Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2017-0098)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2017.0098

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2017-0098)

Zusammenfassung: The remote host is missing an update for the 'kernel-tmb' package(s) announced via the MGASA-2017-0098 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'kernel-tmb' package(s) announced via the MGASA-2017-0098 advisory.

Vulnerability Insight:
This kernel-tmb update is based on upstream 4.4.59 and fixes at least
the following security issue:

The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux
kernel through 4.10.6 does not validate certain size data after an
XFRM_MSG_NEWAE update, which allows local users to obtain root privileges
or cause a denial of service (heap-based out-of-bounds access) by
leveraging the CAP_NET_ADMIN capability (CVE-2017-7184).

For other upstream fixes in this update, see the referenced changelogs.

Affected Software/OS:
'kernel-tmb' package(s) on Mageia 5.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2017-7184
BugTraq ID: 97018
http://www.securityfocus.com/bid/97018
http://www.eweek.com/security/ubuntu-linux-falls-on-day-1-of-pwn2own-hacking-competition
https://blog.trendmicro.com/results-pwn2own-2017-day-one/
https://twitter.com/thezdi/status/842126074435665920
RedHat Security Advisories: RHSA-2017:2918
https://access.redhat.com/errata/RHSA-2017:2918
RedHat Security Advisories: RHSA-2017:2930
https://access.redhat.com/errata/RHSA-2017:2930
RedHat Security Advisories: RHSA-2017:2931
https://access.redhat.com/errata/RHSA-2017:2931
RedHat Security Advisories: RHSA-2019:4159
https://access.redhat.com/errata/RHSA-2019:4159
http://www.securitytracker.com/id/1038166

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2017.0098
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2017-0098)
Zusammenfassung:	The remote host is missing an update for the 'kernel-tmb' package(s) announced via the MGASA-2017-0098 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'kernel-tmb' package(s) announced via the MGASA-2017-0098 advisory. Vulnerability Insight: This kernel-tmb update is based on upstream 4.4.59 and fixes at least the following security issue: The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability (CVE-2017-7184). For other upstream fixes in this update, see the referenced changelogs. Affected Software/OS: 'kernel-tmb' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2017-7184 BugTraq ID: 97018 http://www.securityfocus.com/bid/97018 http://www.eweek.com/security/ubuntu-linux-falls-on-day-1-of-pwn2own-hacking-competition https://blog.trendmicro.com/results-pwn2own-2017-day-one/ https://twitter.com/thezdi/status/842126074435665920 RedHat Security Advisories: RHSA-2017:2918 https://access.redhat.com/errata/RHSA-2017:2918 RedHat Security Advisories: RHSA-2017:2930 https://access.redhat.com/errata/RHSA-2017:2930 RedHat Security Advisories: RHSA-2017:2931 https://access.redhat.com/errata/RHSA-2017:2931 RedHat Security Advisories: RHSA-2019:4159 https://access.redhat.com/errata/RHSA-2019:4159 http://www.securitytracker.com/id/1038166
Copyright	Copyright (C) 2022 Greenbone AG