English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.843139
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-3265-1)
Summary:The remote host is missing an update for the 'linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon' package(s) announced via the USN-3265-1 advisory.
Description:Summary:
The remote host is missing an update for the 'linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon' package(s) announced via the USN-3265-1 advisory.

Vulnerability Insight:
It was discovered that a use-after-free flaw existed in the filesystem
encryption subsystem in the Linux kernel. A local attacker could use this
to cause a denial of service (system crash). (CVE-2017-7374)

Andrey Konovalov discovered an out-of-bounds access in the IPv6 Generic
Routing Encapsulation (GRE) tunneling implementation in the Linux kernel.
An attacker could use this to possibly expose sensitive information.
(CVE-2017-5897)

Andrey Konovalov discovered that the IPv4 implementation in the Linux
kernel did not properly handle invalid IP options in some situations. An
attacker could use this to cause a denial of service or possibly execute
arbitrary code. (CVE-2017-5970)

Gareth Evans discovered that the shm IPC subsystem in the Linux kernel did
not properly restrict mapping page zero. A local privileged attacker could
use this to execute arbitrary code. (CVE-2017-5669)

Alexander Popov discovered that a race condition existed in the Stream
Control Transmission Protocol (SCTP) implementation in the Linux kernel. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2017-5986)

Dmitry Vyukov discovered that the Linux kernel did not properly handle TCP
packets with the URG flag. A remote attacker could use this to cause a
denial of service. (CVE-2017-6214)

Andrey Konovalov discovered that the LLC subsystem in the Linux kernel did
not properly set up a destructor in certain situations. A local attacker
could use this to cause a denial of service (system crash). (CVE-2017-6345)

It was discovered that a race condition existed in the AF_PACKET handling
code in the Linux kernel. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2017-6346)

Andrey Konovalov discovered that the IP layer in the Linux kernel made
improper assumptions about internal data layout when performing checksums.
A local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2017-6347)

Dmitry Vyukov discovered race conditions in the Infrared (IrDA) subsystem
in the Linux kernel. A local attacker could use this to cause a denial of
service (deadlock). (CVE-2017-6348)

Affected Software/OS:
'linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon' package(s) on Ubuntu 16.04.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2017-5669
BugTraq ID: 96754
http://www.securityfocus.com/bid/96754
Debian Security Information: DSA-3804 (Google Search)
http://www.debian.org/security/2017/dsa-3804
https://bugzilla.kernel.org/show_bug.cgi?id=192931
https://github.com/torvalds/linux/commit/95e91b831f87ac8e1f8ed50c14d709089b4e01b8
https://github.com/torvalds/linux/commit/e1d35d4dc7f089e6c9c080d556feedf9c706f0c7
http://www.securitytracker.com/id/1037918
https://usn.ubuntu.com/3583-1/
https://usn.ubuntu.com/3583-2/
Common Vulnerability Exposure (CVE) ID: CVE-2017-5897
BugTraq ID: 96037
http://www.securityfocus.com/bid/96037
Debian Security Information: DSA-3791 (Google Search)
http://www.debian.org/security/2017/dsa-3791
http://www.openwall.com/lists/oss-security/2017/02/07/2
http://www.securitytracker.com/id/1037794
https://usn.ubuntu.com/3754-1/
Common Vulnerability Exposure (CVE) ID: CVE-2017-5970
BugTraq ID: 96233
http://www.securityfocus.com/bid/96233
http://www.openwall.com/lists/oss-security/2017/02/12/3
RedHat Security Advisories: RHSA-2017:1842
https://access.redhat.com/errata/RHSA-2017:1842
RedHat Security Advisories: RHSA-2017:2077
https://access.redhat.com/errata/RHSA-2017:2077
RedHat Security Advisories: RHSA-2017:2669
https://access.redhat.com/errata/RHSA-2017:2669
Common Vulnerability Exposure (CVE) ID: CVE-2017-5986
BugTraq ID: 96222
http://www.securityfocus.com/bid/96222
http://www.openwall.com/lists/oss-security/2017/02/14/6
RedHat Security Advisories: RHSA-2017:1308
https://access.redhat.com/errata/RHSA-2017:1308
Common Vulnerability Exposure (CVE) ID: CVE-2017-6214
BugTraq ID: 96421
http://www.securityfocus.com/bid/96421
RedHat Security Advisories: RHSA-2017:1372
https://access.redhat.com/errata/RHSA-2017:1372
RedHat Security Advisories: RHSA-2017:1615
https://access.redhat.com/errata/RHSA-2017:1615
RedHat Security Advisories: RHSA-2017:1616
https://access.redhat.com/errata/RHSA-2017:1616
RedHat Security Advisories: RHSA-2017:1647
https://access.redhat.com/errata/RHSA-2017:1647
http://www.securitytracker.com/id/1037897
Common Vulnerability Exposure (CVE) ID: CVE-2017-6345
BugTraq ID: 96510
http://www.securityfocus.com/bid/96510
http://www.openwall.com/lists/oss-security/2017/02/28/7
Common Vulnerability Exposure (CVE) ID: CVE-2017-6346
BugTraq ID: 96508
http://www.securityfocus.com/bid/96508
http://www.openwall.com/lists/oss-security/2017/02/28/6
Common Vulnerability Exposure (CVE) ID: CVE-2017-6347
BugTraq ID: 96487
http://www.securityfocus.com/bid/96487
http://www.openwall.com/lists/oss-security/2017/02/28/5
Common Vulnerability Exposure (CVE) ID: CVE-2017-6348
BugTraq ID: 96483
http://www.securityfocus.com/bid/96483
http://www.openwall.com/lists/oss-security/2017/02/28/4
Common Vulnerability Exposure (CVE) ID: CVE-2017-7374
BugTraq ID: 97308
http://www.securityfocus.com/bid/97308
CopyrightCopyright (C) 2017 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.