Ubuntu 12.04 LTS : linux vulnerabilities (USN-2356-1)

Ubuntu Security Notice (C) 2014-2016 Canonical, Inc. / NASL script (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related
patches.

Description :

Jack Morgenstein reported a flaw in the page handling of the KVM
(Kerenl Virtual Machine) subsystem in the Linux kernel. A guest OS
user could exploit this flaw to cause a denial of service (host OS
memory corruption) or possibly have other unspecified impact on the
host OS. (CVE-2014-3601)

Chris Evans reported an flaw in the Linux kernel's handling of iso9660
(compact disk filesystem) images. An attacker who can mount a custom
iso9660 image either via a CD/DVD drive or a loopback mount could
cause a denial of service (system crash or reboot). (CVE-2014-5471)

Chris Evans reported an flaw in the Linux kernel's handling of iso9660
(compact disk filesystem) images. An attacker who can mount a custom
iso9660 image, with a self-referential CL entry, either via a CD/DVD
drive or a loopback mount could cause a denial of service (unkillable
mount process). (CVE-2014-5472).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:A/AC:H/Au:S/C:N/I:N/A:C)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 77819 ()

Bugtraq ID: 69396
69428
69489

CVE ID: CVE-2014-3601
CVE-2014-5471
CVE-2014-5472

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now