ID de Prueba:	1.3.6.1.4.1.25623.1.0.843461
Categoría:	Ubuntu Local Security Checks
Título:	Ubuntu Update for linux USN-3583-1
Resumen:	The remote host is missing an update for the 'linux'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'linux' package(s) announced via the referenced advisory. Vulnerability Insight: It was discovered that an out-of-bounds write vulnerability existed in the Flash-Friendly File System (f2fs) in the Linux kernel. An attacker could construct a malicious file system that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0750) It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0861) It was discovered that the KVM implementation in the Linux kernel allowed passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM could use this to cause a denial of service (system crash) in the host OS. (CVE-2017-1000407) Bo Zhang discovered that the netlink wireless configuration interface in the Linux kernel did not properly validate attributes when handling certain requests. A local attacker with the CAP_NET_ADMIN could use this to cause a denial of service (system crash). (CVE-2017-12153) Vitaly Mayatskikh discovered that the SCSI subsystem in the Linux kernel did not properly track reference counts when merging buffers. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2017-12190) It was discovered that the key management subsystem in the Linux kernel did not properly restrict key reads on negatively instantiated keys. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-12192) It was discovered that an integer overflow existed in the sysfs interface for the QLogic 24xx+ series SCSI driver in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2017-14051) Otto Ebeling discovered that the memory manager in the Linux kernel did not properly check the effective UID in some situations. A local attacker could use this to expose sensitive information. (CVE-2017-14140) It was discovered that the ATI Radeon framebuffer driver in the Linux kernel did not properly initialize a data structure returned to user space. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-14156) ChunYu Wang discovered that the iSCSI transport implementation in the Linux kernel did not properly validate data structures. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14489) James Patrick-Evans discovered a race condition in the LEGO USB Infrared Tower driver in the Linux kernel. A physically proximate attacker could use this to cause ... Description truncated, for more information please check the Reference URL Affected Software/OS: linux on Ubuntu 14.04 LTS Solution: Please Install the Updated Packages. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-0750 BugTraq ID: 100215 http://www.securityfocus.com/bid/100215 https://bugzilla.novell.com/show_bug.cgi?id=1053160 https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0750.html https://security-tracker.debian.org/tracker/CVE-2017-0750 https://usn.ubuntu.com/3583-1/ https://usn.ubuntu.com/3583-2/ Common Vulnerability Exposure (CVE) ID: CVE-2017-0861 BugTraq ID: 102329 http://www.securityfocus.com/bid/102329 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=362bca57f5d78220f8b5907b875961af9436e229 https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 https://security-tracker.debian.org/tracker/CVE-2017-0861 https://source.android.com/security/bulletin/pixel/2017-11-01 Debian Security Information: DSA-4187 (Google Search) https://www.debian.org/security/2018/dsa-4187 https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html http://lists.alioth.debian.org/pipermail/secure-testing-commits/2017-December/059967.html RedHat Security Advisories: RHSA-2018:2390 https://access.redhat.com/errata/RHSA-2018:2390 RedHat Security Advisories: RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3083 RedHat Security Advisories: RHSA-2018:3096 https://access.redhat.com/errata/RHSA-2018:3096 RedHat Security Advisories: RHSA-2020:0036 https://access.redhat.com/errata/RHSA-2020:0036 https://usn.ubuntu.com/3617-1/ https://usn.ubuntu.com/3617-2/ https://usn.ubuntu.com/3617-3/ https://usn.ubuntu.com/3619-1/ https://usn.ubuntu.com/3619-2/ https://usn.ubuntu.com/3632-1/ Common Vulnerability Exposure (CVE) ID: CVE-2017-5669 BugTraq ID: 96754 http://www.securityfocus.com/bid/96754 Debian Security Information: DSA-3804 (Google Search) http://www.debian.org/security/2017/dsa-3804 https://bugzilla.kernel.org/show_bug.cgi?id=192931 https://github.com/torvalds/linux/commit/95e91b831f87ac8e1f8ed50c14d709089b4e01b8 https://github.com/torvalds/linux/commit/e1d35d4dc7f089e6c9c080d556feedf9c706f0c7 http://www.securitytracker.com/id/1037918 Common Vulnerability Exposure (CVE) ID: CVE-2017-7542 BugTraq ID: 99953 http://www.securityfocus.com/bid/99953 Debian Security Information: DSA-3927 (Google Search) http://www.debian.org/security/2017/dsa-3927 Debian Security Information: DSA-3945 (Google Search) http://www.debian.org/security/2017/dsa-3945 RedHat Security Advisories: RHSA-2017:2918 https://access.redhat.com/errata/RHSA-2017:2918 RedHat Security Advisories: RHSA-2017:2930 https://access.redhat.com/errata/RHSA-2017:2930 RedHat Security Advisories: RHSA-2017:2931 https://access.redhat.com/errata/RHSA-2017:2931 RedHat Security Advisories: RHSA-2018:0169 https://access.redhat.com/errata/RHSA-2018:0169 Common Vulnerability Exposure (CVE) ID: CVE-2017-7889 BugTraq ID: 97690 http://www.securityfocus.com/bid/97690 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a4866aa812518ed1a37d8ea0c881dc946409de94 http://www.openwall.com/lists/oss-security/2017/04/16/4 https://github.com/torvalds/linux/commit/a4866aa812518ed1a37d8ea0c881dc946409de94 RedHat Security Advisories: RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:1842 RedHat Security Advisories: RHSA-2017:2077 https://access.redhat.com/errata/RHSA-2017:2077 RedHat Security Advisories: RHSA-2017:2669 https://access.redhat.com/errata/RHSA-2017:2669 RedHat Security Advisories: RHSA-2018:1854 https://access.redhat.com/errata/RHSA-2018:1854 Common Vulnerability Exposure (CVE) ID: CVE-2017-8824 BugTraq ID: 102056 http://www.securityfocus.com/bid/102056 Debian Security Information: DSA-4073 (Google Search) https://www.debian.org/security/2017/dsa-4073 Debian Security Information: DSA-4082 (Google Search) https://www.debian.org/security/2018/dsa-4082 https://www.exploit-db.com/exploits/43234/ http://lists.openwall.net/netdev/2017/12/04/224 http://www.openwall.com/lists/oss-security/2017/12/05/1 https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html RedHat Security Advisories: RHSA-2018:0399 https://access.redhat.com/errata/RHSA-2018:0399 RedHat Security Advisories: RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:0676 RedHat Security Advisories: RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2018:1062 RedHat Security Advisories: RHSA-2018:1130 https://access.redhat.com/errata/RHSA-2018:1130 RedHat Security Advisories: RHSA-2018:1170 https://access.redhat.com/errata/RHSA-2018:1170 RedHat Security Advisories: RHSA-2018:1216 https://access.redhat.com/errata/RHSA-2018:1216 RedHat Security Advisories: RHSA-2018:1319 https://access.redhat.com/errata/RHSA-2018:1319 RedHat Security Advisories: RHSA-2018:3822 https://access.redhat.com/errata/RHSA-2018:3822 SuSE Security Announcement: SUSE-SU-2018:0011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html https://usn.ubuntu.com/3581-1/ https://usn.ubuntu.com/3581-2/ https://usn.ubuntu.com/3581-3/ https://usn.ubuntu.com/3582-1/ https://usn.ubuntu.com/3582-2/ Common Vulnerability Exposure (CVE) ID: CVE-2018-5333 BugTraq ID: 102510 http://www.securityfocus.com/bid/102510 http://packetstormsecurity.com/files/156053/Reliable-Datagram-Sockets-RDS-rds_atomic_free_op-Privilege-Escalation.html RedHat Security Advisories: RHSA-2018:0470 https://access.redhat.com/errata/RHSA-2018:0470 Common Vulnerability Exposure (CVE) ID: CVE-2018-5344 BugTraq ID: 102503 http://www.securityfocus.com/bid/102503 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5 https://github.com/torvalds/linux/commit/ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5 RedHat Security Advisories: RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:2948 Common Vulnerability Exposure (CVE) ID: CVE-2017-5754 BugTraq ID: 102378 http://www.securityfocus.com/bid/102378 BugTraq ID: 106128 http://www.securityfocus.com/bid/106128 CERT/CC vulnerability note: VU#180049 https://www.kb.cert.org/vuls/id/180049 CERT/CC vulnerability note: VU#584653 http://www.kb.cert.org/vuls/id/584653 Cisco Security Advisory: 20180104 CPU Side-Channel Information Disclosure Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel Debian Security Information: DSA-4078 (Google Search) https://www.debian.org/security/2018/dsa-4078 Debian Security Information: DSA-4120 (Google Search) https://www.debian.org/security/2018/dsa-4120 FreeBSD Security Advisory: FreeBSD-SA-18:03 https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc https://security.gentoo.org/glsa/201810-06 https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html https://meltdownattack.com/ https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html https://www.oracle.com/security-alerts/cpuapr2020.html https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html RedHat Security Advisories: RHSA-2018:0292 https://access.redhat.com/errata/RHSA-2018:0292 http://www.securitytracker.com/id/1040071 SuSE Security Announcement: SUSE-SU-2018:0010 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html SuSE Security Announcement: SUSE-SU-2018:0012 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html SuSE Security Announcement: openSUSE-SU-2018:0022 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html SuSE Security Announcement: openSUSE-SU-2018:0023 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html https://usn.ubuntu.com/usn/usn-3516-1/ https://usn.ubuntu.com/usn/usn-3522-2/ https://usn.ubuntu.com/3522-3/ https://usn.ubuntu.com/3522-4/ https://usn.ubuntu.com/3523-1/ https://usn.ubuntu.com/usn/usn-3523-2/ https://usn.ubuntu.com/usn/usn-3524-2/ https://usn.ubuntu.com/usn/usn-3525-1/ https://usn.ubuntu.com/3540-2/ https://usn.ubuntu.com/3541-2/ https://usn.ubuntu.com/3597-1/ https://usn.ubuntu.com/3597-2/
Copyright	Copyright (C) 2018 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.