Test ID:	1.3.6.1.4.1.25623.1.1.10.2016.0415
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2016-0415)
Summary:	The remote host is missing an update for the 'kernel, kernel-userspace-headers, kmod-vboxadditions, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2016-0415 advisory.
Description:	Summary: The remote host is missing an update for the 'kernel, kernel-userspace-headers, kmod-vboxadditions, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2016-0415 advisory. Vulnerability Insight: This update is based on upstream 4.4.36 and fixes at least the following security issues: The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c (CVE-2016-8645). The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent (CVE-2016-8650). A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system (CVE-2016-8655). Linux kernel built with the Kernel-based Virtual Machine(CONFIG_KVM) support is vulnerable to an information leakage issue. It could occur on x86 platform, while emulating instructions in 32bit mode. A user/process could use this flaw to leak host kernel memory bytes (CVE-2016-9756). A bug in SO_{SNDRCV}BUFFORCE setsockopt() implementation allows CAP_NET_ADMIN users to set negative sk_sndbuf or sk_rcvbuf values. A user could use this flaw to cause various memory corruptions, crashes and OOM (CVE-2016-9793). For other fixes in this update, see the referenced changelogs. Affected Software/OS: 'kernel, kernel-userspace-headers, kmod-vboxadditions, kmod-virtualbox, kmod-xtables-addons' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-8645 1037285 http://www.securitytracker.com/id/1037285 94264 http://www.securityfocus.com/bid/94264 RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:1842 RHSA-2017:2077 https://access.redhat.com/errata/RHSA-2017:2077 RHSA-2017:2669 https://access.redhat.com/errata/RHSA-2017:2669 [oss-security] 20161111 CVE-2016-8645: linux kernel: net: a BUG() statement can be hit in net/ipv4/tcp_input.c http://www.openwall.com/lists/oss-security/2016/11/11/3 [oss-security] 20161130 Re: CVE-2016-8645: linux kernel: net: a BUG() statement can be hit in net/ipv4/tcp_input.c http://www.openwall.com/lists/oss-security/2016/11/30/3 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac6e780070e30e4c35bd395acfe9191e6268bdd3 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.10 https://bugzilla.redhat.com/show_bug.cgi?id=1393904 https://github.com/torvalds/linux/commit/ac6e780070e30e4c35bd395acfe9191e6268bdd3 Common Vulnerability Exposure (CVE) ID: CVE-2016-8650 1037968 http://www.securitytracker.com/id/1037968 20161115 OS-S 2016-21 - Local DoS: Linux Kernel Nullpointer Dereference via keyctl http://seclists.org/fulldisclosure/2016/Nov/76 94532 http://www.securityfocus.com/bid/94532 RHSA-2017:0931 https://access.redhat.com/errata/RHSA-2017:0931 RHSA-2017:0932 https://access.redhat.com/errata/RHSA-2017:0932 RHSA-2017:0933 https://access.redhat.com/errata/RHSA-2017:0933 RHSA-2018:1854 https://access.redhat.com/errata/RHSA-2018:1854 [oss-security] 20161125 Linux kernel: CVE-2016-8650 : Local denial of service with in key subsystem http://www.openwall.com/lists/oss-security/2016/11/24/8 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5527fffff3f002b0a6b376163613b82f69de073 https://bugzilla.redhat.com/show_bug.cgi?id=1395187 https://github.com/torvalds/linux/commit/f5527fffff3f002b0a6b376163613b82f69de073 https://source.android.com/security/bulletin/2017-03-01.html Common Vulnerability Exposure (CVE) ID: CVE-2016-8655 1037403 http://www.securitytracker.com/id/1037403 40871 https://www.exploit-db.com/exploits/40871/ 44696 https://www.exploit-db.com/exploits/44696/ 94692 http://www.securityfocus.com/bid/94692 RHSA-2017:0386 http://rhn.redhat.com/errata/RHSA-2017-0386.html RHSA-2017:0387 http://rhn.redhat.com/errata/RHSA-2017-0387.html RHSA-2017:0402 http://rhn.redhat.com/errata/RHSA-2017-0402.html SUSE-SU-2016:3096 http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00044.html SUSE-SU-2016:3113 http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00054.html SUSE-SU-2016:3116 http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00055.html SUSE-SU-2016:3117 http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00056.html SUSE-SU-2016:3169 http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00067.html SUSE-SU-2016:3183 http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00070.html SUSE-SU-2016:3197 http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00073.html SUSE-SU-2016:3205 http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00076.html SUSE-SU-2016:3206 http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00077.html SUSE-SU-2016:3247 http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00087.html USN-3149-1 http://www.ubuntu.com/usn/USN-3149-1 USN-3149-2 http://www.ubuntu.com/usn/USN-3149-2 USN-3150-1 http://www.ubuntu.com/usn/USN-3150-1 USN-3150-2 http://www.ubuntu.com/usn/USN-3150-2 USN-3151-1 http://www.ubuntu.com/usn/USN-3151-1 USN-3151-2 http://www.ubuntu.com/usn/USN-3151-2 USN-3151-3 http://www.ubuntu.com/usn/USN-3151-3 USN-3151-4 http://www.ubuntu.com/usn/USN-3151-4 USN-3152-1 http://www.ubuntu.com/usn/USN-3152-1 USN-3152-2 http://www.ubuntu.com/usn/USN-3152-2 [oss-security] 20161206 CVE-2016-8655 Linux af_packet.c race condition (local root) http://www.openwall.com/lists/oss-security/2016/12/06/1 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=84ac7260236a49c79eede91617700174c2c19b0c http://packetstormsecurity.com/files/140063/Linux-Kernel-4.4.0-AF_PACKET-Race-Condition-Privilege-Escalation.html https://bugzilla.redhat.com/show_bug.cgi?id=1400019 https://github.com/torvalds/linux/commit/84ac7260236a49c79eede91617700174c2c19b0c Common Vulnerability Exposure (CVE) ID: CVE-2016-9756 94615 http://www.securityfocus.com/bid/94615 [oss-security] 20161201 CVE request: Kernel: kvm: stack memory information leakage http://www.openwall.com/lists/oss-security/2016/12/01/1 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2117d5398c81554fbf803f5fd1dc55eb78216c0c http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.12 https://bugzilla.redhat.com/show_bug.cgi?id=1400468 https://github.com/torvalds/linux/commit/2117d5398c81554fbf803f5fd1dc55eb78216c0c openSUSE-SU-2017:0002 http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00000.html Common Vulnerability Exposure (CVE) ID: CVE-2016-9793 BugTraq ID: 94655 http://www.securityfocus.com/bid/94655 https://github.com/xairy/kernel-exploits/tree/master/CVE-2016-9793 http://www.openwall.com/lists/oss-security/2016/12/03/1 RedHat Security Advisories: RHSA-2017:0931 RedHat Security Advisories: RHSA-2017:0932 RedHat Security Advisories: RHSA-2017:0933
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.