Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2019.0120
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2019-0120)
Zusammenfassung:	The remote host is missing an update for the 'kernel, kernel-userspace-headers, kmod-vboxadditions, kmod-virtualbox, kmod-xtables-addons, wireguard-tools' package(s) announced via the MGASA-2019-0120 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'kernel, kernel-userspace-headers, kmod-vboxadditions, kmod-virtualbox, kmod-xtables-addons, wireguard-tools' package(s) announced via the MGASA-2019-0120 advisory. Vulnerability Insight: This kernel update is based on the upstream 4.14.106 and fixes at least the following security issue: In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (CVE-2019-9213). It also adds a preparatory fix for Skylake systems that will receive a microcode update at a later date to address a TSX errata. WireGuard has been updated to 0.0.20190227. For other uptstream fixes in this update, see the referenced changelogs. Affected Software/OS: 'kernel, kernel-userspace-headers, kmod-vboxadditions, kmod-virtualbox, kmod-xtables-addons, wireguard-tools' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 4.9 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2019-9213 BugTraq ID: 107296 http://www.securityfocus.com/bid/107296 https://www.exploit-db.com/exploits/46502/ http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0a1d52994d440e21def1c2174932410b4f2a98a1 http://packetstormsecurity.com/files/156053/Reliable-Datagram-Sockets-RDS-rds_atomic_free_op-Privilege-Escalation.html https://bugs.chromium.org/p/project-zero/issues/detail?id=1792 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.105 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.27 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.14 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.162 https://github.com/torvalds/linux/commit/0a1d52994d440e21def1c2174932410b4f2a98a1 https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html RedHat Security Advisories: RHSA-2019:0831 https://access.redhat.com/errata/RHSA-2019:0831 RedHat Security Advisories: RHSA-2019:1479 https://access.redhat.com/errata/RHSA-2019:1479 RedHat Security Advisories: RHSA-2019:1480 https://access.redhat.com/errata/RHSA-2019:1480 SuSE Security Announcement: openSUSE-SU-2019:1085 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00045.html SuSE Security Announcement: openSUSE-SU-2019:1193 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00052.html https://usn.ubuntu.com/3930-1/ https://usn.ubuntu.com/3930-2/ https://usn.ubuntu.com/3931-1/ https://usn.ubuntu.com/3931-2/ https://usn.ubuntu.com/3932-1/ https://usn.ubuntu.com/3932-2/ https://usn.ubuntu.com/3933-1/ https://usn.ubuntu.com/3933-2/
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.