 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.1.10.2020.0183 |
| Categoría: | Mageia Linux Local Security Checks |
| Título: | Mageia: Security Advisory (MGASA-2020-0183) |
| Resumen: | The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons, ldetect-lst, xtables-addons' package(s) announced via the MGASA-2020-0183 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons, ldetect-lst, xtables-addons' package(s) announced via the MGASA-2020-0183 advisory. Vulnerability Insight: This provides an update to kernel 5.6 series, currently based on upstream 5.6.6 adding support for new hardware and features, and fixes at least the following security issues: In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c (CVE-2019-19377). An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL (CVE-2020-11494). An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing (CVE-2020-11565). An issue was discovered in the Linux kernel before 5.6.1. drivers/media/ usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints (CVE-2020-11608). An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/ usb/gspca/stv06xx/stv06xx_pb0100.c mishandle invalid descriptors, as demonstrated by a NULL pointer dereference (CVE-2020-11609). In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors (CVE-2020-11668). xtables-addons has been updated to 4.9 for kernel 5.6 series support. For other fixes and changes in this update, see the refenced changelogs. Affected Software/OS: 'kernel, kmod-virtualbox, kmod-xtables-addons, ldetect-lst, xtables-addons' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2019-19377 https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19377 https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html https://usn.ubuntu.com/4367-1/ https://usn.ubuntu.com/4369-1/ https://usn.ubuntu.com/4414-1/ Common Vulnerability Exposure (CVE) ID: CVE-2020-11494 Debian Security Information: DSA-4698 (Google Search) https://www.debian.org/security/2020/dsa-4698 http://packetstormsecurity.com/files/159565/Kernel-Live-Patch-Security-Notice-LSN-0072-1.html https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=08fadc32ce6239dc75fd5e869590e29bc62bbc28 https://github.com/torvalds/linux/commit/b9258a2cece4ec1f020715fe3554bc2e360f6264 https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html SuSE Security Announcement: openSUSE-SU-2020:0543 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html https://usn.ubuntu.com/4363-1/ https://usn.ubuntu.com/4364-1/ https://usn.ubuntu.com/4368-1/ Common Vulnerability Exposure (CVE) ID: CVE-2020-11565 Debian Security Information: DSA-4667 (Google Search) https://www.debian.org/security/2020/dsa-4667 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd https://github.com/torvalds/linux/commit/aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd Common Vulnerability Exposure (CVE) ID: CVE-2020-11608 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.1 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=998912346c0da53a6dbb71fab3a138586b596b30 https://github.com/torvalds/linux/commit/998912346c0da53a6dbb71fab3a138586b596b30 SuSE Security Announcement: openSUSE-SU-2020:0801 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html https://usn.ubuntu.com/4345-1/ Common Vulnerability Exposure (CVE) ID: CVE-2020-11609 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=485b06aadb933190f4bc44e006076bc27a23f205 https://github.com/torvalds/linux/commit/485b06aadb933190f4bc44e006076bc27a23f205 Common Vulnerability Exposure (CVE) ID: CVE-2020-11668 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a246b4d547708f33ff4d4b9a7a5dbac741dc89d8 https://github.com/torvalds/linux/commit/a246b4d547708f33ff4d4b9a7a5dbac741dc89d8 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |