Test Kennung:	1.3.6.1.4.1.25623.1.0.852928
Kategorie:	SuSE Local Security Checks
Titel:	openSUSE: Security Advisory for the Linux Kernel (openSUSE-SU-2019:1571-1)
Zusammenfassung:	The remote host is missing an update for the 'Linux Kernel'; package(s) announced via the openSUSE-SU-2019:1571-1 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'Linux Kernel' package(s) announced via the openSUSE-SU-2019:1571-1 advisory. Vulnerability Insight: The openSUSE Leap 15.1 was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. (bsc#1137586) - CVE-2019-11479: It was possible to send a crafted sequence of SACKs which would fragment the RACK send map. A remote attacker may be able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. This would have resulted in excess resource consumption due to low mss values. (bsc#1137586) - CVE-2019-12819: The function __mdiobus_register() in drivers/net/phy/mdio_bus.c calls put_device(), which will trigger a fixed_mdio_bus_init use-after-free. This will cause a denial of service (bnc#1138291). - CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller did not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects nfc_llcp_build_gb in net/nfc/llcp_core.c (bnc#1138293). - CVE-2019-12456: An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c that allowed local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a 'double fetch' vulnerability. (bnc#1136922) - CVE-2019-12380: An issue was discovered in the efi subsystem in the Linux kernel phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures (bnc#1136598). - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bnc#1136424). - CVE-2019-10124: An attacker could exploit an issue in the hwpoison implementation to cause a denial of service (BUG). (bsc#1130699) - CVE-2019-12382: In the drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c was an unchecked kstrdup of fwstr, which might allow an attacke ... Description truncated. Please see the references for more information. Affected Software/OS: 'the' package(s) on openSUSE Leap 15.1. Solution: Please install the updated package(s). CVSS Score: 8.3 CVSS Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2019-3846 Bugtraq: 20190618 [SECURITY] [DSA 4465-1] linux security update (Google Search) https://seclists.org/bugtraq/2019/Jun/26 Bugtraq: 20190722 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01) (Google Search) https://seclists.org/bugtraq/2019/Jul/33 Debian Security Information: DSA-4465 (Google Search) https://www.debian.org/security/2019/dsa-4465 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KLGWJKLMTBBB53D5QLS4HOY2EH246WBE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J36BIJTKEPUOZKJNHQBUZA47RQONUKOI/ http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html https://seclists.org/oss-sec/2019/q2/133 https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html RedHat Security Advisories: RHSA-2019:2703 https://access.redhat.com/errata/RHSA-2019:2703 RedHat Security Advisories: RHSA-2019:2741 https://access.redhat.com/errata/RHSA-2019:2741 RedHat Security Advisories: RHSA-2019:3055 https://access.redhat.com/errata/RHSA-2019:3055 RedHat Security Advisories: RHSA-2019:3076 https://access.redhat.com/errata/RHSA-2019:3076 RedHat Security Advisories: RHSA-2019:3089 https://access.redhat.com/errata/RHSA-2019:3089 RedHat Security Advisories: RHSA-2020:0174 https://access.redhat.com/errata/RHSA-2020:0174 SuSE Security Announcement: openSUSE-SU-2019:1570 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html SuSE Security Announcement: openSUSE-SU-2019:1571 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00040.html SuSE Security Announcement: openSUSE-SU-2019:1579 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html https://usn.ubuntu.com/4093-1/ https://usn.ubuntu.com/4094-1/ https://usn.ubuntu.com/4095-1/ https://usn.ubuntu.com/4095-2/ https://usn.ubuntu.com/4117-1/ https://usn.ubuntu.com/4118-1/
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.