Test Kennung:	1.3.6.1.4.1.25623.1.0.852855
Kategorie:	SuSE Local Security Checks
Titel:	openSUSE: Security Advisory for the Linux Kernel (openSUSE-SU-2019:2181-1)
Zusammenfassung:	The remote host is missing an update for the 'Linux Kernel'; package(s) announced via the openSUSE-SU-2019:2181-1 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'Linux Kernel' package(s) announced via the openSUSE-SU-2019:2181-1 advisory. Vulnerability Insight: The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-18551: There was an out of bounds write in the function i2c_smbus_xfer_emulated (bnc#1146163). - CVE-2018-20976: A use after free exists, related to xfs_fs_fill_super failure (bnc#1146285). - CVE-2018-21008: A use-after-free can be caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c (bnc#1149591). - CVE-2019-14814, CVE-2019-14815, CVE-2019-14816: Fix three heap-based buffer overflows in marvell wifi chip driver kernel, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code. (bnc#1146516 bnc#1146512 bnc#1146514) - CVE-2019-14835: A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host (bnc#1150112). - CVE-2019-15030: In the Linux kernel on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check (bnc#1149713). - CVE-2019-15031: In the Linux kernel on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c (bnc#1149713). - CVE-2019-15090: In the qedi_dbg_* family of functions, there was an out-of-bounds read (bnc#1146399). - CVE-2019-15098: drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel had a NULL pointer dereference via an incomplete address in an endpoint descriptor (bnc#1146378 1146543). - CVE-2019-15099: drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel had a NULL pointer dereference via an incomplete address in an endpoint ... Description truncated. Please see the references for more information. Affected Software/OS: 'the' package(s) on openSUSE Leap 15.1. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2019-9456 https://source.android.com/security/bulletin/pixel/2019-09-01 SuSE Security Announcement: openSUSE-SU-2019:2173 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html SuSE Security Announcement: openSUSE-SU-2019:2181 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.