Test ID:	1.3.6.1.4.1.25623.1.0.843273
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-3381-1)
Summary:	The remote host is missing an update for the 'linux' package(s) announced via the USN-3381-1 advisory.
Description:	Summary: The remote host is missing an update for the 'linux' package(s) announced via the USN-3381-1 advisory. Vulnerability Insight: Peter Pi discovered that the colormap handling for frame buffer devices in the Linux kernel contained an integer overflow. A local attacker could use this to disclose sensitive information (kernel memory). (CVE-2016-8405) It was discovered that the Linux kernel did not properly restrict RLIMIT_STACK size. A local attacker could use this in conjunction with another vulnerability to possibly execute arbitrary code. (CVE-2017-1000365) It was discovered that SELinux in the Linux kernel did not properly handle empty writes to /proc/pid/attr. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-2618) Shi Lei discovered that the RxRPC Kerberos 5 ticket handling code in the Linux kernel did not properly verify metadata. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7482) Affected Software/OS: 'linux' package(s) on Ubuntu 14.04. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-8405 BugTraq ID: 94686 http://www.securityfocus.com/bid/94686 Debian Security Information: DSA-3791 (Google Search) http://www.debian.org/security/2017/dsa-3791 Common Vulnerability Exposure (CVE) ID: CVE-2017-1000365 BugTraq ID: 99156 http://www.securityfocus.com/bid/99156 Debian Security Information: DSA-3927 (Google Search) http://www.debian.org/security/2017/dsa-3927 Debian Security Information: DSA-3945 (Google Search) http://www.debian.org/security/2017/dsa-3945 https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt Common Vulnerability Exposure (CVE) ID: CVE-2017-2618 96272 http://www.securityfocus.com/bid/96272 DSA-3791 https://www.debian.org/security/2017/dsa-3791 RHSA-2017:0931 https://access.redhat.com/errata/RHSA-2017:0931 RHSA-2017:0932 https://access.redhat.com/errata/RHSA-2017:0932 RHSA-2017:0933 https://access.redhat.com/errata/RHSA-2017:0933 [selinux] 20170131 [PATCH] selinux: fix off-by-one in setprocattr https://marc.info/?l=selinux&m=148588165923772&w=2 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2618 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=0c461cb727d146c9ef2d3e86214f498b78b7d125 Common Vulnerability Exposure (CVE) ID: CVE-2017-7482 BugTraq ID: 99299 http://www.securityfocus.com/bid/99299 https://www.debian.org/security/2017/dsa-3927 https://www.debian.org/security/2017/dsa-3945 http://seclists.org/oss-sec/2017/q2/602 RedHat Security Advisories: RHSA-2019:0641 https://access.redhat.com/errata/RHSA-2019:0641 http://www.securitytracker.com/id/1038787
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.