Test ID:	1.3.6.1.4.1.25623.1.0.842809
Category:	Ubuntu Local Security Checks
Title:	Ubuntu Update for linux-raspi2 USN-3016-2
Summary:	The remote host is missing an update for the 'linux-raspi2'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'linux-raspi2' package(s) announced via the referenced advisory. Vulnerability Insight: Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. (CVE-2016-4997) Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4482) Kangjie Lu discovered an information leak in the timer handling implementation in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4569, CVE-2016-4578) Kangjie Lu discovered an information leak in the X.25 Call Request handling in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4580) It was discovered that an information leak exists in the Rock Ridge implementation in the Linux kernel. A local attacker who is able to mount a malicious iso9660 file system image could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2016-4913) Baozeng Ding discovered that the Transparent Inter-process Communication (TIPC) implementation in the Linux kernel did not verify socket existence before use in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-4951) Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2016-4998) Affected Software/OS: linux-raspi2 on Ubuntu 16.04 LTS Solution: Please Install the Updated Packages. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-4997 BugTraq ID: 91451 http://www.securityfocus.com/bid/91451 Debian Security Information: DSA-3607 (Google Search) http://www.debian.org/security/2016/dsa-3607 https://www.exploit-db.com/exploits/40435/ https://www.exploit-db.com/exploits/40489/ https://github.com/nccgroup/TriforceLinuxSyscallFuzzer/tree/master/crash_reports/report_compatIpt http://www.openwall.com/lists/oss-security/2016/06/24/5 http://www.openwall.com/lists/oss-security/2016/09/29/10 RedHat Security Advisories: RHSA-2016:1847 http://rhn.redhat.com/errata/RHSA-2016-1847.html RedHat Security Advisories: RHSA-2016:1875 http://rhn.redhat.com/errata/RHSA-2016-1875.html RedHat Security Advisories: RHSA-2016:1883 http://rhn.redhat.com/errata/RHSA-2016-1883.html http://www.securitytracker.com/id/1036171 SuSE Security Announcement: SUSE-SU-2016:1709 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00060.html SuSE Security Announcement: SUSE-SU-2016:1710 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00061.html SuSE Security Announcement: SUSE-SU-2016:1937 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html SuSE Security Announcement: SUSE-SU-2016:1985 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html SuSE Security Announcement: SUSE-SU-2016:2018 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html SuSE Security Announcement: SUSE-SU-2016:2105 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html SuSE Security Announcement: SUSE-SU-2016:2174 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00048.html SuSE Security Announcement: SUSE-SU-2016:2177 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00050.html SuSE Security Announcement: SUSE-SU-2016:2178 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00051.html SuSE Security Announcement: SUSE-SU-2016:2179 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00052.html SuSE Security Announcement: SUSE-SU-2016:2180 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00053.html SuSE Security Announcement: SUSE-SU-2016:2181 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00054.html SuSE Security Announcement: openSUSE-SU-2016:2184 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html http://www.ubuntu.com/usn/USN-3016-1 http://www.ubuntu.com/usn/USN-3016-2 http://www.ubuntu.com/usn/USN-3016-3 http://www.ubuntu.com/usn/USN-3016-4 http://www.ubuntu.com/usn/USN-3017-1 http://www.ubuntu.com/usn/USN-3017-2 http://www.ubuntu.com/usn/USN-3017-3 http://www.ubuntu.com/usn/USN-3018-1 http://www.ubuntu.com/usn/USN-3018-2 http://www.ubuntu.com/usn/USN-3019-1 http://www.ubuntu.com/usn/USN-3020-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-4482 BugTraq ID: 90029 http://www.securityfocus.com/bid/90029 http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184414.html http://www.openwall.com/lists/oss-security/2016/05/04/2 SuSE Security Announcement: SUSE-SU-2016:1672 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html SuSE Security Announcement: SUSE-SU-2016:1690 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html SuSE Security Announcement: SUSE-SU-2016:1696 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html SuSE Security Announcement: openSUSE-SU-2016:1641 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html http://www.ubuntu.com/usn/USN-3021-1 http://www.ubuntu.com/usn/USN-3021-2 Common Vulnerability Exposure (CVE) ID: CVE-2016-4569 BugTraq ID: 90347 http://www.securityfocus.com/bid/90347 http://www.openwall.com/lists/oss-security/2016/05/09/17 RedHat Security Advisories: RHSA-2016:2574 http://rhn.redhat.com/errata/RHSA-2016-2574.html RedHat Security Advisories: RHSA-2016:2584 http://rhn.redhat.com/errata/RHSA-2016-2584.html Common Vulnerability Exposure (CVE) ID: CVE-2016-4578 BugTraq ID: 90535 http://www.securityfocus.com/bid/90535 https://www.exploit-db.com/exploits/46529/ http://www.openwall.com/lists/oss-security/2016/05/11/5 Common Vulnerability Exposure (CVE) ID: CVE-2016-4580 BugTraq ID: 90528 http://www.securityfocus.com/bid/90528 http://www.openwall.com/lists/oss-security/2016/05/10/12 Common Vulnerability Exposure (CVE) ID: CVE-2016-4913 BugTraq ID: 90730 http://www.securityfocus.com/bid/90730 http://www.openwall.com/lists/oss-security/2016/05/18/3 http://www.openwall.com/lists/oss-security/2016/05/18/5 RedHat Security Advisories: RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3083 RedHat Security Advisories: RHSA-2018:3096 https://access.redhat.com/errata/RHSA-2018:3096 Common Vulnerability Exposure (CVE) ID: CVE-2016-4951 http://lists.openwall.net/netdev/2016/05/14/28 http://www.openwall.com/lists/oss-security/2016/05/21/2 Common Vulnerability Exposure (CVE) ID: CVE-2016-4998 RedHat Security Advisories: RHSA-2017:0036 http://rhn.redhat.com/errata/RHSA-2017-0036.html
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.