Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.1.4.2018.3084.1
Categoría:SuSE Local Security Checks
Título:SUSE: Security Advisory (SUSE-SU-2018:3084-1)
Resumen:The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2018:3084-1 advisory.
Descripción:Summary:
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2018:3084-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes.
CVE-2018-10853: A flaw was found in the way the KVM hypervisor emulated
instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current
privilege(CPL) level while emulating unprivileged instructions. An
unprivileged guest user/process could use this flaw to potentially
escalate privileges inside guest (bnc#1097104).

CVE-2018-10876: A flaw was found in Linux kernel in the ext4 filesystem
code. A use-after-free is possible in ext4_ext_remove_space() function
when mounting and operating a crafted ext4 image. (bnc#1099811)

CVE-2018-10877: Linux kernel ext4 filesystem is vulnerable to an
out-of-bound access in the ext4_ext_drop_refs() function when operating
on a crafted ext4 filesystem image. (bnc#1099846)

CVE-2018-10878: A flaw was found in the Linux kernel's ext4 filesystem.
A local user can cause an out-of-bounds write and a denial of service or
unspecified other impact is possible by mounting and operating a crafted
ext4 filesystem image. (bnc#1099813)

CVE-2018-10879: A flaw was found in the Linux kernel's ext4 filesystem.
A local user can cause a use-after-free in ext4_xattr_set_entry function
and a denial of service or unspecified other impact may occur by
renaming a file in a crafted ext4 filesystem image. (bnc#1099844)

CVE-2018-10880: Linux kernel is vulnerable to a stack-out-of-bounds
write in the ext4 filesystem code when mounting and writing to a crafted
ext4 image in ext4_update_inline_data(). An attacker could use this to
cause a system crash and a denial of service. (bnc#1099845)

CVE-2018-10881: A flaw was found in the Linux kernel's ext4 filesystem.
A local user can cause an out-of-bound access in ext4_get_group_info
function, a denial of service, and a system crash by mounting and
operating on a crafted ext4 filesystem image. (bnc#1099864)

CVE-2018-10882: A flaw was found in the Linux kernel's ext4 filesystem.
A local user can cause an out-of-bound write in fs/jbd2/transaction.c
code, a denial of service, and a system crash by unmounting a crafted
ext4 filesystem image. (bnc#1099849)

CVE-2018-10883: A flaw was found in the Linux kernel's ext4 filesystem.
A local user can cause an out-of-bounds write in
jbd2_journal_dirty_metadata(), a denial of service, and a system crash
by mounting and operating on a crafted ext4 filesystem image.
(bnc#1099863)

CVE-2018-10902: It was found that the raw midi kernel driver did not
protect against concurrent access which leads to a double realloc
(double free) in snd_rawmidi_input_params() and
snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl()
handler in rawmidi.c file. A malicious local attacker could possibly use
this for privilege escalation (bnc#1105322).

CVE-2018-10938: A crafted network packet sent remotely by an attacker
may force the kernel to enter an ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Linux Kernel' package(s) on OpenStack Cloud Magnum Orchestration 7, SUSE Enterprise Storage 4, SUSE Linux Enterprise High Availability 12-SP2, SUSE Linux Enterprise Server 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE OpenStack Cloud 7.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2018-6554
BugTraq ID: 105302
http://www.securityfocus.com/bid/105302
Debian Security Information: DSA-4308 (Google Search)
https://www.debian.org/security/2018/dsa-4308
https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html
https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html
https://www.spinics.net/lists/stable/msg255030.html
https://www.spinics.net/lists/stable/msg255034.html
https://usn.ubuntu.com/3775-1/
https://usn.ubuntu.com/3775-2/
https://usn.ubuntu.com/3776-1/
https://usn.ubuntu.com/3776-2/
https://usn.ubuntu.com/3777-1/
https://usn.ubuntu.com/3777-2/
https://usn.ubuntu.com/3777-3/
Common Vulnerability Exposure (CVE) ID: CVE-2018-6555
BugTraq ID: 105304
http://www.securityfocus.com/bid/105304
https://www.spinics.net/lists/stable/msg255031.html
https://www.spinics.net/lists/stable/msg255035.html
Common Vulnerability Exposure (CVE) ID: CVE-2018-7480
Debian Security Information: DSA-4188 (Google Search)
https://www.debian.org/security/2018/dsa-4188
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b54d816e00425c3a517514e0d677bb3cec49258
https://github.com/torvalds/linux/commit/9b54d816e00425c3a517514e0d677bb3cec49258
https://usn.ubuntu.com/3654-1/
https://usn.ubuntu.com/3654-2/
https://usn.ubuntu.com/3656-1/
Common Vulnerability Exposure (CVE) ID: CVE-2018-7757
BugTraq ID: 103348
http://www.securityfocus.com/bid/103348
Debian Security Information: DSA-4187 (Google Search)
https://www.debian.org/security/2018/dsa-4187
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4a491b1ab11ca0556d2fda1ff1301e862a2d44c4
https://github.com/torvalds/linux/commit/4a491b1ab11ca0556d2fda1ff1301e862a2d44c4
https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html
RedHat Security Advisories: RHSA-2018:2948
https://access.redhat.com/errata/RHSA-2018:2948
RedHat Security Advisories: RHSA-2018:3083
https://access.redhat.com/errata/RHSA-2018:3083
RedHat Security Advisories: RHSA-2018:3096
https://access.redhat.com/errata/RHSA-2018:3096
https://usn.ubuntu.com/3697-1/
https://usn.ubuntu.com/3697-2/
https://usn.ubuntu.com/3698-1/
https://usn.ubuntu.com/3698-2/
Common Vulnerability Exposure (CVE) ID: CVE-2018-9363
RedHat Security Advisories: RHSA-2019:2029
https://access.redhat.com/errata/RHSA-2019:2029
RedHat Security Advisories: RHSA-2019:2043
https://access.redhat.com/errata/RHSA-2019:2043
https://usn.ubuntu.com/3797-1/
https://usn.ubuntu.com/3797-2/
https://usn.ubuntu.com/3820-1/
https://usn.ubuntu.com/3820-2/
https://usn.ubuntu.com/3820-3/
https://usn.ubuntu.com/3822-1/
https://usn.ubuntu.com/3822-2/
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.