ID de Prueba:	1.3.6.1.4.1.25623.1.0.883263
Categoría:	CentOS Local Security Checks
Título:	CentOS: Security Advisory for bpftool (CESA-2020:3220)
Resumen:	The remote host is missing an update for the 'bpftool'; package(s) announced via the CESA-2020:3220 advisory.
Descripción:	Summary: The remote host is missing an update for the 'bpftool' package(s) announced via the CESA-2020:3220 advisory. Vulnerability Insight: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: kernel: DAX hugepages not considered during mremap (CVE-2020-10757) * kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c (CVE-2020-12653) * kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in drivers/net/wireless/marvell/mwifiex/wmm.c (CVE-2020-12654) * kernel: use-after-free caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver (CVE-2019-19527) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * RHEL7.7 - scsi: ibmvfc: Avoid loss of all paths during SVC node reboot (BZ#1830889) * [DELL EMC 7.8 BUG bnxt_en] Error messages related to hwrm observed for BCM 57504 under dmesg in RHEL 7.8 (BZ#1834190) * kernel: provide infrastructure to support dual-signing of the kernel (foundation to help address CVE-2020-10713) (BZ#1837429) * RHEL7.7 - Request: retrofit kernel commit f82b4b6 to RHEL 7.7/7.8 3.10 kernels. (BZ#1838602) * kipmi thread high CPU consumption when performing BMC firmware upgrade (BZ#1841825) * RHEL7.7 - virtio-blk: fix hw_queue stopped on arbitrary error (kvm) (BZ#1842994) * rhel 7 infinite blocked waiting on inode_dio_wait in nfs (BZ#1845520) * http request is taking more time for endpoint running on different host via nodeport service (BZ#1847333) * ext4: change LRU to round-robin in extent status tree shrinker (BZ#1847343) * libaio is returning duplicate events (BZ#1850055) * After upgrade to 3.9.89 pod containers with CPU limits fail to start due to cgroup error (BZ#1850500) * Fix dpdk regression introduced by bz1837297 (BZ#1852245) Affected Software/OS: 'bpftool' package(s) on CentOS 7. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-19527 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.10 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6d4472d7bec39917b54e4e80245784ea5d60ce49 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9c09b214f30e3c11f9b0b03f89442df03643794d https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html http://www.openwall.com/lists/oss-security/2019/12/03/4 SuSE Security Announcement: openSUSE-SU-2020:0336 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html Common Vulnerability Exposure (CVE) ID: CVE-2020-10757 DSA-4698 https://www.debian.org/security/2020/dsa-4698 DSA-4699 https://www.debian.org/security/2020/dsa-4699 FEDORA-2020-203ffedeb5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IEM47BXZJLODRH5YNNZSAQ2NVM63MYMC/ Red Hat https://bugzilla.redhat.com/show_bug.cgi?id=1842525 USN-4426-1 https://usn.ubuntu.com/4426-1/ USN-4439-1 https://usn.ubuntu.com/4439-1/ USN-4440-1 https://usn.ubuntu.com/4440-1/ USN-4483-1 https://usn.ubuntu.com/4483-1/ [debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5bfea2d9b17f1034a68147a8b03b9789af5700f9 https://security.netapp.com/advisory/ntap-20200702-0004/ https://www.openwall.com/lists/oss-security/2020/06/04/4 openSUSE-SU-2020:0801 http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html Common Vulnerability Exposure (CVE) ID: CVE-2020-12653 Debian Security Information: DSA-4698 (Google Search) https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d https://github.com/torvalds/linux/commit/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html http://www.openwall.com/lists/oss-security/2020/05/08/2 SuSE Security Announcement: openSUSE-SU-2020:0801 (Google Search) Common Vulnerability Exposure (CVE) ID: CVE-2020-12654 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3a9b153c5591548612c3955c9600a98150c81875 https://github.com/torvalds/linux/commit/3a9b153c5591548612c3955c9600a98150c81875 https://usn.ubuntu.com/4392-1/ https://usn.ubuntu.com/4393-1/ Common Vulnerability Exposure (CVE) ID: CVE-2020-10713 CERT/CC vulnerability note: VU#174059 https://www.kb.cert.org/vuls/id/174059 Cisco Security Advisory: 20200804 GRUB2 Arbitrary Code Execution Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-grub2-code-exec-xLePCAPY Debian Security Information: DSA-4735 (Google Search) https://www.debian.org/security/2020/dsa-4735 https://security.gentoo.org/glsa/202104-05 https://cve.openeuler.org/#/CVEInfo/CVE-2020-10713 https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/ https://kb.vmware.com/s/article/80181 https://bugzilla.redhat.com/show_bug.cgi?id=1825243 http://www.openwall.com/lists/oss-security/2020/07/29/3 SuSE Security Announcement: openSUSE-SU-2020:1168 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html SuSE Security Announcement: openSUSE-SU-2020:1169 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html https://usn.ubuntu.com/4432-1/
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.