Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:31007
HistoryAug 18, 2014 - 12:00 a.m.

[USN-2318-1] Linux kernel vulnerabilities

2014-08-1800:00:00
vulners.com
26
JSON

==========================================================================
Ubuntu Security Notice USN-2318-1
August 18, 2014

linux vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:

  • linux: Linux kernel

Details:

Eric W. Biederman discovered a flaw with the mediation of mount flags in
the Linux kernel's user namespace subsystem. An unprivileged user could
exploit this flaw to by-pass mount restrictions, and potentially gain
administrative privileges. (CVE-2014-5207)

Kenton Varda discovered a flaw with read-only bind mounds when used with
user namespaces. An unprivileged local user could exploit this flaw to gain
full write privileges to a mount that should be read only. (CVE-2014-5206)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
linux-image-3.13.0-34-generic 3.13.0-34.60
linux-image-3.13.0-34-generic-lpae 3.13.0-34.60
linux-image-3.13.0-34-lowlatency 3.13.0-34.60
linux-image-3.13.0-34-powerpc-e500 3.13.0-34.60
linux-image-3.13.0-34-powerpc-e500mc 3.13.0-34.60
linux-image-3.13.0-34-powerpc-smp 3.13.0-34.60
linux-image-3.13.0-34-powerpc64-emb 3.13.0-34.60
linux-image-3.13.0-34-powerpc64-smp 3.13.0-34.60

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-2318-1
CVE-2014-5206, CVE-2014-5207

Package Information:
https://launchpad.net/ubuntu/+source/linux/3.13.0-34.60

– ubuntu-security-announce mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Related

openvas 10
nessus 11
ubuntu 2
amazon 1
ubuntucve 2
securityvulns 2
prion 2
packetstorm 1
exploitpack 1
seebug 1
zdt 1
debiancve 2
cve 2
exploitdb 1
suse 1
fedora 2
lenovo 1
openvas
openvas
Ubuntu Update for linux USN-2318-1
2014-08-19 00:00:00
Amazon Linux: Security Advisory (ALAS-2014-417)
2015-09-08 00:00:00
Ubuntu Update for linux-lts-trusty USN-2317-1
2014-08-19 00:00:00
nessus
nessus
Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-2318-1)
2014-08-18 00:00:00
Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2317-1)
2014-08-18 00:00:00
Fedora 19 : kernel-3.14.17-100.fc19 (2014-9449)
2014-08-20 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2014-08-18 00:00:00
Linux kernel (Trusty HWE) vulnerabilities
2014-08-18 00:00:00
amazon
amazon
Medium: kernel
2014-09-18 21:04:00
ubuntucve
ubuntucve
CVE-2014-5207
2014-08-13 00:00:00
CVE-2014-5206
2014-08-13 00:00:00
securityvulns
securityvulns
Linux kernel multiple security vulnerabilities
2014-08-18 00:00:00
[ MDVSA-2014:201 ] kernel
2014-10-27 00:00:00
prion
prion
Command injection
2014-08-18 11:15:00
Design/Logic Flaw
2014-08-18 11:15:00
packetstorm
packetstorm
Linux Kernel 3.16.1 FUSE Privilege Escalation
2014-10-08 00:00:00
exploitpack
exploitpack
Linux Kernel 3.16.1 - Remount FUSE Local Privilege Escalation
2014-10-09 00:00:00
seebug
seebug
Linux Kernel remount FUSE Exploit
2014-10-10 00:00:00
zdt
zdt
Linux Kernel 3.16.1 FUSE Privilege Escalation Exploit
2014-10-09 00:00:00
debiancve
debiancve
CVE-2014-5207
2014-08-18 11:15:00
CVE-2014-5206
2014-08-18 11:15:00
cve
cve
CVE-2014-5206
2014-08-18 11:15:00
CVE-2014-5207
2014-08-18 11:15:00
exploitdb
exploitdb
Linux Kernel < 3.16.1 - 'Remount FUSE' Local Privilege Escalation
2014-10-09 00:00:00
suse
suse
Security update for the Linux Kernel (important)
2014-12-21 13:04:41
fedora
fedora
[SECURITY] Fedora 20 Update: kernel-3.15.10-200.fc20
2014-08-16 22:30:46
[SECURITY] Fedora 19 Update: kernel-3.14.17-100.fc19
2014-08-19 07:09:03
lenovo
lenovo
AMI MegaRAC SP-X BMC Vulnerabilities - Lenovo Support US
2020-04-13 19:22:04
JSON
Related for SECURITYVULNS:DOC:31007
openvas10nessus11ubuntu2amazon1ubuntucve2securityvulns2prion2packetstorm1exploitpack1seebug1zdt1debiancve2cve2exploitdb1suse1fedora2lenovo1