Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2021.0419
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2021-0419)
Zusammenfassung:	The remote host is missing an update for the 'kernel-linus' package(s) announced via the MGASA-2021-0419 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'kernel-linus' package(s) announced via the MGASA-2021-0419 advisory. Vulnerability Insight: This kernel-linus update is based on upstream 5.10.62 and fixes at least the following security issues: Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic in ath9k (CVE-2020-3702). A process with CAP_SYS_ADMIN can cause a kernel NULL pointer dereference in btrfs code (CVE-2021-3739). there is an out-of-bound read bug in qrtr_endpoint_post in net/qrtr/qrtr.c (CVE-2021-3743). An out-of-bounds read due to a race condition has been found in the Linux kernel due to write access to vc_mode is not protected by a lock in vt_ioctl (KDSETMDE) (CVE-2021-3753). For other upstream fixes, see the referenced changelogs. Affected Software/OS: 'kernel-linus' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 3.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2020-3702 https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin Debian Security Information: DSA-4978 (Google Search) https://www.debian.org/security/2021/dsa-4978 https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html Common Vulnerability Exposure (CVE) ID: CVE-2021-3739 https://bugzilla.redhat.com/show_bug.cgi?id=1997958 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e4571b8c5e9ffa1e85c0c671995bd4dcc5c75091 https://github.com/torvalds/linux/commit/e4571b8c5e9ffa1e85c0c671995bd4dcc5c75091 https://security.netapp.com/advisory/ntap-20220407-0006/ https://ubuntu.com/security/CVE-2021-3739 https://www.openwall.com/lists/oss-security/2021/08/25/3 Common Vulnerability Exposure (CVE) ID: CVE-2021-3743 https://bugzilla.redhat.com/show_bug.cgi?id=1997961 https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=7e78c597c3eb https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7e78c597c3ebfd0cb329aa09a838734147e4f117 https://github.com/torvalds/linux/commit/7e78c597c3ebfd0cb329aa09a838734147e4f117 https://lists.openwall.net/netdev/2021/08/17/124 https://security.netapp.com/advisory/ntap-20220407-0007/ https://www.openwall.com/lists/oss-security/2021/08/27/2 https://www.oracle.com/security-alerts/cpujul2022.html Common Vulnerability Exposure (CVE) ID: CVE-2021-3753 https://bugzilla.redhat.com/show_bug.cgi?id=1999589 https://github.com/torvalds/linux/commit/2287a51ba822384834dafc1c798453375d1107c7 https://www.openwall.com/lists/oss-security/2021/09/01/4
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.