Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.852361 |
Kategorie: | SuSE Local Security Checks |
Titel: | openSUSE: Security Advisory for the Linux Kernel (openSUSE-SU-2019:1085-1) |
Zusammenfassung: | The remote host is missing an update for the 'Linux Kernel'; package(s) announced via the openSUSE-SU-2019:1085-1 advisory. |
Beschreibung: | Summary: The remote host is missing an update for the 'Linux Kernel' package(s) announced via the openSUSE-SU-2019:1085-1 advisory. Vulnerability Insight: The openSUSE Leap 42.3 kernel was updated to 4.4.176 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166). - CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179). The following non-security bugs were fixed: - ax25: fix possible use-after-free (bnc#1012382). - block_dev: fix crash on chained bios with O_DIRECT (bsc#1090435). - block: do not use bio->bi_vcnt to figure out segment number (bsc#1128893). - bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces (bsc#1020413). - bpf: fix replace_map_fd_with_map_ptr's ldimm64 second imm field (bsc#1012382). - btrfs: ensure that a DUP or RAID1 block group has exactly two stripes (bsc#1128452). - ceph: avoid repeatedly adding inode to mdsc->snap_flush_list (bsc#1126773). - ch: add missing mutex_lock()/mutex_unlock() in ch_release() (bsc#1124235). - ch: fixup refcounting imbalance for SCSI devices (bsc#1124235). - copy_mount_string: Limit string length to PATH_MAX (bsc#1082943). - device property: Fix the length used in PROPERTY_ENTRY_STRING() (bsc#1129770). - Drivers: hv: vmbus: Check for ring when getting debug info (bsc#1126389). - drm: Fix error handling in drm_legacy_addctx (bsc#1106929) - drm/nouveau/bios/ramcfg: fix missing parentheses when calculating RON (bsc#1106929) - drm/nouveau/pmu: do not print reply values if exec is false (bsc#1106929) - drm/radeon/evergreen_cs: fix missing break in switch statement (bsc#1106929) - drm/vmwgfx: Do not double-free the mode stored in par->set_mode (bsc#1103429) - enic: add wq clean up budget (bsc#1075697, bsc#1120691. bsc#1102959). - enic: do not overwrite error code (bnc#1012382). - fbdev: chipsfb: remove set but not used variable 'size' (bsc#1106929) - ibmvnic: Report actual backing device speed and duplex values (bsc#1129923). - ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - Input: mms114 - fix license module information (bsc#1087092). - iommu/dmar: Fix buffer overflow during PCI bus notification (bsc#1129237). - iommu/io-pgtable-arm-v7s: Only kmemleak_ignore L2 tables (bsc#1129238). - iommu/vt-d: Check identity map for hot-added devices (bsc#1129239). - iommu/vt-d: Fix NULL pointer reference in intel_svm_bind_mm ... Description truncated. Please see the references for more information. Affected Software/OS: 'the' package(s) on openSUSE Leap 42.3. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2019-2024 https://source.android.com/security/bulletin/2019-03-01 https://usn.ubuntu.com/4094-1/ https://usn.ubuntu.com/4118-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-9213 BugTraq ID: 107296 http://www.securityfocus.com/bid/107296 https://www.exploit-db.com/exploits/46502/ http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0a1d52994d440e21def1c2174932410b4f2a98a1 http://packetstormsecurity.com/files/156053/Reliable-Datagram-Sockets-RDS-rds_atomic_free_op-Privilege-Escalation.html https://bugs.chromium.org/p/project-zero/issues/detail?id=1792 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.105 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.27 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.14 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.162 https://github.com/torvalds/linux/commit/0a1d52994d440e21def1c2174932410b4f2a98a1 https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html RedHat Security Advisories: RHSA-2019:0831 https://access.redhat.com/errata/RHSA-2019:0831 RedHat Security Advisories: RHSA-2019:1479 https://access.redhat.com/errata/RHSA-2019:1479 RedHat Security Advisories: RHSA-2019:1480 https://access.redhat.com/errata/RHSA-2019:1480 SuSE Security Announcement: openSUSE-SU-2019:1085 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00045.html SuSE Security Announcement: openSUSE-SU-2019:1193 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00052.html https://usn.ubuntu.com/3930-1/ https://usn.ubuntu.com/3930-2/ https://usn.ubuntu.com/3931-1/ https://usn.ubuntu.com/3931-2/ https://usn.ubuntu.com/3932-1/ https://usn.ubuntu.com/3932-2/ https://usn.ubuntu.com/3933-1/ https://usn.ubuntu.com/3933-2/ |
Copyright | Copyright (C) 2019 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |