English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 145615 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.10.2017.0388
Kategorie:Mageia Linux Local Security Checks
Titel:Mageia: Security Advisory (MGASA-2017-0388)
Zusammenfassung:The remote host is missing an update for the 'kernel-tmb' package(s) announced via the MGASA-2017-0388 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'kernel-tmb' package(s) announced via the MGASA-2017-0388 advisory.

Vulnerability Insight:
This kernel-tmb update is based on upstream 4.4.92 and fixes at least the
following security issues:

A security flaw was discovered in nl80211_set_rekey_data() function in the
Linux kernel since v3.1-rc1 through v4.13. This function does not check
whether the required attributes are present in a netlink request. This
request can be issued by a user with CAP_NET_ADMIN privilege and may result
in NULL dereference and a system crash (CVE-2017-12153).

Linux kernel built with the KVM visualization support (CONFIG_KVM), with
nested visualization (nVMX) feature enabled (nested=1), is vulnerable to a
crash due to disabled external interrupts. As L2 guest could acce s (r/w)
hardware CR8 register of the host(L0). In a nested visualization setup,
L2 guest user could use this flaw to potentially crash the host(L0)
resulting in DoS (CVE-2017-12154).

The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before
4.12 allows local users to cause a denial of service (__tcp_select_window
divide-by-zero error and system crash) by triggering a disconnect within a
certain tcp_recvmsg code path (CVE-2017-14106).

The atyfb_ioctl function in drivers/video/fbdev/aty/atyfb_base.c in the
Linux kernel through 4.12.10 does not initialize a certain data structure,
which allows local users to obtain sensitive information from kernel stack
memory by reading locations associated with padding bytes (CVE-2017-14156).

It was found that the iscsi_if_rx() function in scsi_transport_iscsi.c in
the Linux kernel since v2.6.24-rc1 through 4.13.2 allows local users to
cause a denial of service (a system panic) by making a number of certain
syscalls by leveraging incorrect length validation in the kernel code
(CVE-2017-14489).

The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4
allows local users to obtain sensitive information from uninitialized kernel
heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0
(CVE-2017-14991).

A reachable assertion failure flaw was found in the Linux kernel built with
KVM virtualisation(CONFIG_KVM) support with Virtual Function I/O feature
(CONFIG_VFIO) enabled. This failure could occur if a malicious guest device
sent a virtual interrupt (guest IRQ) with a larger (>1024) index value
(CVE-2017-1000252).

For other upstream fixes in this update, read the referenced changelogs.

Affected Software/OS:
'kernel-tmb' package(s) on Mageia 5.

Solution:
Please install the updated package(s).

CVSS Score:
4.9

CVSS Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2017-1000252
BugTraq ID: 101022
http://www.securityfocus.com/bid/101022
Debian Security Information: DSA-3981 (Google Search)
http://www.debian.org/security/2017/dsa-3981
RedHat Security Advisories: RHSA-2018:0676
https://access.redhat.com/errata/RHSA-2018:0676
RedHat Security Advisories: RHSA-2018:1062
https://access.redhat.com/errata/RHSA-2018:1062
RedHat Security Advisories: RHSA-2018:1130
https://access.redhat.com/errata/RHSA-2018:1130
Common Vulnerability Exposure (CVE) ID: CVE-2017-12153
100855
http://www.securityfocus.com/bid/100855
DSA-3981
USN-3583-1
https://usn.ubuntu.com/3583-1/
USN-3583-2
https://usn.ubuntu.com/3583-2/
http://seclists.org/oss-sec/2017/q3/437
https://bugzilla.novell.com/show_bug.cgi?id=1058410
https://bugzilla.redhat.com/show_bug.cgi?id=1491046
https://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211.git/commit/?id=e785fa0a164aa11001cba931367c7f94ffaff888
https://marc.info/?t=150525503100001&r=1&w=2
Common Vulnerability Exposure (CVE) ID: CVE-2017-12154
100856
http://www.securityfocus.com/bid/100856
RHSA-2018:0676
RHSA-2018:1062
RHSA-2019:1946
https://access.redhat.com/errata/RHSA-2019:1946
USN-3698-1
https://usn.ubuntu.com/3698-1/
USN-3698-2
https://usn.ubuntu.com/3698-2/
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51aa68e7d57e3217192d88ce90fd5b8ef29ec94f
https://bugzilla.redhat.com/show_bug.cgi?id=1491224
https://github.com/torvalds/linux/commit/51aa68e7d57e3217192d88ce90fd5b8ef29ec94f
https://www.spinics.net/lists/kvm/msg155414.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-14106
BugTraq ID: 100878
http://www.securityfocus.com/bid/100878
RedHat Security Advisories: RHSA-2017:2918
https://access.redhat.com/errata/RHSA-2017:2918
RedHat Security Advisories: RHSA-2017:2930
https://access.redhat.com/errata/RHSA-2017:2930
RedHat Security Advisories: RHSA-2017:2931
https://access.redhat.com/errata/RHSA-2017:2931
RedHat Security Advisories: RHSA-2017:3200
https://access.redhat.com/errata/RHSA-2017:3200
RedHat Security Advisories: RHSA-2018:2172
https://access.redhat.com/errata/RHSA-2018:2172
http://www.securitytracker.com/id/1039549
SuSE Security Announcement: SUSE-SU-2018:0011 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-14156
BugTraq ID: 100634
http://www.securityfocus.com/bid/100634
https://github.com/torvalds/linux/pull/441
https://marc.info/?l=linux-kernel&m=150401461613306&w=2
https://marc.info/?l=linux-kernel&m=150453196710422&w=2
Common Vulnerability Exposure (CVE) ID: CVE-2017-14489
BugTraq ID: 101011
http://www.securityfocus.com/bid/101011
https://www.exploit-db.com/exploits/42932/
Common Vulnerability Exposure (CVE) ID: CVE-2017-14991
BugTraq ID: 101187
http://www.securityfocus.com/bid/101187
https://usn.ubuntu.com/3754-1/
CopyrightCopyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.