SuSE Local Security Checks : openSUSE: Security Advisory for the Linux Kernel (openSUSE-SU-2019:1716-1)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.852611

Categoría: SuSE Local Security Checks

Título: openSUSE: Security Advisory for the Linux Kernel (openSUSE-SU-2019:1716-1)

Resumen: The remote host is missing an update for the 'Linux Kernel'; package(s) announced via the openSUSE-SU-2019:1716-1 advisory.

Descripción: Summary:
The remote host is missing an update for the 'Linux Kernel'
package(s) announced via the openSUSE-SU-2019:1716-1 advisory.

Vulnerability Insight:
The openSUSE Leap 15.0 was updated to receive various security and
bugfixes.

The following security bugs were fixed:

- CVE-2019-10638: A device can be tracked by an attacker using the IP ID
values the kernel produces for connection-less protocols (e.g., UDP and
ICMP). When such traffic is sent to multiple destination IP addresses,
it is possible to obtain hash collisions (of indices to the counter
array) and thereby obtain the hashing key (via enumeration). An attack
may be conducted by hosting a crafted web page that uses WebRTC or gQUIC
to force UDP traffic to attacker-controlled IP addresses (bnc#1140575).

- CVE-2019-10639: The Linux kernel allowed Information Exposure (partial
kernel address disclosure), leading to a KASLR bypass. Specifically, it
is possible to extract the KASLR kernel image offset using the IP ID
values the kernel produces for connection-less protocols (e.g., UDP and
ICMP). When such traffic is sent to multiple destination IP addresses,
it is possible to obtain hash collisions (of indices to the counter
array) and thereby obtain the hashing key (via enumeration). This key
contains enough bits from a kernel address (of a static variable) so
when the key is extracted (via enumeration), the offset of the kernel
image is exposed. This attack can be carried out remotely, by the
attacker forcing the target device to send UDP or ICMP (or certain
other) traffic to attacker-controlled IP addresses. Forcing a server to
send UDP traffic is trivial if the server is a DNS server. ICMP traffic
is trivial if the server answers ICMP Echo requests (ping). For client
targets, if the target visits the attacker's web page, then WebRTC or
gQUIC can be used to force UDP traffic to attacker-controlled IP
addresses. NOTE: this attack against KASLR became viable in 4.1 because
IP ID generation was changed to have a dependency on an address
associated with a network namespace (bnc#1140577).

- CVE-2018-20836: There was a race condition in smp_task_timedout() and
smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a
use-after-free (bnc#1134395).

- CVE-2019-10126: A heap based buffer overflow in
mwifiex_uap_parse_tail_ies function in
drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory
corruption and possibly other consequences (bnc#1136935).

- CVE-2019-11599: The coredump implementation in the Linux kernel did not
use locking or other mechanisms to prevent vma layout or vma flags
changes while it runs, which allowed local users to obtain sensitive
information, cause a denial of service, or pos ...

Description truncated. Please see the references for more information.

Affected Software/OS:
'the' package(s) on openSUSE Leap 15.0.

Solution:
Please install the updated package(s).

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2018-16871
Common Vulnerability Exposure (CVE) ID: CVE-2018-20836
Common Vulnerability Exposure (CVE) ID: CVE-2019-10126
Common Vulnerability Exposure (CVE) ID: CVE-2019-10638
Common Vulnerability Exposure (CVE) ID: CVE-2019-10639
Common Vulnerability Exposure (CVE) ID: CVE-2019-11599
Common Vulnerability Exposure (CVE) ID: CVE-2019-12614

Copyright Copyright (C) 2019 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.852611
Categoría:	SuSE Local Security Checks
Título:	openSUSE: Security Advisory for the Linux Kernel (openSUSE-SU-2019:1716-1)
Resumen:	The remote host is missing an update for the 'Linux Kernel'; package(s) announced via the openSUSE-SU-2019:1716-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'Linux Kernel' package(s) announced via the openSUSE-SU-2019:1716-1 advisory. Vulnerability Insight: The openSUSE Leap 15.0 was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-10638: A device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses (bnc#1140575). - CVE-2019-10639: The Linux kernel allowed Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it is possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via enumeration), the offset of the kernel image is exposed. This attack can be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable in 4.1 because IP ID generation was changed to have a dependency on an address associated with a network namespace (bnc#1140577). - CVE-2018-20836: There was a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free (bnc#1134395). - CVE-2019-10126: A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences (bnc#1136935). - CVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allowed local users to obtain sensitive information, cause a denial of service, or pos ... Description truncated. Please see the references for more information. Affected Software/OS: 'the' package(s) on openSUSE Leap 15.0. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-16871 Common Vulnerability Exposure (CVE) ID: CVE-2018-20836 Common Vulnerability Exposure (CVE) ID: CVE-2019-10126 Common Vulnerability Exposure (CVE) ID: CVE-2019-10638 Common Vulnerability Exposure (CVE) ID: CVE-2019-10639 Common Vulnerability Exposure (CVE) ID: CVE-2019-11599 Common Vulnerability Exposure (CVE) ID: CVE-2019-12614
Copyright	Copyright (C) 2019 Greenbone Networks GmbH