Test ID:	1.3.6.1.4.1.25623.1.0.842746
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-2978-2)
Summary:	The remote host is missing an update for the 'linux-lts-wily' package(s) announced via the USN-2978-2 advisory.
Description:	Summary: The remote host is missing an update for the 'linux-lts-wily' package(s) announced via the USN-2978-2 advisory. Vulnerability Insight: USN-2978-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 15.10 for Ubuntu 14.04 LTS. David Matlack discovered that the Kernel-based Virtual Machine (KVM) implementation in the Linux kernel did not properly restrict variable Memory Type Range Registers (MTRR) in KVM guests. A privileged user in a guest VM could use this to cause a denial of service (system crash) in the host, expose sensitive information from the host, or possibly gain administrative privileges in the host. (CVE-2016-3713) Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-0758) Affected Software/OS: 'linux-lts-wily' package(s) on Ubuntu 14.04. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-0758 90626 http://www.securityfocus.com/bid/90626 HPSBHF3548 https://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158555 RHSA-2016:1033 http://rhn.redhat.com/errata/RHSA-2016-1033.html RHSA-2016:1051 http://rhn.redhat.com/errata/RHSA-2016-1051.html RHSA-2016:1055 http://rhn.redhat.com/errata/RHSA-2016-1055.html SUSE-SU-2016:1672 http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html SUSE-SU-2016:1690 http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html SUSE-SU-2016:1937 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html SUSE-SU-2016:1961 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html SUSE-SU-2016:1985 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html SUSE-SU-2016:1994 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html SUSE-SU-2016:1995 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html SUSE-SU-2016:2000 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html SUSE-SU-2016:2001 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html SUSE-SU-2016:2002 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html SUSE-SU-2016:2003 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html SUSE-SU-2016:2005 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html SUSE-SU-2016:2006 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html SUSE-SU-2016:2007 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html SUSE-SU-2016:2009 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html SUSE-SU-2016:2010 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html SUSE-SU-2016:2011 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html SUSE-SU-2016:2014 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html SUSE-SU-2016:2105 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html USN-2979-4 http://www.ubuntu.com/usn/USN-2979-4 [oss-security] 20160513 CVE-2016-0758 - Linux kernel - Flaw in ASN.1 DER decoder for x509 certificate DER files. http://www.openwall.com/lists/oss-security/2016/05/12/9 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23c8a812dc3c621009e4f0e5342aa4e2ede1ceaa http://source.android.com/security/bulletin/2016-10-01.html http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html https://bugzilla.redhat.com/show_bug.cgi?id=1300257 https://github.com/torvalds/linux/commit/23c8a812dc3c621009e4f0e5342aa4e2ede1ceaa openSUSE-SU-2016:1641 http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html openSUSE-SU-2016:2184 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html Common Vulnerability Exposure (CVE) ID: CVE-2016-3713 [oss-security] 20160516 CVE-2016-3713 Linux kernel: kvm: OOB r/w access issue with MSR 0x2F8 http://www.openwall.com/lists/oss-security/2016/05/16/2 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9842df62004f366b9fed2423e24df10542ee0dc5 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.1 https://bugzilla.redhat.com/show_bug.cgi?id=1332139 https://github.com/torvalds/linux/commit/9842df62004f366b9fed2423e24df10542ee0dc5
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.