Test Kennung:	1.3.6.1.4.1.25623.1.1.2.2018.1296
Kategorie:	Huawei EulerOS Local Security Checks
Titel:	Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1296)
Zusammenfassung:	The remote host is missing an update for the Huawei EulerOS 'kernel' package(s) announced via the EulerOS-SA-2018-1296 advisory.
Beschreibung:	Summary: The remote host is missing an update for the Huawei EulerOS 'kernel' package(s) announced via the EulerOS-SA-2018-1296 advisory. Vulnerability Insight: A an integer overflow vulnerability was discovered in the Linux kernel, from version 3.4 through 4.15, in the drivers/gpu/drm/udl/udl_fb.c:udl_fb_mmap() function. An attacker with access to the udldrmfb driver could exploit this to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space.(CVE-2018-8781) ALSA sequencer core initializes the event pool on demand by invoking snd_seq_pool_init() when the first write happens and the pool is empty. A user can reset the pool size manually via ioctl concurrently, and this may lead to UAF or out-of-bound access.(CVE-2018-7566) Affected Software/OS: 'kernel' package(s) on Huawei EulerOS V2.0SP2. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2018-7566 BugTraq ID: 103605 http://www.securityfocus.com/bid/103605 https://bugzilla.redhat.com/show_bug.cgi?id=1550142 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d15d662e89fc667b90cd294b0eb45694e33144da https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 Debian Security Information: DSA-4187 (Google Search) https://www.debian.org/security/2018/dsa-4187 Debian Security Information: DSA-4188 (Google Search) https://www.debian.org/security/2018/dsa-4188 https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html http://mailman.alsa-project.org/pipermail/alsa-devel/2018-February/132026.html https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html RedHat Security Advisories: RHSA-2018:2384 https://access.redhat.com/errata/RHSA-2018:2384 RedHat Security Advisories: RHSA-2018:2390 https://access.redhat.com/errata/RHSA-2018:2390 RedHat Security Advisories: RHSA-2018:2395 https://access.redhat.com/errata/RHSA-2018:2395 RedHat Security Advisories: RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:2948 RedHat Security Advisories: RHSA-2019:1483 https://access.redhat.com/errata/RHSA-2019:1483 RedHat Security Advisories: RHSA-2019:1487 https://access.redhat.com/errata/RHSA-2019:1487 SuSE Security Announcement: SUSE-SU-2018:0834 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html https://usn.ubuntu.com/3631-1/ https://usn.ubuntu.com/3631-2/ https://usn.ubuntu.com/3798-1/ https://usn.ubuntu.com/3798-2/ Common Vulnerability Exposure (CVE) ID: CVE-2018-8781 https://patchwork.freedesktop.org/patch/211845/ https://research.checkpoint.com/mmap-vulnerabilities-linux-kernel/ RedHat Security Advisories: RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3083 RedHat Security Advisories: RHSA-2018:3096 https://access.redhat.com/errata/RHSA-2018:3096 https://usn.ubuntu.com/3654-1/ https://usn.ubuntu.com/3654-2/ https://usn.ubuntu.com/3656-1/ https://usn.ubuntu.com/3674-1/ https://usn.ubuntu.com/3674-2/ https://usn.ubuntu.com/3677-1/ https://usn.ubuntu.com/3677-2/
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.