 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.1.10.2021.0224 |
| Kategorie: | Mageia Linux Local Security Checks |
| Titel: | Mageia: Security Advisory (MGASA-2021-0224) |
| Zusammenfassung: | The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2021-0224 advisory. |
| Beschreibung: | Summary: The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2021-0224 advisory. Vulnerability Insight: This kernel update is based on upstream 5.10.41 and fixes at least the following security issues: A double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system (CVE-2021-3564). kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit (CVE-2021-33200). Other fixes in this update: - proc: Check /proc/$pid/attr/ writes against file opener For other upstream fixes, see the referenced changelogs. Affected Software/OS: 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) on Mageia 7, Mageia 8. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2021-33200 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJCABL43FT3FKRX5DBPZG25FNKR6CEK4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LR3OKKPHIBGOMHN476CMLW2T7UG53QX/ https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3d0220f6861d713213b015b582e9f21e5b28d2e0 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a7036191277f9fa68d92f2071ddc38c09b1e5ee5 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bb01a1bba579b4b1c5566af24d95f1767859771e https://www.openwall.com/lists/oss-security/2021/05/27/1 Common Vulnerability Exposure (CVE) ID: CVE-2021-3564 [debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html [debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html [oss-security] 20210525 CVE-2021-3564 Linux Bluetooth device initialization implementation bug http://www.openwall.com/lists/oss-security/2021/05/25/1 [oss-security] 20210601 Re: CVE-2021-3564 Linux Bluetooth device initialization implementation bug http://www.openwall.com/lists/oss-security/2021/06/01/2 https://bugzilla.redhat.com/show_bug.cgi?id=1964139 https://www.openwall.com/lists/oss-security/2021/05/25/1 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |