 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.10.2020.0201 |
| Category: | Mageia Linux Local Security Checks |
| Title: | Mageia: Security Advisory (MGASA-2020-0201) |
| Summary: | The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2020-0201 advisory. |
| Description: | Summary: The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2020-0201 advisory. Vulnerability Insight: This update is based on the upstream 5.6.8 kernel and fixes at least the following security issues: usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference(CVE-2020-12464). An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) because of a lack of headroom validation (CVE-2020-12659). Other fixes in this update: - printk: queue wake_up_klogd irq_work only if per-CPU areas are ready - Fix use after free in get_tree_bdev() - propagate_one(): mnt_set_mountpoint() needs mount_lock - iwlwifi: pcie: handle QuZ configs with killer NICs as well - Fix building out of tree modules on aarch64 (pterjan) For other fixes and changes in this update, see the refenced changelogs. Affected Software/OS: 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2020-12464 Debian Security Information: DSA-4698 (Google Search) https://www.debian.org/security/2020/dsa-4698 Debian Security Information: DSA-4699 (Google Search) https://www.debian.org/security/2020/dsa-4699 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.8 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=056ad39ee9253873522f6469c3364964a322912b https://github.com/torvalds/linux/commit/056ad39ee9253873522f6469c3364964a322912b https://lkml.org/lkml/2020/3/23/52 https://patchwork.kernel.org/patch/11463781/ https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html SuSE Security Announcement: openSUSE-SU-2020:0801 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html https://usn.ubuntu.com/4387-1/ https://usn.ubuntu.com/4388-1/ https://usn.ubuntu.com/4389-1/ https://usn.ubuntu.com/4390-1/ https://usn.ubuntu.com/4391-1/ Common Vulnerability Exposure (CVE) ID: CVE-2020-12659 https://bugzilla.kernel.org/show_bug.cgi?id=207225 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.7 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99e3a236dd43d06c65af0a2ef9cb44306aef6e02 https://github.com/torvalds/linux/commit/99e3a236dd43d06c65af0a2ef9cb44306aef6e02 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |