ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2018.0296
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2018-0296)
Resumen:	The remote host is missing an update for the 'kernel, kernel-userspace-headers, kmod-vboxadditions, kmod-virtualbox, kmod-xtables-addons, wireguard-tools' package(s) announced via the MGASA-2018-0296 advisory.
Descripción:	Summary: The remote host is missing an update for the 'kernel, kernel-userspace-headers, kmod-vboxadditions, kmod-virtualbox, kmod-xtables-addons, wireguard-tools' package(s) announced via the MGASA-2018-0296 advisory. Vulnerability Insight: This kernel update is based on the upstream 4.14.50 and fixes at least the following security issues: In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands (CVE-2018-6412). The kvm functions that were used in the emulation of fxrstor, fxsave, sgdt and sidt were originally meant for task switching, and as such they did not check privilege levels. This allowed guest userspace to guest kernel write (CVE-2018-10853). In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial of service attacks due to lack of checking of CPL (CVE-2018-12904). WireGuard has been updated to 0.0.20180613. For other fixes in this update, see the referenced changelogs. Affected Software/OS: 'kernel, kernel-userspace-headers, kmod-vboxadditions, kmod-virtualbox, kmod-xtables-addons, wireguard-tools' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-10853 https://www.openwall.com/lists/oss-security/2018/09/02/1 https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html RedHat Security Advisories: RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2029 RedHat Security Advisories: RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2019:2043 RedHat Security Advisories: RHSA-2020:0036 https://access.redhat.com/errata/RHSA-2020:0036 RedHat Security Advisories: RHSA-2020:0103 https://access.redhat.com/errata/RHSA-2020:0103 RedHat Security Advisories: RHSA-2020:0179 https://access.redhat.com/errata/RHSA-2020:0179 SuSE Security Announcement: openSUSE-SU-2019:1407 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html https://usn.ubuntu.com/3777-1/ https://usn.ubuntu.com/3777-2/ Common Vulnerability Exposure (CVE) ID: CVE-2018-12904 https://www.exploit-db.com/exploits/44944/ http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=727ba748e110b4de50d142edca9d6a9b7e6111d8 https://bugs.chromium.org/p/project-zero/issues/detail?id=1589 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.2 https://github.com/torvalds/linux/commit/727ba748e110b4de50d142edca9d6a9b7e6111d8 https://usn.ubuntu.com/3752-1/ https://usn.ubuntu.com/3752-2/ https://usn.ubuntu.com/3752-3/ Common Vulnerability Exposure (CVE) ID: CVE-2018-6412 https://marc.info/?l=linux-fbdev&m=151734425901499&w=2
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.