Test ID:	1.3.6.1.4.1.25623.1.0.843269
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-3378-1)
Summary:	The remote host is missing an update for the 'linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon' package(s) announced via the USN-3378-1 advisory.
Description:	Summary: The remote host is missing an update for the 'linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon' package(s) announced via the USN-3378-1 advisory. Vulnerability Insight: Fan Wu and Shixiong Zhao discovered a race condition between inotify events and vfs rename operations in the Linux kernel. An unprivileged local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2017-7533) It was discovered that the Linux kernel did not properly restrict RLIMIT_STACK size. A local attacker could use this in conjunction with another vulnerability to possibly execute arbitrary code. (CVE-2017-1000365) Li Qiang discovered that the Virtio GPU driver in the Linux kernel did not properly free memory in some situations. A local attacker could use this to cause a denial of service (memory consumption). (CVE-2017-10810) Shi Lei discovered that the RxRPC Kerberos 5 ticket handling code in the Linux kernel did not properly verify metadata. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7482) Affected Software/OS: 'linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon' package(s) on Ubuntu 16.04. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-1000365 BugTraq ID: 99156 http://www.securityfocus.com/bid/99156 Debian Security Information: DSA-3927 (Google Search) http://www.debian.org/security/2017/dsa-3927 Debian Security Information: DSA-3945 (Google Search) http://www.debian.org/security/2017/dsa-3945 https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt Common Vulnerability Exposure (CVE) ID: CVE-2017-10810 BugTraq ID: 99433 http://www.securityfocus.com/bid/99433 Common Vulnerability Exposure (CVE) ID: CVE-2017-7482 BugTraq ID: 99299 http://www.securityfocus.com/bid/99299 https://www.debian.org/security/2017/dsa-3927 https://www.debian.org/security/2017/dsa-3945 http://seclists.org/oss-sec/2017/q2/602 RedHat Security Advisories: RHSA-2019:0641 https://access.redhat.com/errata/RHSA-2019:0641 http://www.securitytracker.com/id/1038787 Common Vulnerability Exposure (CVE) ID: CVE-2017-7533 100123 http://www.securityfocus.com/bid/100123 1039075 http://www.securitytracker.com/id/1039075 DSA-3927 DSA-3945 RHSA-2017:2473 https://access.redhat.com/errata/RHSA-2017:2473 RHSA-2017:2585 https://access.redhat.com/errata/RHSA-2017:2585 RHSA-2017:2669 https://access.redhat.com/errata/RHSA-2017:2669 RHSA-2017:2770 https://access.redhat.com/errata/RHSA-2017:2770 RHSA-2017:2869 https://access.redhat.com/errata/RHSA-2017:2869 [oss-security] 20190627 Re: linux-distros membership application - Microsoft http://www.openwall.com/lists/oss-security/2019/06/27/7 [oss-security] 20190628 Re: linux-distros membership application - Microsoft http://www.openwall.com/lists/oss-security/2019/06/28/1 http://www.openwall.com/lists/oss-security/2019/06/28/2 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=49d31c2f389acfe83417083e1208422b4091cd9e http://openwall.com/lists/oss-security/2017/08/03/2 https://bugzilla.redhat.com/show_bug.cgi?id=1468283 https://github.com/torvalds/linux/commit/49d31c2f389acfe83417083e1208422b4091cd9e https://patchwork.kernel.org/patch/9755753/ https://patchwork.kernel.org/patch/9755757/ https://source.android.com/security/bulletin/2017-12-01 https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1408967.html
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.