Test ID:	1.3.6.1.4.1.25623.1.1.10.2017.0387
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2017-0387)
Summary:	The remote host is missing an update for the 'kernel-linus' package(s) announced via the MGASA-2017-0387 advisory.
Description:	Summary: The remote host is missing an update for the 'kernel-linus' package(s) announced via the MGASA-2017-0387 advisory. Vulnerability Insight: This kernel-linus update is based on upstream 4.4.92 and fixes at least the following security issues: A security flaw was discovered in nl80211_set_rekey_data() function in the Linux kernel since v3.1-rc1 through v4.13. This function does not check whether the required attributes are present in a netlink request. This request can be issued by a user with CAP_NET_ADMIN privilege and may result in NULL dereference and a system crash (CVE-2017-12153). Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization (nVMX) feature enabled (nested=1), is vulnerable to a crash due to disabled external interrupts. As L2 guest could acce s (r/w) hardware CR8 register of the host(L0). In a nested visualization setup, L2 guest user could use this flaw to potentially crash the host(L0) resulting in DoS (CVE-2017-12154). The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path (CVE-2017-14106). The atyfb_ioctl function in drivers/video/fbdev/aty/atyfb_base.c in the Linux kernel through 4.12.10 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading locations associated with padding bytes (CVE-2017-14156). It was found that the iscsi_if_rx() function in scsi_transport_iscsi.c in the Linux kernel since v2.6.24-rc1 through 4.13.2 allows local users to cause a denial of service (a system panic) by making a number of certain syscalls by leveraging incorrect length validation in the kernel code (CVE-2017-14489). The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0 (CVE-2017-14991). A reachable assertion failure flaw was found in the Linux kernel built with KVM virtualisation(CONFIG_KVM) support with Virtual Function I/O feature (CONFIG_VFIO) enabled. This failure could occur if a malicious guest device sent a virtual interrupt (guest IRQ) with a larger (>1024) index value (CVE-2017-1000252). For other upstream fixes in this update, read the referenced changelogs. Affected Software/OS: 'kernel-linus' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 4.9 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-1000252 BugTraq ID: 101022 http://www.securityfocus.com/bid/101022 Debian Security Information: DSA-3981 (Google Search) http://www.debian.org/security/2017/dsa-3981 RedHat Security Advisories: RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:0676 RedHat Security Advisories: RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2018:1062 RedHat Security Advisories: RHSA-2018:1130 https://access.redhat.com/errata/RHSA-2018:1130 Common Vulnerability Exposure (CVE) ID: CVE-2017-12153 100855 http://www.securityfocus.com/bid/100855 DSA-3981 USN-3583-1 https://usn.ubuntu.com/3583-1/ USN-3583-2 https://usn.ubuntu.com/3583-2/ http://seclists.org/oss-sec/2017/q3/437 https://bugzilla.novell.com/show_bug.cgi?id=1058410 https://bugzilla.redhat.com/show_bug.cgi?id=1491046 https://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211.git/commit/?id=e785fa0a164aa11001cba931367c7f94ffaff888 https://marc.info/?t=150525503100001&r=1&w=2 Common Vulnerability Exposure (CVE) ID: CVE-2017-12154 100856 http://www.securityfocus.com/bid/100856 RHSA-2018:0676 RHSA-2018:1062 RHSA-2019:1946 https://access.redhat.com/errata/RHSA-2019:1946 USN-3698-1 https://usn.ubuntu.com/3698-1/ USN-3698-2 https://usn.ubuntu.com/3698-2/ http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51aa68e7d57e3217192d88ce90fd5b8ef29ec94f https://bugzilla.redhat.com/show_bug.cgi?id=1491224 https://github.com/torvalds/linux/commit/51aa68e7d57e3217192d88ce90fd5b8ef29ec94f https://www.spinics.net/lists/kvm/msg155414.html Common Vulnerability Exposure (CVE) ID: CVE-2017-14106 BugTraq ID: 100878 http://www.securityfocus.com/bid/100878 RedHat Security Advisories: RHSA-2017:2918 https://access.redhat.com/errata/RHSA-2017:2918 RedHat Security Advisories: RHSA-2017:2930 https://access.redhat.com/errata/RHSA-2017:2930 RedHat Security Advisories: RHSA-2017:2931 https://access.redhat.com/errata/RHSA-2017:2931 RedHat Security Advisories: RHSA-2017:3200 https://access.redhat.com/errata/RHSA-2017:3200 RedHat Security Advisories: RHSA-2018:2172 https://access.redhat.com/errata/RHSA-2018:2172 http://www.securitytracker.com/id/1039549 SuSE Security Announcement: SUSE-SU-2018:0011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html Common Vulnerability Exposure (CVE) ID: CVE-2017-14156 BugTraq ID: 100634 http://www.securityfocus.com/bid/100634 https://github.com/torvalds/linux/pull/441 https://marc.info/?l=linux-kernel&m=150401461613306&w=2 https://marc.info/?l=linux-kernel&m=150453196710422&w=2 Common Vulnerability Exposure (CVE) ID: CVE-2017-14489 BugTraq ID: 101011 http://www.securityfocus.com/bid/101011 https://www.exploit-db.com/exploits/42932/ Common Vulnerability Exposure (CVE) ID: CVE-2017-14991 BugTraq ID: 101187 http://www.securityfocus.com/bid/101187 https://usn.ubuntu.com/3754-1/
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.