ID de Prueba:	1.3.6.1.4.1.25623.1.0.843500
Categoría:	Ubuntu Local Security Checks
Título:	Ubuntu Update for linux-raspi2 USN-3617-3
Resumen:	The remote host is missing an update for the 'linux-raspi2'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'linux-raspi2' package(s) announced via the referenced advisory. Vulnerability Insight: It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0861) It was discovered that a use-after-free vulnerability existed in the network namespaces implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15129) Andrey Konovalov discovered that the usbtest device driver in the Linux kernel did not properly validate endpoint metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16532) Andrey Konovalov discovered that the SoundGraph iMON USB driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16537) Andrey Konovalov discovered that the IMS Passenger Control Unit USB driver in the Linux kernel did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16645) Andrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in the Linux kernel did not properly handle detach events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16646) Andrey Konovalov discovered that the ASIX Ethernet USB driver in the Linux kernel did not properly handle suspend and resume events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16647) Andrey Konovalov discovered that the CDC USB Ethernet driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16649) Andrey Konovalov discovered that the QMI WWAN USB driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16650) It was discovered that the HugeTLB component of the Linux kernel did not properly handle holes in hugetlb ranges. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16994) It was discovered that the netfilter component of the Linux did not properly restrict access to the connection tracking helpers list. A local attacker could use this to bypass intended access restrictions. (CVE-2017-17448) It was discovered that the netfilter passive O ... Description truncated, for more information please check the Reference URL Affected Software/OS: linux-raspi2 on Ubuntu 17.10 Solution: Please Install the Updated Packages. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-0861 BugTraq ID: 102329 http://www.securityfocus.com/bid/102329 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=362bca57f5d78220f8b5907b875961af9436e229 https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 https://security-tracker.debian.org/tracker/CVE-2017-0861 https://source.android.com/security/bulletin/pixel/2017-11-01 Debian Security Information: DSA-4187 (Google Search) https://www.debian.org/security/2018/dsa-4187 https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html http://lists.alioth.debian.org/pipermail/secure-testing-commits/2017-December/059967.html RedHat Security Advisories: RHSA-2018:2390 https://access.redhat.com/errata/RHSA-2018:2390 RedHat Security Advisories: RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3083 RedHat Security Advisories: RHSA-2018:3096 https://access.redhat.com/errata/RHSA-2018:3096 RedHat Security Advisories: RHSA-2020:0036 https://access.redhat.com/errata/RHSA-2020:0036 https://usn.ubuntu.com/3583-1/ https://usn.ubuntu.com/3583-2/ https://usn.ubuntu.com/3617-1/ https://usn.ubuntu.com/3617-2/ https://usn.ubuntu.com/3617-3/ https://usn.ubuntu.com/3619-1/ https://usn.ubuntu.com/3619-2/ https://usn.ubuntu.com/3632-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-5332 BugTraq ID: 102507 http://www.securityfocus.com/bid/102507 RedHat Security Advisories: RHSA-2018:0470 https://access.redhat.com/errata/RHSA-2018:0470 https://usn.ubuntu.com/3620-1/ https://usn.ubuntu.com/3620-2/ Common Vulnerability Exposure (CVE) ID: CVE-2018-5333 BugTraq ID: 102510 http://www.securityfocus.com/bid/102510 http://packetstormsecurity.com/files/156053/Reliable-Datagram-Sockets-RDS-rds_atomic_free_op-Privilege-Escalation.html Common Vulnerability Exposure (CVE) ID: CVE-2018-5344 BugTraq ID: 102503 http://www.securityfocus.com/bid/102503 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5 https://github.com/torvalds/linux/commit/ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5 RedHat Security Advisories: RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:2948
Copyright	Copyright (C) 2018 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.