Test ID:	1.3.6.1.4.1.25623.1.0.842712
Category:	Ubuntu Local Security Checks
Title:	Ubuntu Update for linux-raspi2 USN-2947-3
Summary:	The remote host is missing an update for the 'linux-raspi2'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'linux-raspi2' package(s) announced via the referenced advisory. Vulnerability Insight: Ralf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly sanity check the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7833) Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel's CXGB3 driver. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2015-8812) Xiaofei Rex Guo discovered a timing side channel vulnerability in the Linux Extended Verification Module (EVM). An attacker could use this to affect system integrity. (CVE-2016-2085) It was discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel did not correctly compute branch offsets for backward jumps after ctx expansion. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-2383) David Herrmann discovered that the Linux kernel incorrectly accounted file descriptors to the original opener for in-flight file descriptors sent over a unix domain socket. A local attacker could use this to cause a denial of service (resource exhaustion). (CVE-2016-2550) It was discovered that the Linux kernel did not enforce limits on the amount of data allocated to buffer pipes. A local attacker could use this to cause a denial of service (resource exhaustion). (CVE-2016-2847) Affected Software/OS: linux-raspi2 on Ubuntu 15.10 Solution: Please Install the Updated Packages. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-7833 BugTraq ID: 77030 http://www.securityfocus.com/bid/77030 Bugtraq: 20151007 Re: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (usbvision driver) (Google Search) http://www.securityfocus.com/archive/1/536629 Debian Security Information: DSA-3396 (Google Search) http://www.debian.org/security/2015/dsa-3396 Debian Security Information: DSA-3426 (Google Search) http://www.debian.org/security/2015/dsa-3426 http://www.os-s.net/advisories/DOS-KernelCrashesOnInvalidUSBDeviceDescriptors-UsbvisionDriver.pdf https://bugzilla.redhat.com/show_bug.cgi?id=1201858 http://www.securitytracker.com/id/1034452 SuSE Security Announcement: SUSE-SU-2016:1937 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html SuSE Security Announcement: SUSE-SU-2016:1985 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html SuSE Security Announcement: SUSE-SU-2016:2105 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html SuSE Security Announcement: openSUSE-SU-2016:2184 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html http://www.ubuntu.com/usn/USN-2929-1 http://www.ubuntu.com/usn/USN-2929-2 http://www.ubuntu.com/usn/USN-2932-1 http://www.ubuntu.com/usn/USN-2947-1 http://www.ubuntu.com/usn/USN-2947-2 http://www.ubuntu.com/usn/USN-2947-3 http://www.ubuntu.com/usn/USN-2948-1 http://www.ubuntu.com/usn/USN-2948-2 http://www.ubuntu.com/usn/USN-2967-1 http://www.ubuntu.com/usn/USN-2967-2 Common Vulnerability Exposure (CVE) ID: CVE-2015-8812 BugTraq ID: 83218 http://www.securityfocus.com/bid/83218 Debian Security Information: DSA-3503 (Google Search) http://www.debian.org/security/2016/dsa-3503 http://www.openwall.com/lists/oss-security/2016/02/11/1 RedHat Security Advisories: RHSA-2016:2574 http://rhn.redhat.com/errata/RHSA-2016-2574.html RedHat Security Advisories: RHSA-2016:2584 http://rhn.redhat.com/errata/RHSA-2016-2584.html SuSE Security Announcement: SUSE-SU-2016:0911 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html SuSE Security Announcement: SUSE-SU-2016:1019 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html SuSE Security Announcement: SUSE-SU-2016:1031 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00025.html SuSE Security Announcement: SUSE-SU-2016:1032 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00026.html SuSE Security Announcement: SUSE-SU-2016:1033 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00027.html SuSE Security Announcement: SUSE-SU-2016:1034 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00028.html SuSE Security Announcement: SUSE-SU-2016:1035 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00029.html SuSE Security Announcement: SUSE-SU-2016:1037 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00030.html SuSE Security Announcement: SUSE-SU-2016:1038 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00031.html SuSE Security Announcement: SUSE-SU-2016:1039 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00032.html SuSE Security Announcement: SUSE-SU-2016:1040 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00033.html SuSE Security Announcement: SUSE-SU-2016:1041 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00034.html SuSE Security Announcement: SUSE-SU-2016:1045 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00036.html SuSE Security Announcement: SUSE-SU-2016:1046 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00037.html SuSE Security Announcement: SUSE-SU-2016:1102 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html SuSE Security Announcement: SUSE-SU-2016:1764 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html SuSE Security Announcement: SUSE-SU-2016:2074 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html SuSE Security Announcement: openSUSE-SU-2016:1008 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html http://www.ubuntu.com/usn/USN-2946-1 http://www.ubuntu.com/usn/USN-2946-2 http://www.ubuntu.com/usn/USN-2949-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-2085 Common Vulnerability Exposure (CVE) ID: CVE-2016-2383 http://www.openwall.com/lists/oss-security/2016/02/14/1 Common Vulnerability Exposure (CVE) ID: CVE-2016-2550 http://www.openwall.com/lists/oss-security/2016/02/23/2 Common Vulnerability Exposure (CVE) ID: CVE-2016-2847 BugTraq ID: 83870 http://www.securityfocus.com/bid/83870 http://www.openwall.com/lists/oss-security/2016/03/01/3 RedHat Security Advisories: RHSA-2017:0217 http://rhn.redhat.com/errata/RHSA-2017-0217.html SuSE Security Announcement: SUSE-SU-2016:1672 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html SuSE Security Announcement: SUSE-SU-2016:1690 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html SuSE Security Announcement: SUSE-SU-2016:1696 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html SuSE Security Announcement: SUSE-SU-2016:1707 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html SuSE Security Announcement: openSUSE-SU-2016:1382 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.