Summary
Check the version of the
Solution
Please Install the Updated Packages.
Insight
The openSUSE 12.3 kernel was updated to fix security issues:
This will be the final kernel update for openSUSE 13.2 during its lifetime, which ends January 4th 2015.
CVE-2014-9322: A local privilege escalation in the x86_64 32bit compatibility signal handling was fixed, which could be used by local attackers to crash the machine or execute code.
CVE-2014-9090: The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel did not properly handle faults associated with the Stack Segment (SS) segment register, which allowed local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the linux-clock-tests test suite.
CVE-2014-8133: Insufficient validation of TLS register usage could leak information from the kernel stack to userspace.
CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allowed local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000.
CVE-2014-8884: Stack-based buffer overflow in the
ttusbdecfe_dvbs_diseqc_send_master_cmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel allowed local users to cause a denial of service (system crash) or possibly gain privileges via a large message length in an ioctl call.
CVE-2014-3186: Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel, as used in Android on Nexus 7 devices, allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report.
CVE-2014-7841: The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel, when ASCONF is used, allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk.
CVE-2014-4608: Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel allowed context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run.
CVE-2014-8709: The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel did not properly maintain a certain tail pointer, which allowed remote attackers to obtain sensitive cleartext information by reading packets.
CVE-2014-3185: ...
Description truncated, for more information please check the Reference URL
Affected
the on openSUSE 12.3
Detection
Get the installed version with the help of
detect NVT and check if the version is vulnerable or not.
References
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities