Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.1.2.2019.1304 |
Kategorie: | Huawei EulerOS Local Security Checks |
Titel: | Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1304) |
Zusammenfassung: | The remote host is missing an update for the Huawei EulerOS 'kernel' package(s) announced via the EulerOS-SA-2019-1304 advisory. |
Beschreibung: | Summary: The remote host is missing an update for the Huawei EulerOS 'kernel' package(s) announced via the EulerOS-SA-2019-1304 advisory. Vulnerability Insight: An elevation of privilege vulnerability in the kernel scsi driver. Product: Android. Versions: Android kernel. Android ID A-65023233.(CVE-2017-13168) Non-optimized code for key handling of shared futexes was found in the Linux kernel in the form of unbounded contention time due to the page lock for real-time users. Before the fix, the page lock was an unnecessarily heavy lock for the futex path that protected too much. After the fix, the page lock is only required in a specific corner case.(CVE-2018-9422) A flaw in the load_elf_binary() function in the Linux kernel allows a local attacker to leak the base address of .text and stack sections for setuid binaries and bypass ASLR because install_exec_creds() is called too late in this function.(CVE-2019-11190) A flaw was found in the Linux kernel ext4 filesystem. An out-of-bound access is possible in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image.(CVE-2018-10877) A vulnerability was found in polkit. When authentication is performed by a non-root user to perform an administrative task, the authentication is temporarily cached in such a way that a local attacker could impersonate the authorized process, thus gaining access to elevated privileges.(CVE-2019-6133) A flaw was found in the Linux kernel in the function hso_probe() which reads if_num value from the USB device (as an u8) and uses it without a length check to index an array, resulting in an OOB memory read in hso_probe() or hso_get_config_data(). An attacker with a forged USB device and physical access to a system (needed to connect such a device) can cause a system crash and a denial of service.(CVE-2018-19985) A flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_parse_conf_rsp and l2cap_parse_conf_req functions. An attacker with physical access within the range of standard Bluetooth transmission can create a specially crafted packet. The response to this specially crafted packet can contain part of the kernel stack which can be used in a further attack.(CVE-2019-3460) A flaw was found in the Linux kernels implementation of Logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack. An attacker with physical access within the range of standard Bluetooth transmission can create a specially crafted packet. The response to this specially crafted packet can contain part of the kernel stack which can be used in a further attack.(CVE-2019-3459) A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.(CVE-2018-16884) Affected Software/OS: 'kernel' package(s) on Huawei EulerOS V2.0SP5. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2018-9422 https://bugzilla.suse.com/show_bug.cgi?id=1102001&_ga=2.244341506.661832603.1561012452-1774095668.1553066022 https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html Common Vulnerability Exposure (CVE) ID: CVE-2019-3459 https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html https://lore.kernel.org/linux-bluetooth/20190110062833.GA15047@kroah.com/ https://marc.info/?l=oss-security&m=154721580222522&w=2 http://www.openwall.com/lists/oss-security/2019/06/27/2 http://www.openwall.com/lists/oss-security/2019/06/27/7 http://www.openwall.com/lists/oss-security/2019/06/28/1 http://www.openwall.com/lists/oss-security/2019/06/28/2 http://www.openwall.com/lists/oss-security/2019/08/12/1 RedHat Security Advisories: RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2029 RedHat Security Advisories: RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2019:2043 RedHat Security Advisories: RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3309 RedHat Security Advisories: RHSA-2019:3517 https://access.redhat.com/errata/RHSA-2019:3517 RedHat Security Advisories: RHSA-2020:0740 https://access.redhat.com/errata/RHSA-2020:0740 Common Vulnerability Exposure (CVE) ID: CVE-2019-3460 https://lore.kernel.org/linux-bluetooth/20190110062917.GB15047@kroah.com/ Common Vulnerability Exposure (CVE) ID: CVE-2019-6133 BugTraq ID: 106537 http://www.securityfocus.com/bid/106537 https://bugs.chromium.org/p/project-zero/issues/detail?id=1692 https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81 https://gitlab.freedesktop.org/polkit/polkit/merge_requests/19 https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html RedHat Security Advisories: RHSA-2019:0230 https://access.redhat.com/errata/RHSA-2019:0230 RedHat Security Advisories: RHSA-2019:0420 https://access.redhat.com/errata/RHSA-2019:0420 RedHat Security Advisories: RHSA-2019:0832 https://access.redhat.com/errata/RHSA-2019:0832 RedHat Security Advisories: RHSA-2019:2699 https://access.redhat.com/errata/RHSA-2019:2699 RedHat Security Advisories: RHSA-2019:2978 https://access.redhat.com/errata/RHSA-2019:2978 SuSE Security Announcement: openSUSE-SU-2019:1914 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00049.html https://usn.ubuntu.com/3901-1/ https://usn.ubuntu.com/3901-2/ https://usn.ubuntu.com/3903-1/ https://usn.ubuntu.com/3903-2/ https://usn.ubuntu.com/3908-1/ https://usn.ubuntu.com/3908-2/ https://usn.ubuntu.com/3910-1/ https://usn.ubuntu.com/3910-2/ https://usn.ubuntu.com/3934-1/ https://usn.ubuntu.com/3934-2/ |
Copyright | Copyright (C) 2020 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |