Debian Local Security Checks : Debian LTS: Security Advisory for linux (DLA-2713-1)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.892713

Categoría: Debian Local Security Checks

Título: Debian LTS: Security Advisory for linux (DLA-2713-1)

Resumen: The remote host is missing an update for the 'linux'; package(s) announced via the DLA-2713-1 advisory.

Descripción: Summary:
The remote host is missing an update for the 'linux'
package(s) announced via the DLA-2713-1 advisory.

Vulnerability Insight:
CVE-2021-3609

Norbert Slusarek reported a race condition vulnerability in the CAN
BCM networking protocol, allowing a local attacker to escalate
privileges.

CVE-2021-21781

'Lilith >_>' of Cisco Talos discovered that the Arm initialisation
code does not fully initialise the 'sigpage' that is mapped into
user-space processes to support signal handling. This could
result in leaking sensitive information, particularly when the
system is rebooted.

CVE-2021-33909

The Qualys Research Labs discovered a size_t-to-int conversion
vulnerability in the Linux kernel's filesystem layer. An
unprivileged local attacker able to create, mount, and then delete a
deep directory structure whose total path length exceeds 1GB, can
take advantage of this flaw for privilege escalation.

Details can be found in the Qualys advisory at
[link moved to references]

CVE-2021-34693

Norbert Slusarek discovered an information leak in the CAN BCM
networking protocol. A local attacker can take advantage of this
flaw to obtain sensitive information from kernel stack memory.

Affected Software/OS:
'linux' package(s) on Debian Linux.

Solution:
For Debian 9 stretch, these problems have been fixed in version
4.9.272-2.

We recommend that you upgrade your linux packages.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2021-3609

Copyright Copyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.892713
Categoría:	Debian Local Security Checks
Título:	Debian LTS: Security Advisory for linux (DLA-2713-1)
Resumen:	The remote host is missing an update for the 'linux'; package(s) announced via the DLA-2713-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'linux' package(s) announced via the DLA-2713-1 advisory. Vulnerability Insight: CVE-2021-3609 Norbert Slusarek reported a race condition vulnerability in the CAN BCM networking protocol, allowing a local attacker to escalate privileges. CVE-2021-21781 'Lilith >_>' of Cisco Talos discovered that the Arm initialisation code does not fully initialise the 'sigpage' that is mapped into user-space processes to support signal handling. This could result in leaking sensitive information, particularly when the system is rebooted. CVE-2021-33909 The Qualys Research Labs discovered a size_t-to-int conversion vulnerability in the Linux kernel's filesystem layer. An unprivileged local attacker able to create, mount, and then delete a deep directory structure whose total path length exceeds 1GB, can take advantage of this flaw for privilege escalation. Details can be found in the Qualys advisory at [link moved to references] CVE-2021-34693 Norbert Slusarek discovered an information leak in the CAN BCM networking protocol. A local attacker can take advantage of this flaw to obtain sensitive information from kernel stack memory. Affected Software/OS: 'linux' package(s) on Debian Linux. Solution: For Debian 9 stretch, these problems have been fixed in version 4.9.272-2. We recommend that you upgrade your linux packages. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2021-3609
Copyright	Copyright (C) 2021 Greenbone Networks GmbH