English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.842910
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-3099-2)
Summary:The remote host is missing an update for the 'linux-lts-xenial' package(s) announced via the USN-3099-2 advisory.
Description:Summary:
The remote host is missing an update for the 'linux-lts-xenial' package(s) announced via the USN-3099-2 advisory.

Vulnerability Insight:
USN-3099-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.

Vladimir Benes discovered an unbounded recursion in the VLAN and TEB
Generic Receive Offload (GRO) processing implementations in the Linux
kernel, A remote attacker could use this to cause a stack corruption,
leading to a denial of service (system crash). (CVE-2016-7039)

Marco Grassi discovered a use-after-free condition could occur in the TCP
retransmit queue handling code in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2016-6828)

Pengfei Wang discovered a race condition in the Adaptec AAC RAID controller
driver in the Linux kernel when handling ioctl()s. A local attacker could
use this to cause a denial of service (system crash). (CVE-2016-6480)

Affected Software/OS:
'linux-lts-xenial' package(s) on Ubuntu 14.04.

Solution:
Please install the updated package(s).

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2016-6480
BugTraq ID: 92214
http://www.securityfocus.com/bid/92214
Bugtraq: 20160801 [CVE-2016-6480] Double-Fetch Vulnerability in Linux-4.5/drivers/scsi/aacraid/commctrl.c (Google Search)
http://www.securityfocus.com/archive/1/539074/30/0/threaded
RedHat Security Advisories: RHSA-2016:2574
http://rhn.redhat.com/errata/RHSA-2016-2574.html
RedHat Security Advisories: RHSA-2016:2584
http://rhn.redhat.com/errata/RHSA-2016-2584.html
RedHat Security Advisories: RHSA-2017:0817
http://rhn.redhat.com/errata/RHSA-2017-0817.html
SuSE Security Announcement: SUSE-SU-2016:2174 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00048.html
SuSE Security Announcement: SUSE-SU-2016:2175 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00049.html
SuSE Security Announcement: SUSE-SU-2016:2177 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00050.html
SuSE Security Announcement: SUSE-SU-2016:2178 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00051.html
SuSE Security Announcement: SUSE-SU-2016:2179 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00052.html
SuSE Security Announcement: SUSE-SU-2016:2180 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00053.html
SuSE Security Announcement: SUSE-SU-2016:2181 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00054.html
SuSE Security Announcement: SUSE-SU-2016:2230 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00001.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-6828
92452
http://www.securityfocus.com/bid/92452
RHSA-2017:0036
http://rhn.redhat.com/errata/RHSA-2017-0036.html
RHSA-2017:0086
http://rhn.redhat.com/errata/RHSA-2017-0086.html
RHSA-2017:0091
http://rhn.redhat.com/errata/RHSA-2017-0091.html
RHSA-2017:0113
http://rhn.redhat.com/errata/RHSA-2017-0113.html
[oss-security] 20160815 Linux tcp_xmit_retransmit_queue use after free on 4.8-rc1 / master
http://www.openwall.com/lists/oss-security/2016/08/15/1
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bb1fceca22492109be12640d49f5ea5a544c6bb4
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.5
https://bugzilla.redhat.com/show_bug.cgi?id=1367091
https://github.com/torvalds/linux/commit/bb1fceca22492109be12640d49f5ea5a544c6bb4
https://marcograss.github.io/security/linux/2016/08/18/cve-2016-6828-linux-kernel-tcp-uaf.html
https://source.android.com/security/bulletin/2016-11-01.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-7039
BugTraq ID: 93476
http://www.securityfocus.com/bid/93476
http://www.openwall.com/lists/oss-security/2016/10/10/15
RedHat Security Advisories: RHSA-2016:2047
http://rhn.redhat.com/errata/RHSA-2016-2047.html
RedHat Security Advisories: RHSA-2016:2107
http://rhn.redhat.com/errata/RHSA-2016-2107.html
RedHat Security Advisories: RHSA-2016:2110
http://rhn.redhat.com/errata/RHSA-2016-2110.html
RedHat Security Advisories: RHSA-2017:0372
https://access.redhat.com/errata/RHSA-2017:0372
CopyrightCopyright (C) 2016 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.