Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.1.2.2019.1303 |
Kategorie: | Huawei EulerOS Local Security Checks |
Titel: | Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1303) |
Zusammenfassung: | The remote host is missing an update for the Huawei EulerOS 'kernel' package(s) announced via the EulerOS-SA-2019-1303 advisory. |
Beschreibung: | Summary: The remote host is missing an update for the Huawei EulerOS 'kernel' package(s) announced via the EulerOS-SA-2019-1303 advisory. Vulnerability Insight: A new software page cache side channel attack scenario was discovered in operating systems that implement the very common 'page cache' caching mechanism. A malicious user/process could use 'in memory' page-cache knowledge to infer access timings to shared memory and gain knowledge which can be used to reduce effectiveness of cryptographic strength by monitoring algorithmic behavior, infer access patterns of memory to determine code paths taken, and exfiltrate data to a blinded attacker through page-granularity access times as a side-channel.(CVE-2019-5489) It was found that the Linux kernel can hit a BUG_ON() statement in the __xfs_get_blocks() in the fs/xfs/xfs_aops.c because of a race condition between direct and memory-mapped I/O associated with a hole in a file that is handled with BUG_ON() instead of an I/O failure. This allows a local unprivileged attacker to cause a system crash and a denial of service.(CVE-2016-10741) An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel. An attacker with a local account can trick the stack unwinder code to leak stack contents to userspace. The fix allows only root to inspect the kernel stack of an arbitrary task.(CVE-2018-17972) A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one.(CVE-2018-16862) A use-after-free flaw can occur in the Linux kernel due to a race condition between packet_do_bind() and packet_notifier() functions called for an AF_PACKET socket. An unprivileged, local user could use this flaw to induce kernel memory corruption on the system, leading to an unresponsive system or to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.(CVE-2018-18559) A flaw was found In the Linux kernel, through version 4.19.6, where a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c. An attacker could corrupt memory and possibly escalate privileges if the attacker is able to have physical access to the system.(CVE-2018-19824) A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.(CVE-2018-10879) A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.(CVE-2018-10883) Affected Software/OS: 'kernel' package(s) on Huawei EulerOS V2.0SP3. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2019-5489 BugTraq ID: 106478 http://www.securityfocus.com/bid/106478 Bugtraq: 20190618 [SECURITY] [DSA 4465-1] linux security update (Google Search) https://seclists.org/bugtraq/2019/Jun/26 http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-pagecache-en https://security.netapp.com/advisory/ntap-20190307-0001/ Debian Security Information: DSA-4465 (Google Search) https://www.debian.org/security/2019/dsa-4465 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=574823bfab82d9d8fa47f422778043fbb4b4f50e https://arxiv.org/abs/1901.01161 https://bugzilla.suse.com/show_bug.cgi?id=1120843 https://github.com/torvalds/linux/commit/574823bfab82d9d8fa47f422778043fbb4b4f50e https://www.oracle.com/security-alerts/cpujul2020.html https://www.theregister.co.uk/2019/01/05/boffins_beat_page_cache/ https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html RedHat Security Advisories: RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2029 RedHat Security Advisories: RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2019:2043 RedHat Security Advisories: RHSA-2019:2473 https://access.redhat.com/errata/RHSA-2019:2473 RedHat Security Advisories: RHSA-2019:2808 https://access.redhat.com/errata/RHSA-2019:2808 RedHat Security Advisories: RHSA-2019:2809 https://access.redhat.com/errata/RHSA-2019:2809 RedHat Security Advisories: RHSA-2019:2837 https://access.redhat.com/errata/RHSA-2019:2837 RedHat Security Advisories: RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3309 RedHat Security Advisories: RHSA-2019:3517 https://access.redhat.com/errata/RHSA-2019:3517 RedHat Security Advisories: RHSA-2019:3967 https://access.redhat.com/errata/RHSA-2019:3967 RedHat Security Advisories: RHSA-2019:4056 https://access.redhat.com/errata/RHSA-2019:4056 RedHat Security Advisories: RHSA-2019:4057 https://access.redhat.com/errata/RHSA-2019:4057 RedHat Security Advisories: RHSA-2019:4058 https://access.redhat.com/errata/RHSA-2019:4058 RedHat Security Advisories: RHSA-2019:4159 https://access.redhat.com/errata/RHSA-2019:4159 RedHat Security Advisories: RHSA-2019:4164 https://access.redhat.com/errata/RHSA-2019:4164 RedHat Security Advisories: RHSA-2019:4255 https://access.redhat.com/errata/RHSA-2019:4255 RedHat Security Advisories: RHSA-2020:0204 https://access.redhat.com/errata/RHSA-2020:0204 SuSE Security Announcement: openSUSE-SU-2019:1479 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html SuSE Security Announcement: openSUSE-SU-2019:1570 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html SuSE Security Announcement: openSUSE-SU-2019:1579 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html |
Copyright | Copyright (C) 2020 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |