English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.2.2019.1303
Kategorie:Huawei EulerOS Local Security Checks
Titel:Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1303)
Zusammenfassung:The remote host is missing an update for the Huawei EulerOS 'kernel' package(s) announced via the EulerOS-SA-2019-1303 advisory.
Beschreibung:Summary:
The remote host is missing an update for the Huawei EulerOS 'kernel' package(s) announced via the EulerOS-SA-2019-1303 advisory.

Vulnerability Insight:
A new software page cache side channel attack scenario was discovered in operating systems that implement the very common 'page cache' caching mechanism. A malicious user/process could use 'in memory' page-cache knowledge to infer access timings to shared memory and gain knowledge which can be used to reduce effectiveness of cryptographic strength by monitoring algorithmic behavior, infer access patterns of memory to determine code paths taken, and exfiltrate data to a blinded attacker through page-granularity access times as a side-channel.(CVE-2019-5489)

It was found that the Linux kernel can hit a BUG_ON() statement in the __xfs_get_blocks() in the fs/xfs/xfs_aops.c because of a race condition between direct and memory-mapped I/O associated with a hole in a file that is handled with BUG_ON() instead of an I/O failure. This allows a local unprivileged attacker to cause a system crash and a denial of service.(CVE-2016-10741)

An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel. An attacker with a local account can trick the stack unwinder code to leak stack contents to userspace. The fix allows only root to inspect the kernel stack of an arbitrary task.(CVE-2018-17972)

A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one.(CVE-2018-16862)

A use-after-free flaw can occur in the Linux kernel due to a race condition between packet_do_bind() and packet_notifier() functions called for an AF_PACKET socket. An unprivileged, local user could use this flaw to induce kernel memory corruption on the system, leading to an unresponsive system or to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.(CVE-2018-18559)

A flaw was found In the Linux kernel, through version 4.19.6, where a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c. An attacker could corrupt memory and possibly escalate privileges if the attacker is able to have physical access to the system.(CVE-2018-19824)


A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.(CVE-2018-10879)

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.(CVE-2018-10883)

Affected Software/OS:
'kernel' package(s) on Huawei EulerOS V2.0SP3.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2019-5489
BugTraq ID: 106478
http://www.securityfocus.com/bid/106478
Bugtraq: 20190618 [SECURITY] [DSA 4465-1] linux security update (Google Search)
https://seclists.org/bugtraq/2019/Jun/26
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-pagecache-en
https://security.netapp.com/advisory/ntap-20190307-0001/
Debian Security Information: DSA-4465 (Google Search)
https://www.debian.org/security/2019/dsa-4465
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=574823bfab82d9d8fa47f422778043fbb4b4f50e
https://arxiv.org/abs/1901.01161
https://bugzilla.suse.com/show_bug.cgi?id=1120843
https://github.com/torvalds/linux/commit/574823bfab82d9d8fa47f422778043fbb4b4f50e
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.theregister.co.uk/2019/01/05/boffins_beat_page_cache/
https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html
https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html
RedHat Security Advisories: RHSA-2019:2029
https://access.redhat.com/errata/RHSA-2019:2029
RedHat Security Advisories: RHSA-2019:2043
https://access.redhat.com/errata/RHSA-2019:2043
RedHat Security Advisories: RHSA-2019:2473
https://access.redhat.com/errata/RHSA-2019:2473
RedHat Security Advisories: RHSA-2019:2808
https://access.redhat.com/errata/RHSA-2019:2808
RedHat Security Advisories: RHSA-2019:2809
https://access.redhat.com/errata/RHSA-2019:2809
RedHat Security Advisories: RHSA-2019:2837
https://access.redhat.com/errata/RHSA-2019:2837
RedHat Security Advisories: RHSA-2019:3309
https://access.redhat.com/errata/RHSA-2019:3309
RedHat Security Advisories: RHSA-2019:3517
https://access.redhat.com/errata/RHSA-2019:3517
RedHat Security Advisories: RHSA-2019:3967
https://access.redhat.com/errata/RHSA-2019:3967
RedHat Security Advisories: RHSA-2019:4056
https://access.redhat.com/errata/RHSA-2019:4056
RedHat Security Advisories: RHSA-2019:4057
https://access.redhat.com/errata/RHSA-2019:4057
RedHat Security Advisories: RHSA-2019:4058
https://access.redhat.com/errata/RHSA-2019:4058
RedHat Security Advisories: RHSA-2019:4159
https://access.redhat.com/errata/RHSA-2019:4159
RedHat Security Advisories: RHSA-2019:4164
https://access.redhat.com/errata/RHSA-2019:4164
RedHat Security Advisories: RHSA-2019:4255
https://access.redhat.com/errata/RHSA-2019:4255
RedHat Security Advisories: RHSA-2020:0204
https://access.redhat.com/errata/RHSA-2020:0204
SuSE Security Announcement: openSUSE-SU-2019:1479 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html
SuSE Security Announcement: openSUSE-SU-2019:1570 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html
SuSE Security Announcement: openSUSE-SU-2019:1579 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.