Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2017-0346)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2017.0346
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2017-0346)
Resumen:	The remote host is missing an update for the 'kernel-tmb' package(s) announced via the MGASA-2017-0346 advisory.
Descripción:	Summary: The remote host is missing an update for the 'kernel-tmb' package(s) announced via the MGASA-2017-0346 advisory. Vulnerability Insight: This kernel-tmb update is based on upstream 4.4.88 and fixes at least the following security issues: net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message (CVE-2017-11600). The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation (CVE-2017-12134 / XSA-229). The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory (CVE-2017-14340). The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 3.3-rc1 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (CVE-2017-1000251). For other upstream fixes in this update, read the referenced changelogs. Affected Software/OS: 'kernel-tmb' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 7.7 CVSS Vector: AV:A/AC:L/Au:S/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-1000251 BugTraq ID: 100809 http://www.securityfocus.com/bid/100809 CERT/CC vulnerability note: VU#240311 https://www.kb.cert.org/vuls/id/240311 Debian Security Information: DSA-3981 (Google Search) http://www.debian.org/security/2017/dsa-3981 https://www.exploit-db.com/exploits/42762/ https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe https://www.armis.com/blueborne RedHat Security Advisories: RHSA-2017:2679 https://access.redhat.com/errata/RHSA-2017:2679 RedHat Security Advisories: RHSA-2017:2680 https://access.redhat.com/errata/RHSA-2017:2680 RedHat Security Advisories: RHSA-2017:2681 https://access.redhat.com/errata/RHSA-2017:2681 RedHat Security Advisories: RHSA-2017:2682 https://access.redhat.com/errata/RHSA-2017:2682 RedHat Security Advisories: RHSA-2017:2683 https://access.redhat.com/errata/RHSA-2017:2683 RedHat Security Advisories: RHSA-2017:2704 https://access.redhat.com/errata/RHSA-2017:2704 RedHat Security Advisories: RHSA-2017:2705 https://access.redhat.com/errata/RHSA-2017:2705 RedHat Security Advisories: RHSA-2017:2706 https://access.redhat.com/errata/RHSA-2017:2706 RedHat Security Advisories: RHSA-2017:2707 https://access.redhat.com/errata/RHSA-2017:2707 RedHat Security Advisories: RHSA-2017:2731 https://access.redhat.com/errata/RHSA-2017:2731 RedHat Security Advisories: RHSA-2017:2732 https://access.redhat.com/errata/RHSA-2017:2732 http://www.securitytracker.com/id/1039373 Common Vulnerability Exposure (CVE) ID: CVE-2017-11600 BugTraq ID: 99928 http://www.securityfocus.com/bid/99928 http://seclists.org/bugtraq/2017/Jul/30 RedHat Security Advisories: RHSA-2018:1965 https://access.redhat.com/errata/RHSA-2018:1965 RedHat Security Advisories: RHSA-2018:2003 https://access.redhat.com/errata/RHSA-2018:2003 RedHat Security Advisories: RHSA-2019:1170 https://access.redhat.com/errata/RHSA-2019:1170 RedHat Security Advisories: RHSA-2019:1190 https://access.redhat.com/errata/RHSA-2019:1190 SuSE Security Announcement: SUSE-SU-2018:0011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html Common Vulnerability Exposure (CVE) ID: CVE-2017-12134 BugTraq ID: 100343 http://www.securityfocus.com/bid/100343 https://security.gentoo.org/glsa/201801-14 https://bugzilla.redhat.com/show_bug.cgi?id=1477656 http://www.openwall.com/lists/oss-security/2017/08/15/4 http://www.securitytracker.com/id/1039176 https://usn.ubuntu.com/3655-1/ https://usn.ubuntu.com/3655-2/ Common Vulnerability Exposure (CVE) ID: CVE-2017-14340 BugTraq ID: 100851 http://www.securityfocus.com/bid/100851 RedHat Security Advisories: RHSA-2017:2918 https://access.redhat.com/errata/RHSA-2017:2918
Copyright	Copyright (C) 2022 Greenbone AG