Test ID:	1.3.6.1.4.1.25623.1.0.842888
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-3084-2)
Summary:	The remote host is missing an update for the 'linux-lts-xenial' package(s) announced via the USN-3084-2 advisory.
Description:	Summary: The remote host is missing an update for the 'linux-lts-xenial' package(s) announced via the USN-3084-2 advisory. Vulnerability Insight: USN-3084-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Pengfei Wang discovered a race condition in the audit subsystem in the Linux kernel. A local attacker could use this to corrupt audit logs or disrupt system-call auditing. (CVE-2016-6136) It was discovered that the powerpc and powerpc64 hypervisor-mode KVM implementation in the Linux kernel for did not properly maintain state about transactional memory. An unprivileged attacker in a guest could cause a denial of service (CPU lockup) in the host OS. (CVE-2016-5412) Pengfei Wang discovered a race condition in the Chrome OS embedded controller device driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-6156) Affected Software/OS: 'linux-lts-xenial' package(s) on Ubuntu 14.04. Solution: Please install the updated package(s). CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:S/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5412 RHSA-2016:2574 http://rhn.redhat.com/errata/RHSA-2016-2574.html [oss-security] 20160728 CVE-2016-5412 Kernel: powerpc: kvm: Infinite loop via H_CEDE hypercall when running under hypervisor-mode http://www.openwall.com/lists/oss-security/2016/07/28/2 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=93d17397e4e2182fdaad503e2f9da46202c0f1c3 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f024ee098476a3e620232e4a78cfac505f121245 https://bugzilla.redhat.com/show_bug.cgi?id=1349916 https://github.com/torvalds/linux/commit/93d17397e4e2182fdaad503e2f9da46202c0f1c3 https://github.com/torvalds/linux/commit/f024ee098476a3e620232e4a78cfac505f121245 Common Vulnerability Exposure (CVE) ID: CVE-2016-6136 BugTraq ID: 91558 http://www.securityfocus.com/bid/91558 Bugtraq: 20160704 [CVE-2016-6136] Double-Fetch Vulnerability in Linux-4.6/kernel/auditsc.c (Google Search) http://www.securityfocus.com/archive/1/538835/30/0/threaded RedHat Security Advisories: RHSA-2016:2574 RedHat Security Advisories: RHSA-2016:2584 http://rhn.redhat.com/errata/RHSA-2016-2584.html RedHat Security Advisories: RHSA-2017:0307 http://rhn.redhat.com/errata/RHSA-2017-0307.html Common Vulnerability Exposure (CVE) ID: CVE-2016-6156 BugTraq ID: 91553 http://www.securityfocus.com/bid/91553 Bugtraq: 20160704 [CVE-2016-6156] Double-Fetch Vulnerability in Linux-4.6/drivers/platform/chrome/cros_ec_dev.c (Google Search) http://seclists.org/bugtraq/2016/Jul/20 https://bugzilla.kernel.org/show_bug.cgi?id=120131
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.