English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.1.10.2021.0489
Categoría:Mageia Linux Local Security Checks
Título:Mageia: Security Advisory (MGASA-2021-0489)
Resumen:The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2021-0489 advisory.
Descripción:Summary:
The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2021-0489 advisory.

Vulnerability Insight:
This kernel update is based on upstream 5.10.75 and fixes at least the
following security issues:

A memory leak in the ccp_run_aes_gcm_cmd() function in drivers/crypto/
ccp/ccp-ops.c in the Linux kernel allows malicious users to cause a
denial of service (memory consumption) (CVE-2021-3744).

A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd()
function that allows an malicious user to cause a denial of service
(CVE-2021-3764).

A race condition accessing file object in the Linux kernel OverlayFS
subsystem was found in the way users do rename in specific way with
OverlayFS. A local user could use this flaw to crash the system
(CVE-2021-20321).

prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel
through 5.14.9 allows unprivileged users to trigger an eBPF multiplication
integer overflow with a resultant out-of-bounds write (CVE-2021-41864).

For other upstream fixes, see the referenced changelogs.

Affected Software/OS:
'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
4.7

CVSS Vector:
AV:L/AC:M/Au:N/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2021-20321
Debian Security Information: DSA-5096 (Google Search)
https://www.debian.org/security/2022/dsa-5096
https://bugzilla.redhat.com/show_bug.cgi?id=2013242
https://lore.kernel.org/all/20211011134508.748956131@linuxfoundation.org/
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
Common Vulnerability Exposure (CVE) ID: CVE-2021-3744
DSA-5096
FEDORA-2021-79cbbefebe
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYKURLXBB2555ASWMPDNMBUPD6AG2JKQ/
FEDORA-2021-9dd76a1ed0
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAT3RERO6QBKSPJBNNRWY3D4NCGTFOS7/
FEDORA-2021-ffda3d6fa1
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7BLLVKYAIETEORUPTFO3TR3C33ZPFXQM/
[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update
[oss-security] 20210914 Disclosure: CVE-2021-3744: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
http://www.openwall.com/lists/oss-security/2021/09/14/1
https://bugzilla.redhat.com/show_bug.cgi?id=2000627
https://github.com/torvalds/linux/commit/505d9dcb0f7ddf9d075e729523a33d38642ae680
https://kernel.googlesource.com/pub/scm/linux/kernel/git/herbert/crypto-2.6/+/505d9dcb0f7ddf9d075e729523a33d38642ae680%5E%21/#F0
https://seclists.org/oss-sec/2021/q3/164
https://www.oracle.com/security-alerts/cpujul2022.html
Common Vulnerability Exposure (CVE) ID: CVE-2021-3764
https://access.redhat.com/security/cve/CVE-2021-3764
https://bugzilla.redhat.com/show_bug.cgi?id=1997467
https://security-tracker.debian.org/tracker/CVE-2021-3764
Common Vulnerability Exposure (CVE) ID: CVE-2021-41864
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYKURLXBB2555ASWMPDNMBUPD6AG2JKQ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LAT3RERO6QBKSPJBNNRWY3D4NCGTFOS7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7BLLVKYAIETEORUPTFO3TR3C33ZPFXQM/
https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=30e29a9a2bc6a4888335a6ede968b75cd329657a
https://github.com/torvalds/linux/commit/30e29a9a2bc6a4888335a6ede968b75cd329657a
https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
CopyrightCopyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.