CentOS Local Security Checks : CentOS: Security Advisory for bpftool (CESA-2020:0839)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.883210

Categoría: CentOS Local Security Checks

Título: CentOS: Security Advisory for bpftool (CESA-2020:0839)

Resumen: The remote host is missing an update for the 'bpftool'; package(s) announced via the CESA-2020:0839 advisory.

Descripción: Summary:
The remote host is missing an update for the 'bpftool'
package(s) announced via the CESA-2020:0839 advisory.

Vulnerability Insight:
The kernel-rt packages provide the Real Time Linux Kernel, which enables
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: Count overflow in FUSE request leading to use-after-free issues.
(CVE-2019-11487)

* kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in
the Linux kernel lacks a certain upper-bound check, leading to a buffer
overflow (CVE-2019-17666)

* Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA
(CVE-2019-11135) (CVE-2019-19338)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* kernel-rt: update to the RHEL7.7.z batch#5 source tree (BZ#1794131)

The system must be rebooted for this update to take effect.

1703063 - CVE-2019-11487 kernel: Count overflow in FUSE request leading to use-after-free issues.
1763690 - CVE-2019-17666 kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow
1781514 - CVE-2019-19338 Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135)

Description truncated. Please see the references for more information.

Affected Software/OS:
'bpftool' package(s) on CentOS 7.

Solution:
Please install the updated package(s).

CVSS Score:
8.3

CVSS Vector:
AV:A/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2019-11487
Common Vulnerability Exposure (CVE) ID: CVE-2019-17666
Common Vulnerability Exposure (CVE) ID: CVE-2019-19338
Common Vulnerability Exposure (CVE) ID: CVE-2019-11135

Copyright Copyright (C) 2020 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.883210
Categoría:	CentOS Local Security Checks
Título:	CentOS: Security Advisory for bpftool (CESA-2020:0839)
Resumen:	The remote host is missing an update for the 'bpftool'; package(s) announced via the CESA-2020:0839 advisory.
Descripción:	Summary: The remote host is missing an update for the 'bpftool' package(s) announced via the CESA-2020:0839 advisory. Vulnerability Insight: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: Count overflow in FUSE request leading to use-after-free issues. (CVE-2019-11487) * kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) * Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) (CVE-2019-19338) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update to the RHEL7.7.z batch#5 source tree (BZ#1794131) The system must be rebooted for this update to take effect. 1703063 - CVE-2019-11487 kernel: Count overflow in FUSE request leading to use-after-free issues. 1763690 - CVE-2019-17666 kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow 1781514 - CVE-2019-19338 Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) Description truncated. Please see the references for more information. Affected Software/OS: 'bpftool' package(s) on CentOS 7. Solution: Please install the updated package(s). CVSS Score: 8.3 CVSS Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-11487 Common Vulnerability Exposure (CVE) ID: CVE-2019-17666 Common Vulnerability Exposure (CVE) ID: CVE-2019-19338 Common Vulnerability Exposure (CVE) ID: CVE-2019-11135
Copyright	Copyright (C) 2020 Greenbone Networks GmbH