GETATTR bitmap words are returned in response to     the FATTR4_ACL attribute requests, only incompletely     fixed by CVE-2011-4131. (CVE-2012-2375)

The following non-security bugs have been fixed :

Hyper-V :

  - storvsc: Properly handle errors from the host.
    (bnc#747404)

  - HID: hid-hyperv: Do not use hid_parse_report() directly.

  - HID: hyperv: Set the hid drvdata correctly.

  - drivers/hv: Get rid of an unnecessary check in     vmbus_prep_negotiate_resp().

  - drivers/hv: util: Properly handle version negotiations.

  - hv: fix return type of hv_post_message().

  - net/hyperv: Add flow control based on hi/low watermark.

  - usb/net: rndis: break out <1/rndis.h> defines. only     net/hyperv part

  - usb/net: rndis: remove ambiguous status codes. only     net/hyperv part

  - usb/net: rndis: merge command codes. only net/hyperv     part

  - net/hyperv: Adding cancellation to ensure rndis filter     is closed.

  - update hv drivers to 3.4-rc1, requires new hv_kvp_daemon :

  - drivers: hv: kvp: Add/cleanup connector defines.

  - drivers: hv: kvp: Move the contents of hv_kvp.h to     hyperv.h.

  - net/hyperv: Convert camel cased variables in     rndis_filter.c to lower cases.

  - net/hyperv: Correct the assignment in     netvsc_recv_callback().

  - net/hyperv: Remove the unnecessary memset in     rndis_filter_send().

  - drivers: hv: Cleanup the kvp related state in hyperv.h.

  - tools: hv: Use hyperv.h to get the KVP definitions.

  - drivers: hv: kvp: Cleanup the kernel/user protocol.

  - drivers: hv: Increase the number of VCPUs supported in     the guest.

  - net/hyperv: Fix data corruption in     rndis_filter_receive().

  - net/hyperv: Add support for vlan trunking from guests.

  - Drivers: hv: Add new message types to enhance KVP.

  - Drivers: hv: Support the newly introduced KVP messages     in the driver.

  - Tools: hv: Fully support the new KVP verbs in the user     level daemon.

  - Tools: hv: Support enumeration from all the pools.

  - net/hyperv: Fix the code handling tx busy.

  - patches.suse/suse-hv-pata_piix-ignore-disks.patch     replace our version of this patch with upstream variant:
    ata_piix: defer disks to the Hyper-V drivers by default     libata: add a host flag to ignore detected ATA devices.

Btrfs :

  - btrfs: more module message prefixes.

  - vfs: re-implement writeback_inodes_sb(_nr)_if_idle() and     rename them

  - btrfs: flush all the dirty pages if     try_to_writeback_inodes_sb_nr() fails

  - vfs: re-implement writeback_inodes_sb(_nr)_if_idle() and     rename them

  - btrfs: fix locking in btrfs_destroy_delayed_refs

  - btrfs: wake up transaction waiters when aborting a     transaction

  - btrfs: abort the transaction if the commit fails

  - btrfs: fix btrfs_destroy_marked_extents

  - btrfs: unlock everything properly in the error case for     nocow

  - btrfs: fix return code in drop_objectid_items

  - btrfs: check to see if the inode is in the log before     fsyncing

  - btrfs: pass locked_page into     extent_clear_unlock_delalloc if theres an error

  - btrfs: check the return code of btrfs_save_ino_cache

  - btrfs: do not update atime for RO snapshots     (FATE#306586).

  - btrfs: convert the inode bit field to use the actual bit     operations

  - btrfs: fix deadlock when the process of delayed refs     fails

  - btrfs: stop defrag the files automatically when doin     readonly remount or umount

  - btrfs: avoid memory leak of extent state in error     handling routine

  - btrfs: make sure that we have made everything in pinned     tree clean

  - btrfs: destroy the items of the delayed inodes in error     handling routine

  - btrfs: ulist realloc bugfix

  - btrfs: bugfix in btrfs_find_parent_nodes

  - btrfs: bugfix: ignore the wrong key for indirect tree     block backrefs

  - btrfs: avoid buffer overrun in btrfs_printk

  - btrfs: fall back to non-inline if we do not have enough     space

  - btrfs: NUL-terminate path buffer in DEV_INFO ioctl     result

  - btrfs: avoid buffer overrun in mount option handling

  - btrfs: do not do balance in readonly mode

  - btrfs: fix the same inode id problem when doing auto     defragment

  - btrfs: fix wrong error returned by adding a device

  - btrfs: use fastpath in extent state ops as much as     possible Misc :

  - tcp: drop SYN+FIN messages. (bnc#765102)

  - mm: avoid swapping out with swappiness==0 (swappiness).

  - thp: avoid atomic64_read in pmd_read_atomic for 32bit     PAE. (bnc#762991)

  - paravirt: Split paravirt MMU ops (bnc#556135,     bnc#754690, FATE#306453).

  - paravirt: Only export pv_mmu_ops symbol if PARAVIRT_MMU

  - parvirt: Stub support KABI for KVM_MMU (bnc#556135,     bnc#754690, FATE#306453).

  - tmpfs: implement NUMA node interleaving. (bnc#764209)

  - synaptics-hp-clickpad: Fix the detection of LED on the     recent HP laptops. (bnc#765524)

  - supported.conf: mark xt_AUDIT as supported. (bnc#765253)

  - mm: pmd_read_atomic: fix 32bit PAE pmd walk vs     pmd_populate SMP race condition. (bnc#762991 /     CVE-2012-2373)

  - xhci: Do not free endpoints in xhci_mem_cleanup().
    (bnc#763307)

  - xhci: Fix invalid loop check in xhci_free_tt_info().
    (bnc#763307)

  - drm: Skip too big EDID extensions. (bnc#764900)

  - drm/i915: Add HP EliteBook to LVDS-temporary-disable     list. (bnc#763717)

  - hwmon: (fam15h_power) Increase output resolution.
    (bnc#759336)

  - hwmon: (k10temp) Add support for AMD Trinity CPUs.
    (bnc#759336)

  - rpm/kernel-binary.spec.in: Own the right -kdump initrd.
    (bnc#764500)

  - memcg: prevent from OOM with too many dirty pages.

  - dasd: re-prioritize partition detection message     (bnc#764091,LTC#81617).

  - kernel: pfault task state race (bnc#764091,LTC#81724).

  - kernel: clear page table for sw large page emulation     (bnc#764091,LTC#81933).

  - USB: fix bug of device descriptor got from superspeed     device. (bnc#761087)

  - xfrm: take net hdr len into account for esp payload size     calculation. (bnc#759545)

  - st: clean up dev cleanup in st_probe. (bnc#760806)

  - st: clean up device file creation and removal.
    (bnc#760806)

  - st: get rid of scsi_tapes array. (bnc#760806)

  - st: raise device limit. (bnc#760806)

  - st: Use static class attributes. (bnc#760806)

  - mm: Optimize put_mems_allowed() usage (VM performance).

  - cifs: fix oops while traversing open file list (try #4).
    (bnc#756050)

  - scsi: Fix dm-multipath starvation when scsi host is     busy. (bnc#763485)

  - dasd: process all requests in the device tasklet.
    (bnc#763267)

  - rt2x00:Add RT539b chipset support. (bnc#760237)

  - kabi/severities: Ignore changes in     drivers/net/wireless/rt2x00, these are just exports used     among the rt2x00 modules.

  - rt2800: radio 3xxx: reprogram only lower bits of RF_R3.
    (bnc#759805)

  - rt2800: radio 3xxx: program RF_R1 during channel switch.
    (bnc#759805)

  - rt2800: radio 3xxxx: channel switch RX/TX calibration     fixes. (bnc#759805)

  - rt2x00: Avoid unnecessary uncached. (bnc#759805)

  - rt2x00: Introduce sta_add/remove callbacks. (bnc#759805)

  - rt2x00: Add WCID to crypto struct. (bnc#759805)

  - rt2x00: Add WCID to HT TX descriptor. (bnc#759805)

  - rt2x00: Move bssidx calculation into its own function.
    (bnc#759805)

  - rt2x00: Make use of sta_add/remove callbacks in rt2800.
    (bnc#759805)

  - rt2x00: Forbid aggregation for STAs not programmed into     the hw. (bnc#759805)

  - rt2x00: handle spurious pci interrupts. (bnc#759805)

  - rt2800: disable DMA after firmware load.

  - rt2800: radio 3xxx: add channel switch calibration     routines. (bnc#759805)

  - rpm/kernel-binary.spec.in: Obsolete ath3k, as it is now     in the tree.

  - floppy: remove floppy-specific O_EXCL handling.
    (bnc#757315)

  - floppy: convert to delayed work and single-thread wq.
    (bnc#761245)

An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. (CVE-2012-2136)

Ulrich Obergfell discovered an error in the Linux kernel's memory management subsystem on 32 bit PAE systems with more than 4GB of memory installed. A local unprivileged user could exploit this flaw to crash the system. (CVE-2012-2373)

An error was discovered in the Linux kernel's memory subsystem (hugetlb). An unprivileged local user could exploit this flaw to cause a denial of service (crash the system). (CVE-2012-2390)

A flaw was discovered in the Linux kernel's epoll system call. An unprivileged local user could use this flaw to crash the system.
(CVE-2012-3375)

Some errors where discovered in the Linux kernel's UDF file system, which is used to mount some CD-ROMs and DVDs. An unprivileged local user could use these flaws to crash the system. (CVE-2012-3400)

A flaw was discovered in the madvise feature of the Linux kernel's memory subsystem. An unprivileged local use could exploit the flaw to cause a denial of service (crash the system). (CVE-2012-3511).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. (CVE-2012-2136)

Ulrich Obergfell discovered an error in the Linux kernel's memory management subsystem on 32 bit PAE systems with more than 4GB of memory installed. A local unprivileged user could exploit this flaw to crash the system. (CVE-2012-2373)

A flaw was discovered in the Linux kernel's epoll system call. An unprivileged local user could use this flaw to crash the system.
(CVE-2012-3375)

Some errors where discovered in the Linux kernel's UDF file system, which is used to mount some CD-ROMs and DVDs. An unprivileged local user could use these flaws to crash the system. (CVE-2012-3400)

A flaw was discovered in the Linux kernel's macvtap device driver, which is used in KVM (Kernel-based Virtual Machine) to create a network bridge between host and guest. A privleged user in a guest could exploit this flaw to crash the host, if the vhost_net module is loaded with the experimental_zcopytx option enabled. (CVE-2012-2119)

An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. (CVE-2012-2136)

A flaw was found in how the Linux kernel's KVM (Kernel-based Virtual Machine) subsystem handled MSI (Message Signaled Interrupts). A local unprivileged user could exploit this flaw to cause a denial of service or potentially elevate privileges. (CVE-2012-2137)

A flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-2372)

Ulrich Obergfell discovered an error in the Linux kernel's memory management subsystem on 32 bit PAE systems with more than 4GB of memory installed. A local unprivileged user could exploit this flaw to crash the system. (CVE-2012-2373)

Dan Rosenberg discovered flaws in the Linux kernel's NCI (Near Field Communication Controller Interface). A remote attacker could exploit these flaws to crash the system or potentially execute privileged code. (CVE-2012-3364)

A flaw was discovered in the Linux kernel's epoll system call. An unprivileged local user could use this flaw to crash the system.
(CVE-2012-3375)

Some errors where discovered in the Linux kernel's UDF file system, which is used to mount some CD-ROMs and DVDs. An unprivileged local user could use these flaws to crash the system. (CVE-2012-3400)

A flaw was discovered in the madvise feature of the Linux kernel's memory subsystem. An unprivileged local use could exploit the flaw to cause a denial of service (crash the system). (CVE-2012-3511).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

A flaw was discovered in the Linux kernel's macvtap device driver, which is used in KVM (Kernel-based Virtual Machine) to create a network bridge between host and guest. A privleged user in a guest could exploit this flaw to crash the host, if the vhost_net module is loaded with the experimental_zcopytx option enabled. (CVE-2012-2119)

An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. (CVE-2012-2136)

A flaw was found in how the Linux kernel's KVM (Kernel-based Virtual Machine) subsystem handled MSI (Message Signaled Interrupts). A local unprivileged user could exploit this flaw to cause a denial of service or potentially elevate privileges. (CVE-2012-2137)

A flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-2372)

Ulrich Obergfell discovered an error in the Linux kernel's memory management subsystem on 32 bit PAE systems with more than 4GB of memory installed. A local unprivileged user could exploit this flaw to crash the system. (CVE-2012-2373)

Dan Rosenberg discovered flaws in the Linux kernel's NCI (Near Field Communication Controller Interface). A remote attacker could exploit these flaws to crash the system or potentially execute privileged code. (CVE-2012-3364)

A flaw was discovered in the Linux kernel's epoll system call. An unprivileged local user could use this flaw to crash the system.
(CVE-2012-3375)

Some errors where discovered in the Linux kernel's UDF file system, which is used to mount some CD-ROMs and DVDs. An unprivileged local user could use these flaws to crash the system. (CVE-2012-3400)

The kernel packages contain the Linux kernel, the core of any Linux operating system.

This update fixes the following security issues :

  - A local, unprivileged user could use an integer overflow     flaw in drm_mode_dirtyfb_ioctl() to cause a denial of     service or escalate their privileges. (CVE-2012-0044,     Important)

  - A buffer overflow flaw was found in the macvtap device     driver, used for creating a bridged network between the     guest and the host in KVM (Kernel-based Virtual Machine)     environments. A privileged guest user in a KVM guest     could use this flaw to crash the host. Note: This issue     only affected hosts that have the vhost_net module     loaded with the experimental_zcopytx module option     enabled (it is not enabled by default), and that also     have macvtap configured for at least one guest.
    (CVE-2012-2119, Important)

  - When a set user ID (setuid) application is executed,     certain personality flags for controlling the     application's behavior are cleared (that is, a     privileged application will not be affected by those     flags). It was found that those flags were not cleared     if the application was made privileged via file system     capabilities. A local, unprivileged user could use this     flaw to change the behavior of such applications,     allowing them to bypass intended restrictions. Note that     for default installations, no application shipped by us     for Scientific Linux is made privileged via file system     capabilities. (CVE-2012-2123, Important)

  - It was found that the data_len parameter of the     sock_alloc_send_pskb() function in the Linux kernel's     networking implementation was not validated before use.
    A privileged guest user in a KVM guest could use this     flaw to crash the host or, possibly, escalate their     privileges on the host. (CVE-2012-2136, Important)

  - A buffer overflow flaw was found in the     setup_routing_entry() function in the KVM subsystem of     the Linux kernel in the way the Message Signaled     Interrupts (MSI) routing entry was handled. A local,     unprivileged user could use this flaw to cause a denial     of service or, possibly, escalate their privileges.
    (CVE-2012-2137, Important)

  - A race condition was found in the Linux kernel's memory     management subsystem in the way pmd_none_or_clear_bad(),     when called with mmap_sem in read mode, and Transparent     Huge Pages (THP) page faults interacted. A privileged     user in a KVM guest with the ballooning functionality     enabled could potentially use this flaw to crash the     host. A local, unprivileged user could use this flaw to     crash the system. (CVE-2012-1179, Moderate)

  - A flaw was found in the way device memory was handled     during guest device removal. Upon successful device     removal, memory used by the device was not properly     unmapped from the corresponding IOMMU or properly     released from the kernel, leading to a memory leak. A     malicious user on a KVM host who has the ability to     assign a device to a guest could use this flaw to crash     the host. (CVE-2012-2121, Moderate)

  - A flaw was found in the Linux kernel's Reliable Datagram     Sockets (RDS) protocol implementation. A local,     unprivileged user could use this flaw to cause a denial     of service. (CVE-2012-2372, Moderate)

  - A race condition was found in the Linux kernel's memory     management subsystem in the way pmd_populate() and     pte_offset_map_lock() interacted on 32-bit x86 systems     with more than 4GB of RAM. A local, unprivileged user     could use this flaw to cause a denial of service.
    (CVE-2012-2373, Moderate)

This update also fixes several bugs.

Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.

Update to Linux 2.6.43.8 (3.3.8).

Disabled 32bit NX emulation. Suspected of being broken and it deviates from upstream.

Unless there are further security issues, this will likely be the last F15 kernel update before End-of-Life. The 3.3.7 stable kernel contains a number of important bug fixes

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

This update fixes the following security issues :

* A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. (CVE-2012-0044, Important)

* A buffer overflow flaw was found in the macvtap device driver, used for creating a bridged network between the guest and the host in KVM (Kernel-based Virtual Machine) environments. A privileged guest user in a KVM guest could use this flaw to crash the host. Note: This issue only affected hosts that have the vhost_net module loaded with the experimental_zcopytx module option enabled (it is not enabled by default), and that also have macvtap configured for at least one guest. (CVE-2012-2119, Important)

* When a set user ID (setuid) application is executed, certain personality flags for controlling the application's behavior are cleared (that is, a privileged application will not be affected by those flags). It was found that those flags were not cleared if the application was made privileged via file system capabilities. A local, unprivileged user could use this flaw to change the behavior of such applications, allowing them to bypass intended restrictions. Note that for default installations, no application shipped by Red Hat for Red Hat Enterprise Linux is made privileged via file system capabilities.
(CVE-2012-2123, Important)

* It was found that the data_len parameter of the sock_alloc_send_pskb() function in the Linux kernel's networking implementation was not validated before use. A privileged guest user in a KVM guest could use this flaw to crash the host or, possibly, escalate their privileges on the host. (CVE-2012-2136, Important)

* A buffer overflow flaw was found in the setup_routing_entry() function in the KVM subsystem of the Linux kernel in the way the Message Signaled Interrupts (MSI) routing entry was handled. A local, unprivileged user could use this flaw to cause a denial of service or, possibly, escalate their privileges. (CVE-2012-2137, Important)

* A race condition was found in the Linux kernel's memory management subsystem in the way pmd_none_or_clear_bad(), when called with mmap_sem in read mode, and Transparent Huge Pages (THP) page faults interacted. A privileged user in a KVM guest with the ballooning functionality enabled could potentially use this flaw to crash the host. A local, unprivileged user could use this flaw to crash the system. (CVE-2012-1179, Moderate)

* A flaw was found in the way device memory was handled during guest device removal. Upon successful device removal, memory used by the device was not properly unmapped from the corresponding IOMMU or properly released from the kernel, leading to a memory leak. A malicious user on a KVM host who has the ability to assign a device to a guest could use this flaw to crash the host. (CVE-2012-2121, Moderate)

* A flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-2372, Moderate)

* A race condition was found in the Linux kernel's memory management subsystem in the way pmd_populate() and pte_offset_map_lock() interacted on 32-bit x86 systems with more than 4GB of RAM. A local, unprivileged user could use this flaw to cause a denial of service.
(CVE-2012-2373, Moderate)

Red Hat would like to thank Chen Haogang for reporting CVE-2012-0044.

This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section.

Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect.

Linux v3.3.8

Fixes for CVE-2012-2390 and CVE-2012-2372. Disabled 32bit NX emulation which is suspected of being broken and aligns us more with upstream.

Final 3.3.x update before rebasing to the 3.4 kernel series.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The 3.4 kernel contains a large number of bug fixes

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
79484	OracleVM 3.1 : kernel-uek (OVMSA-2012-0042)	Nessus	OracleVM Local Security Checks	high
74661	openSUSE Security Update : Kernel (openSUSE-SU-2012:0812-1)	Nessus	SuSE Local Security Checks	high
68676	Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2021)	Nessus	Oracle Linux Local Security Checks	high
68675	Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2020)	Nessus	Oracle Linux Local Security Checks	high
68544	Oracle Linux 6 : kernel (ELSA-2012-0743)	Nessus	Oracle Linux Local Security Checks	high
64176	SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 6453 / 6457)	Nessus	SuSE Local Security Checks	high
64175	SuSE 11.2 Security Update : Linux kernel (SAT Patch Number 6463)	Nessus	SuSE Local Security Checks	high
61549	Ubuntu 10.04 LTS : linux-lts-backport-oneiric vulnerabilities (USN-1539-1)	Nessus	Ubuntu Local Security Checks	high
61511	Ubuntu 11.10 : linux vulnerabilities (USN-1533-1)	Nessus	Ubuntu Local Security Checks	high
61510	USN-1532-1 : linux-ti-omap4 vulnerabilities	Nessus	Ubuntu Local Security Checks	high
61507	Ubuntu 12.04 LTS : linux vulnerabilities (USN-1529-1)	Nessus	Ubuntu Local Security Checks	high
61506	USN-1514-1 : linux-ti-omap4 vulnerabilities	Nessus	Ubuntu Local Security Checks	high
61331	Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20120618)	Nessus	Scientific Linux Local Security Checks	high
59661	Fedora 15 : kernel-2.6.43.8-1.fc15 (2012-8931)	Nessus	Fedora Local Security Checks	medium
59609	CentOS 6 : kernel (CESA-2012:0743)	Nessus	CentOS Local Security Checks	high
59562	RHEL 6 : kernel (RHSA-2012:0743)	Nessus	Red Hat Local Security Checks	high
59487	Fedora 16 : kernel-3.3.8-1.fc16 (2012-8890)	Nessus	Fedora Local Security Checks	medium
59390	Fedora 17 : kernel-3.4.0-1.fc17 (2012-8824)	Nessus	Fedora Local Security Checks	medium

CVE-2012-2373

MEDIUM

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high

high

medium

high

high

medium

medium