ID de Prueba:	1.3.6.1.4.1.25623.1.0.842810
Categoría:	Ubuntu Local Security Checks
Título:	Ubuntu Update for linux-lts-wily USN-3017-3
Resumen:	The remote host is missing an update for the 'linux-lts-wily'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'linux-lts-wily' package(s) announced via the referenced advisory. Vulnerability Insight: USN-3017-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 15.10 for Ubuntu 14.04 LTS. Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. (CVE-2016-4997) Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4482) Kangjie Lu discovered an information leak in the timer handling implementation in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4569, CVE-2016-4578) Kangjie Lu discovered an information leak in the X.25 Call Request handling in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4580) It was discovered that an information leak exists in the Rock Ridge implementation in the Linux kernel. A local attacker who is able to mount a malicious iso9660 file system image could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2016-4913) Baozeng Ding discovered that the Transparent Inter-process Communication (TIPC) implementation in the Linux kernel did not verify socket existence before use in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-4951) Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2016-4998) Affected Software/OS: linux-lts-wily on Ubuntu 14.04 LTS Solution: Please Install the Updated Packages. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-4997 BugTraq ID: 91451 http://www.securityfocus.com/bid/91451 Debian Security Information: DSA-3607 (Google Search) http://www.debian.org/security/2016/dsa-3607 https://www.exploit-db.com/exploits/40435/ https://www.exploit-db.com/exploits/40489/ https://github.com/nccgroup/TriforceLinuxSyscallFuzzer/tree/master/crash_reports/report_compatIpt http://www.openwall.com/lists/oss-security/2016/06/24/5 http://www.openwall.com/lists/oss-security/2016/09/29/10 RedHat Security Advisories: RHSA-2016:1847 http://rhn.redhat.com/errata/RHSA-2016-1847.html RedHat Security Advisories: RHSA-2016:1875 http://rhn.redhat.com/errata/RHSA-2016-1875.html RedHat Security Advisories: RHSA-2016:1883 http://rhn.redhat.com/errata/RHSA-2016-1883.html http://www.securitytracker.com/id/1036171 SuSE Security Announcement: SUSE-SU-2016:1709 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00060.html SuSE Security Announcement: SUSE-SU-2016:1710 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00061.html SuSE Security Announcement: SUSE-SU-2016:1937 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html SuSE Security Announcement: SUSE-SU-2016:1985 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html SuSE Security Announcement: SUSE-SU-2016:2018 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html SuSE Security Announcement: SUSE-SU-2016:2105 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html SuSE Security Announcement: SUSE-SU-2016:2174 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00048.html SuSE Security Announcement: SUSE-SU-2016:2177 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00050.html SuSE Security Announcement: SUSE-SU-2016:2178 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00051.html SuSE Security Announcement: SUSE-SU-2016:2179 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00052.html SuSE Security Announcement: SUSE-SU-2016:2180 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00053.html SuSE Security Announcement: SUSE-SU-2016:2181 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00054.html SuSE Security Announcement: openSUSE-SU-2016:2184 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html http://www.ubuntu.com/usn/USN-3016-1 http://www.ubuntu.com/usn/USN-3016-2 http://www.ubuntu.com/usn/USN-3016-3 http://www.ubuntu.com/usn/USN-3016-4 http://www.ubuntu.com/usn/USN-3017-1 http://www.ubuntu.com/usn/USN-3017-2 http://www.ubuntu.com/usn/USN-3017-3 http://www.ubuntu.com/usn/USN-3018-1 http://www.ubuntu.com/usn/USN-3018-2 http://www.ubuntu.com/usn/USN-3019-1 http://www.ubuntu.com/usn/USN-3020-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-4482 BugTraq ID: 90029 http://www.securityfocus.com/bid/90029 http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184414.html http://www.openwall.com/lists/oss-security/2016/05/04/2 SuSE Security Announcement: SUSE-SU-2016:1672 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html SuSE Security Announcement: SUSE-SU-2016:1690 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html SuSE Security Announcement: SUSE-SU-2016:1696 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html SuSE Security Announcement: openSUSE-SU-2016:1641 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html http://www.ubuntu.com/usn/USN-3021-1 http://www.ubuntu.com/usn/USN-3021-2 Common Vulnerability Exposure (CVE) ID: CVE-2016-4569 BugTraq ID: 90347 http://www.securityfocus.com/bid/90347 http://www.openwall.com/lists/oss-security/2016/05/09/17 RedHat Security Advisories: RHSA-2016:2574 http://rhn.redhat.com/errata/RHSA-2016-2574.html RedHat Security Advisories: RHSA-2016:2584 http://rhn.redhat.com/errata/RHSA-2016-2584.html Common Vulnerability Exposure (CVE) ID: CVE-2016-4578 BugTraq ID: 90535 http://www.securityfocus.com/bid/90535 https://www.exploit-db.com/exploits/46529/ http://www.openwall.com/lists/oss-security/2016/05/11/5 Common Vulnerability Exposure (CVE) ID: CVE-2016-4580 BugTraq ID: 90528 http://www.securityfocus.com/bid/90528 http://www.openwall.com/lists/oss-security/2016/05/10/12 Common Vulnerability Exposure (CVE) ID: CVE-2016-4913 BugTraq ID: 90730 http://www.securityfocus.com/bid/90730 http://www.openwall.com/lists/oss-security/2016/05/18/3 http://www.openwall.com/lists/oss-security/2016/05/18/5 RedHat Security Advisories: RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3083 RedHat Security Advisories: RHSA-2018:3096 https://access.redhat.com/errata/RHSA-2018:3096 Common Vulnerability Exposure (CVE) ID: CVE-2016-4951 http://lists.openwall.net/netdev/2016/05/14/28 http://www.openwall.com/lists/oss-security/2016/05/21/2 Common Vulnerability Exposure (CVE) ID: CVE-2016-4998 RedHat Security Advisories: RHSA-2017:0036 http://rhn.redhat.com/errata/RHSA-2017-0036.html
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.