English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.853260
Kategorie:SuSE Local Security Checks
Titel:openSUSE: Security Advisory for the (openSUSE-SU-2020:0935-1)
Zusammenfassung:The remote host is missing an update for the 'the'; package(s) announced via the openSUSE-SU-2020:0935-1 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'the'
package(s) announced via the openSUSE-SU-2020:0935-1 advisory.

Vulnerability Insight:
The openSUSE Leap 15.2 kernel was updated to receive various security and
bugfixes.

The following security bugs were fixed:

- CVE-2019-19462: relay_open in kernel/relay.c allowed local users to
cause a denial of service (such as relay blockage) by triggering a NULL
alloc_percpu result (bnc#1158265).

- CVE-2019-20810: go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c
did not call snd_card_free for a failure path, which causes a memory
leak, aka CID-9453264ef586 (bnc#1172458).

- CVE-2019-20812: The prb_calc_retire_blk_tmo() function in
net/packet/af_packet.c can result in a denial of service (CPU
consumption and soft lockup) in a certain failure case involving
TPACKET_V3, aka CID-b43d1f9f7067 (bnc#1172453).

- CVE-2020-10711: A NULL pointer dereference flaw was found in the Linux
kernel's SELinux subsystem. This flaw occurs while importing the
Commercial IP Security Option (CIPSO) protocol's category bitmap into
the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine.
While processing the CIPSO restricted bitmap tag in the
'cipso_v4_parsetag_rbm' routine, it sets the security attribute to
indicate that the category bitmap is present, even if it has not been
allocated. This issue leads to a NULL pointer dereference issue while
importing the same category bitmap into SELinux. This flaw allowed a
remote network user to crash the system kernel, resulting in a denial of
service (bnc#1171191).

- CVE-2020-10732: A flaw was found in the implementation of Userspace core
dumps. This flaw allowed an attacker with a local account to crash a
trivial program and exfiltrate private kernel data (bnc#1171220).

- CVE-2020-10751: SELinux LSM hook implementation before version 5.7,
where it incorrectly assumed that an skb would only contain a single
netlink message. The hook would incorrectly only validate the first
netlink message in the skb and allow or deny the rest of the messages
within the skb with the granted permission without further processing
(bnc#1171189).

- CVE-2020-10766: Fixed rogue cross-process SSBD shutdown. Linux scheduler
logical bug allowed an attacker to turn off the SSBD protection.
(bnc#1172781).

- CVE-2020-10767: Fixed that Indirect Branch Prediction Barrier is
force-disabled when STIBP is unavailable or enhanced IBRS is available.
(bnc#1172782).

- CVE-2020-10768: Fixed that indirect branch speculation can be enabled
after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command
(bnc#1172783).

- CVE-2020-10773: Fixed a kernel stack information leak on s390/s390x.
(bnc#11729 ...

Description truncated. Please see the references for more information.

Affected Software/OS:
'the' package(s) on openSUSE Leap 15.2.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2019-19462
Common Vulnerability Exposure (CVE) ID: CVE-2019-20810
Common Vulnerability Exposure (CVE) ID: CVE-2019-20812
Common Vulnerability Exposure (CVE) ID: CVE-2020-10711
Common Vulnerability Exposure (CVE) ID: CVE-2020-10732
Common Vulnerability Exposure (CVE) ID: CVE-2020-10751
Common Vulnerability Exposure (CVE) ID: CVE-2020-10766
Common Vulnerability Exposure (CVE) ID: CVE-2020-10767
Common Vulnerability Exposure (CVE) ID: CVE-2020-10768
Common Vulnerability Exposure (CVE) ID: CVE-2020-10773
Common Vulnerability Exposure (CVE) ID: CVE-2020-12656
Common Vulnerability Exposure (CVE) ID: CVE-2020-12769
Common Vulnerability Exposure (CVE) ID: CVE-2020-12888
Common Vulnerability Exposure (CVE) ID: CVE-2020-13143
Common Vulnerability Exposure (CVE) ID: CVE-2020-13974
Common Vulnerability Exposure (CVE) ID: CVE-2020-14416
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.