Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2419-1)

Ubuntu Security Notice (C) 2014-2016 Canonical, Inc. / NASL script (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related
patches.

Description :

A flaw was discovered in how the Linux kernel's KVM (Kernel Virtual
Machine) subsystem handles the CR4 control register at VM entry on
Intel processors. A local host OS user can exploit this to cause a
denial of service (kill arbitrary processes, or system disruption) by
leveraging /dev/kvm access. (CVE-2014-3690)

Don Bailey discovered a flaw in the LZO decompress algorithm used by
the Linux kernel. An attacker could exploit this flaw to cause a
denial of service (memory corruption or OOPS). (CVE-2014-4608)

Andy Lutomirski discovered a flaw in how the Linux kernel handles
pivot_root when used with a chroot directory. A local user could
exploit this flaw to cause a denial of service (mount-tree loop).
(CVE-2014-7970)

Andy Lutomirski discovered that the Linux kernel was not checking the
CAP_SYS_ADMIN when remounting filesystems to read-only. A local user
could exploit this flaw to cause a denial of service (loss of
writability). (CVE-2014-7975).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected linux-image-3.13-generic and / or
linux-image-3.13-generic-lpae packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 79434 ()

Bugtraq ID: 68214
70314
70319
70691

CVE ID: CVE-2014-3690
CVE-2014-4608
CVE-2014-7970
CVE-2014-7975

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now