Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.891099 |
Kategorie: | Debian Local Security Checks |
Titel: | Debian LTS: Security Advisory for linux (DLA-1099-1) |
Zusammenfassung: | Several vulnerabilities have been discovered in the Linux kernel that;may lead to a privilege escalation, denial of service or information;leaks.;;CVE-2017-7482;;Shi Lei discovered that RxRPC Kerberos 5 ticket handling code does;not properly verify metadata, leading to information disclosure,;denial of service or potentially execution of arbitrary code.;;CVE-2017-7542;;An integer overflow vulnerability in the ip6_find_1stfragopt();function was found allowing a local attacker with privileges to open;raw sockets to cause a denial of service.;;CVE-2017-7889;;Tommi Rantala and Brad Spengler reported that the mm subsystem does;not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism,;allowing a local attacker with access to /dev/mem to obtain;sensitive information or potentially execute arbitrary code.;;Description truncated. Please see the references for more information.;;For Debian 7 'Wheezy', these problems have been fixed in version;3.2.93-1. This version also includes bug fixes from upstream versions;up to and including 3.2.93.;;For Debian 8 'Jessie', these problems have been fixed in version;3.16.43-2+deb8u4 or were fixed in an earlier version. |
Beschreibung: | Summary: Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-7482 Shi Lei discovered that RxRPC Kerberos 5 ticket handling code does not properly verify metadata, leading to information disclosure, denial of service or potentially execution of arbitrary code. CVE-2017-7542 An integer overflow vulnerability in the ip6_find_1stfragopt() function was found allowing a local attacker with privileges to open raw sockets to cause a denial of service. CVE-2017-7889 Tommi Rantala and Brad Spengler reported that the mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, allowing a local attacker with access to /dev/mem to obtain sensitive information or potentially execute arbitrary code. Description truncated. Please see the references for more information. For Debian 7 'Wheezy', these problems have been fixed in version 3.2.93-1. This version also includes bug fixes from upstream versions up to and including 3.2.93. For Debian 8 'Jessie', these problems have been fixed in version 3.16.43-2+deb8u4 or were fixed in an earlier version. Affected Software/OS: linux on Debian Linux Solution: For Debian 7 'Wheezy', these problems have been fixed in version 3.2.93-1. This version also includes bug fixes from upstream versions up to and including 3.2.93. For Debian 8 'Jessie', these problems have been fixed in version 3.16.43-2+deb8u4 or were fixed in an earlier version. For Debian 9 'Stretch', these problems have been fixed in version 4.9.30-2+deb9u4 or were fixed in an earlier version. We recommend that you upgrade your linux packages. CVSS Score: 7.7 CVSS Vector: AV:A/AC:L/Au:S/C:C/I:C/A:C |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2017-7482 BugTraq ID: 99299 http://www.securityfocus.com/bid/99299 Debian Security Information: DSA-3927 (Google Search) https://www.debian.org/security/2017/dsa-3927 Debian Security Information: DSA-3945 (Google Search) https://www.debian.org/security/2017/dsa-3945 http://seclists.org/oss-sec/2017/q2/602 RedHat Security Advisories: RHSA-2019:0641 https://access.redhat.com/errata/RHSA-2019:0641 http://www.securitytracker.com/id/1038787 Common Vulnerability Exposure (CVE) ID: CVE-2017-7542 BugTraq ID: 99953 http://www.securityfocus.com/bid/99953 http://www.debian.org/security/2017/dsa-3927 http://www.debian.org/security/2017/dsa-3945 RedHat Security Advisories: RHSA-2017:2918 https://access.redhat.com/errata/RHSA-2017:2918 RedHat Security Advisories: RHSA-2017:2930 https://access.redhat.com/errata/RHSA-2017:2930 RedHat Security Advisories: RHSA-2017:2931 https://access.redhat.com/errata/RHSA-2017:2931 RedHat Security Advisories: RHSA-2018:0169 https://access.redhat.com/errata/RHSA-2018:0169 https://usn.ubuntu.com/3583-1/ https://usn.ubuntu.com/3583-2/ Common Vulnerability Exposure (CVE) ID: CVE-2017-7889 BugTraq ID: 97690 http://www.securityfocus.com/bid/97690 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a4866aa812518ed1a37d8ea0c881dc946409de94 http://www.openwall.com/lists/oss-security/2017/04/16/4 https://github.com/torvalds/linux/commit/a4866aa812518ed1a37d8ea0c881dc946409de94 RedHat Security Advisories: RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:1842 RedHat Security Advisories: RHSA-2017:2077 https://access.redhat.com/errata/RHSA-2017:2077 RedHat Security Advisories: RHSA-2017:2669 https://access.redhat.com/errata/RHSA-2017:2669 RedHat Security Advisories: RHSA-2018:1854 https://access.redhat.com/errata/RHSA-2018:1854 |
Copyright | Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |