Ubuntu Local Security Checks : Ubuntu Update for linux-gcp USN-3468-3

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.843356

Categoría: Ubuntu Local Security Checks

Título: Ubuntu Update for linux-gcp USN-3468-3

Resumen: The remote host is missing an update for the 'linux-gcp'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'linux-gcp'
package(s) announced via the referenced advisory.

Vulnerability Insight:
It was discovered that the KVM subsystem in
the Linux kernel did not properly bound guest IRQs. A local attacker in a guest
VM could use this to cause a denial of service (host system crash).
(CVE-2017-1000252) It was discovered that the Flash-Friendly File System (f2fs)
implementation in the Linux kernel did not properly validate superblock
metadata. A local attacker could use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2017-10663) Anthony Perard
discovered that the Xen virtual block driver did not properly initialize some
data structures before passing them to user space. A local attacker in a guest
VM could use this to expose sensitive information from the host OS or other
guest VMs. (CVE-2017-10911) It was discovered that a use-after-free
vulnerability existed in the POSIX message queue implementation in the Linux
kernel. A local attacker could use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2017-11176) Dave Chinner
discovered that the XFS filesystem did not enforce that the realtime inode flag
was settable only on filesystems on a realtime device. A local attacker could
use this to cause a denial of service (system crash). (CVE-2017-14340)

Affected Software/OS:
linux-gcp on Ubuntu 16.04 LTS

Solution:
Please Install the Updated Packages.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-1000252
Common Vulnerability Exposure (CVE) ID: CVE-2017-10663
Common Vulnerability Exposure (CVE) ID: CVE-2017-10911
Common Vulnerability Exposure (CVE) ID: CVE-2017-11176
Common Vulnerability Exposure (CVE) ID: CVE-2017-14340

Copyright Copyright (C) 2017 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.843356
Categoría:	Ubuntu Local Security Checks
Título:	Ubuntu Update for linux-gcp USN-3468-3
Resumen:	The remote host is missing an update for the 'linux-gcp'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'linux-gcp' package(s) announced via the referenced advisory. Vulnerability Insight: It was discovered that the KVM subsystem in the Linux kernel did not properly bound guest IRQs. A local attacker in a guest VM could use this to cause a denial of service (host system crash). (CVE-2017-1000252) It was discovered that the Flash-Friendly File System (f2fs) implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-10663) Anthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. (CVE-2017-10911) It was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-11176) Dave Chinner discovered that the XFS filesystem did not enforce that the realtime inode flag was settable only on filesystems on a realtime device. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14340) Affected Software/OS: linux-gcp on Ubuntu 16.04 LTS Solution: Please Install the Updated Packages. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-1000252 Common Vulnerability Exposure (CVE) ID: CVE-2017-10663 Common Vulnerability Exposure (CVE) ID: CVE-2017-10911 Common Vulnerability Exposure (CVE) ID: CVE-2017-11176 Common Vulnerability Exposure (CVE) ID: CVE-2017-14340
Copyright	Copyright (C) 2017 Greenbone Networks GmbH