Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2017-0234)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2017.0234

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2017-0234)

Resumen: The remote host is missing an update for the 'kernel, kernel-userspace-headers, kmod-vboxadditions, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2017-0234 advisory.

Descripción: Summary:
The remote host is missing an update for the 'kernel, kernel-userspace-headers, kmod-vboxadditions, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2017-0234 advisory.

Vulnerability Insight:
This kernel update is based on upstream 4.9.40 and fixes at least the
following security issues:

Linux kernel built with the VirtIO GPU driver(CONFIG_DRM_VIRTIO_GPU) support
is vulnerable to a memory leakage issue. It could occur while creating a
virtio gpu object in virtio_gpu_object_create(). A user/process could use
this flaw to leak host kernel memory potentially resulting in Dos
(CVE-2017-10810).

It also contains followup fixes to the Stack Clash (CVE-2017-1000370,
CVE-2017-1000371) security issues resolved in kernels released at end
of June, 2017.

Other Mageia kernel specific fixes in this updates:
- enable support for NFS4_1 and NFS4_2 (mga#21182)
- ALSA: hda/realtek - New codecs support for ALC215/ALC285/ALC289
- ALSA: hda/realtek - New codec device ID for ALC1220
- platform/x86: asus-nb-wmi: Add wapf4 quirk for the X302UA (mga#18756)

For other upstream fixes in this update, read the referenced changelogs.

Affected Software/OS:
'kernel, kernel-userspace-headers, kmod-vboxadditions, kmod-virtualbox, kmod-xtables-addons' package(s) on Mageia 6.

Solution:
Please install the updated package(s).

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-10810
BugTraq ID: 99433
http://www.securityfocus.com/bid/99433
Debian Security Information: DSA-3927 (Google Search)
http://www.debian.org/security/2017/dsa-3927

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2017.0234
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2017-0234)
Resumen:	The remote host is missing an update for the 'kernel, kernel-userspace-headers, kmod-vboxadditions, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2017-0234 advisory.
Descripción:	Summary: The remote host is missing an update for the 'kernel, kernel-userspace-headers, kmod-vboxadditions, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2017-0234 advisory. Vulnerability Insight: This kernel update is based on upstream 4.9.40 and fixes at least the following security issues: Linux kernel built with the VirtIO GPU driver(CONFIG_DRM_VIRTIO_GPU) support is vulnerable to a memory leakage issue. It could occur while creating a virtio gpu object in virtio_gpu_object_create(). A user/process could use this flaw to leak host kernel memory potentially resulting in Dos (CVE-2017-10810). It also contains followup fixes to the Stack Clash (CVE-2017-1000370, CVE-2017-1000371) security issues resolved in kernels released at end of June, 2017. Other Mageia kernel specific fixes in this updates: - enable support for NFS4_1 and NFS4_2 (mga#21182) - ALSA: hda/realtek - New codecs support for ALC215/ALC285/ALC289 - ALSA: hda/realtek - New codec device ID for ALC1220 - platform/x86: asus-nb-wmi: Add wapf4 quirk for the X302UA (mga#18756) For other upstream fixes in this update, read the referenced changelogs. Affected Software/OS: 'kernel, kernel-userspace-headers, kmod-vboxadditions, kmod-virtualbox, kmod-xtables-addons' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-10810 BugTraq ID: 99433 http://www.securityfocus.com/bid/99433 Debian Security Information: DSA-3927 (Google Search) http://www.debian.org/security/2017/dsa-3927
Copyright	Copyright (C) 2022 Greenbone AG