 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.1.10.2021.0224 |
| Categoría: | Mageia Linux Local Security Checks |
| Título: | Mageia: Security Advisory (MGASA-2021-0224) |
| Resumen: | The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2021-0224 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2021-0224 advisory. Vulnerability Insight: This kernel update is based on upstream 5.10.41 and fixes at least the following security issues: A double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system (CVE-2021-3564). kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit (CVE-2021-33200). Other fixes in this update: - proc: Check /proc/$pid/attr/ writes against file opener For other upstream fixes, see the referenced changelogs. Affected Software/OS: 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) on Mageia 7, Mageia 8. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2021-33200 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJCABL43FT3FKRX5DBPZG25FNKR6CEK4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LR3OKKPHIBGOMHN476CMLW2T7UG53QX/ https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3d0220f6861d713213b015b582e9f21e5b28d2e0 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a7036191277f9fa68d92f2071ddc38c09b1e5ee5 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bb01a1bba579b4b1c5566af24d95f1767859771e https://www.openwall.com/lists/oss-security/2021/05/27/1 Common Vulnerability Exposure (CVE) ID: CVE-2021-3564 [debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html [debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html [oss-security] 20210525 CVE-2021-3564 Linux Bluetooth device initialization implementation bug http://www.openwall.com/lists/oss-security/2021/05/25/1 [oss-security] 20210601 Re: CVE-2021-3564 Linux Bluetooth device initialization implementation bug http://www.openwall.com/lists/oss-security/2021/06/01/2 https://bugzilla.redhat.com/show_bug.cgi?id=1964139 https://www.openwall.com/lists/oss-security/2021/05/25/1 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |