English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.1.10.2023.0237
Categoría:Mageia Linux Local Security Checks
Título:Mageia: Security Advisory (MGASA-2023-0237)
Resumen:The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2023-0237 advisory.
Descripción:Summary:
The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2023-0237 advisory.

Vulnerability Insight:
This kernel update is based on upstream 5.15.120 and fixes at least
the following security issues:

A flaw null pointer dereference in the Linux kernel DECnet networking
protocol was found. A remote user could use this flaw to crash the
system. This is fixed by removing DECnet support (CVE-2023-3338).

A use-after-free vulnerability was found in the Linux kernel's netfilter
subsystem in net/netfilter/nf_tables_api.c. Mishandled error handling with
NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same
transaction causing a use-after-free vulnerability. This flaw allows a
local attacker with user access to cause a privilege escalation issue
(CVE-2023-3390).

Linux Kernel nftables Use-After-Free Local Privilege Escalation
Vulnerability, nft_chain_lookup_byid() failed to check whether a chain
was active and CAP_NET_ADMIN is in any user or network namespace
(CVE-2023-31248).

Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability,
nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN
is in any user or network namespace (CVE-2023-35001).

NOTE!!
This kernel also contains a fix for dkms builds hanging / stalling during
upgrade to Mageia 9 (mga#31982) due to the new make 4.4 series utility
ending up in a loop processing Makefile in kernel-devel packages.
So if you use dkms packaged drivers, you need to be running this kernel
(or any later released ones) before you do an online upgrade to avoid the
upgrade stalling / hanging.

For other upstream fixes in this update, see the referenced changelogs.

Affected Software/OS:
'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:L/AC:L/Au:S/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2023-31248
Debian Security Information: DSA-5453 (Google Search)
https://www.debian.org/security/2023/dsa-5453
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/
http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html
http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html
https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/
https://www.openwall.com/lists/oss-security/2023/07/05/2
https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html
http://www.openwall.com/lists/oss-security/2023/07/05/2
Common Vulnerability Exposure (CVE) ID: CVE-2023-3338
Debian Security Information: DSA-5480 (Google Search)
https://www.debian.org/security/2023/dsa-5480
RHBZ#2218618
https://bugzilla.redhat.com/show_bug.cgi?id=2218618
https://access.redhat.com/security/cve/CVE-2023-3338
https://seclists.org/oss-sec/2023/q2/276
https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
Common Vulnerability Exposure (CVE) ID: CVE-2023-3390
Debian Security Information: DSA-5448 (Google Search)
https://www.debian.org/security/2023/dsa-5448
Debian Security Information: DSA-5461 (Google Search)
https://www.debian.org/security/2023/dsa-5461
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97
https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html
Common Vulnerability Exposure (CVE) ID: CVE-2023-35001
https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/
https://www.openwall.com/lists/oss-security/2023/07/05/3
http://www.openwall.com/lists/oss-security/2023/07/05/3
CopyrightCopyright (C) 2023 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.