English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.843535
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-3656-1)
Summary:The remote host is missing an update for the 'linux-raspi2, linux-snapdragon' package(s) announced via the USN-3656-1 advisory.
Description:Summary:
The remote host is missing an update for the 'linux-raspi2, linux-snapdragon' package(s) announced via the USN-3656-1 advisory.

Vulnerability Insight:
Tuba Yavuz discovered that a double-free error existed in the USBTV007
driver of the Linux kernel. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-17975)

It was discovered that a race condition existed in the F2FS implementation
in the Linux kernel. A local attacker could use this to cause a denial of
service (system crash). (CVE-2017-18193)

It was discovered that a buffer overflow existed in the Hisilicon HNS
Ethernet Device driver in the Linux kernel. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2017-18222)

It was discovered that the netfilter subsystem in the Linux kernel did not
validate that rules containing jumps contained user-defined chains. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2018-1065)

It was discovered that the netfilter subsystem of the Linux kernel did not
properly validate ebtables offsets. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2018-1068)

It was discovered that a null pointer dereference vulnerability existed in
the DCCP protocol implementation in the Linux kernel. A local attacker
could use this to cause a denial of service (system crash). (CVE-2018-1130)

It was discovered that the SCTP Protocol implementation in the Linux kernel
did not properly validate userspace provided payload lengths in some
situations. A local attacker could use this to cause a denial of service
(system crash). (CVE-2018-5803)

It was discovered that a double free error existed in the block layer
subsystem of the Linux kernel when setting up a request queue. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2018-7480)

It was discovered that a memory leak existed in the SAS driver subsystem of
the Linux kernel. A local attacker could use this to cause a denial of
service (memory exhaustion). (CVE-2018-7757)

It was discovered that a race condition existed in the x86 machine check
handler in the Linux kernel. A local privileged attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2018-7995)

Eyal Itkin discovered that the USB displaylink video adapter driver in the
Linux kernel did not properly validate mmap offsets sent from userspace. A
local attacker could use this to expose sensitive information (kernel
memory) or possibly execute arbitrary code. (CVE-2018-8781)

Silvio Cesare discovered a buffer overwrite existed in the NCPFS
implementation in the Linux kernel. A remote attacker controlling a
malicious NCPFS server could use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2018-8822)

Affected Software/OS:
'linux-raspi2, linux-snapdragon' package(s) on Ubuntu 16.04.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2017-17975
BugTraq ID: 102330
http://www.securityfocus.com/bid/102330
Debian Security Information: DSA-4188 (Google Search)
https://www.debian.org/security/2018/dsa-4188
http://linuxtesting.org/pipermail/ldv-project/2017-November/001008.html
https://usn.ubuntu.com/3653-1/
https://usn.ubuntu.com/3653-2/
https://usn.ubuntu.com/3654-1/
https://usn.ubuntu.com/3654-2/
https://usn.ubuntu.com/3656-1/
https://usn.ubuntu.com/3657-1/
Common Vulnerability Exposure (CVE) ID: CVE-2017-18193
BugTraq ID: 103147
http://www.securityfocus.com/bid/103147
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dad48e73127ba10279ea33e6dbc8d3905c4d31c0
https://github.com/torvalds/linux/commit/dad48e73127ba10279ea33e6dbc8d3905c4d31c0
Common Vulnerability Exposure (CVE) ID: CVE-2017-18222
BugTraq ID: 103349
http://www.securityfocus.com/bid/103349
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=412b65d15a7f8a93794653968308fc100f2aa87c
https://github.com/torvalds/linux/commit/412b65d15a7f8a93794653968308fc100f2aa87c
Common Vulnerability Exposure (CVE) ID: CVE-2018-1065
1040446
http://www.securitytracker.com/id/1040446
DSA-4188
RHSA-2018:2948
https://access.redhat.com/errata/RHSA-2018:2948
USN-3654-1
USN-3654-2
USN-3656-1
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=57ebd808a97d7c5b1e1afb937c2db22beba3c1f8
http://lists.openwall.net/netdev/2018/01/27/46
http://patchwork.ozlabs.org/patch/870355/
https://bugzilla.redhat.com/show_bug.cgi?id=1547824
https://github.com/torvalds/linux/commit/57ebd808a97d7c5b1e1afb937c2db22beba3c1f8
Common Vulnerability Exposure (CVE) ID: CVE-2018-1068
BugTraq ID: 103459
http://www.securityfocus.com/bid/103459
Debian Security Information: DSA-4187 (Google Search)
https://www.debian.org/security/2018/dsa-4187
https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html
https://marc.info/?l=linux-netdev&m=152023808817590&w=2
https://marc.info/?l=linux-netdev&m=152025888924151&w=2
RedHat Security Advisories: RHSA-2018:1318
https://access.redhat.com/errata/RHSA-2018:1318
RedHat Security Advisories: RHSA-2018:1355
https://access.redhat.com/errata/RHSA-2018:1355
RedHat Security Advisories: RHSA-2018:2948
RedHat Security Advisories: RHSA-2019:1170
https://access.redhat.com/errata/RHSA-2019:1170
RedHat Security Advisories: RHSA-2019:1190
https://access.redhat.com/errata/RHSA-2019:1190
RedHat Security Advisories: RHSA-2019:4159
https://access.redhat.com/errata/RHSA-2019:4159
https://usn.ubuntu.com/3674-1/
https://usn.ubuntu.com/3674-2/
https://usn.ubuntu.com/3677-1/
https://usn.ubuntu.com/3677-2/
Common Vulnerability Exposure (CVE) ID: CVE-2018-1130
https://syzkaller.appspot.com/bug?id=833568de043e0909b2aeaef7be136db39d21ba94
https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html
https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html
https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html
https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html
https://marc.info/?l=linux-netdev&m=152036596825220&w=2
RedHat Security Advisories: RHSA-2018:1854
https://access.redhat.com/errata/RHSA-2018:1854
RedHat Security Advisories: RHSA-2018:3083
https://access.redhat.com/errata/RHSA-2018:3083
RedHat Security Advisories: RHSA-2018:3096
https://access.redhat.com/errata/RHSA-2018:3096
https://usn.ubuntu.com/3697-1/
https://usn.ubuntu.com/3697-2/
https://usn.ubuntu.com/3698-1/
https://usn.ubuntu.com/3698-2/
Common Vulnerability Exposure (CVE) ID: CVE-2018-5803
https://secuniaresearch.flexerasoftware.com/secunia_research/2018-2/
https://www.spinics.net/lists/linux-sctp/msg07036.html
https://www.spinics.net/lists/netdev/msg482523.html
RedHat Security Advisories: RHSA-2019:0641
https://access.redhat.com/errata/RHSA-2019:0641
https://secuniaresearch.flexerasoftware.com/advisories/81331/
Common Vulnerability Exposure (CVE) ID: CVE-2018-7480
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b54d816e00425c3a517514e0d677bb3cec49258
https://github.com/torvalds/linux/commit/9b54d816e00425c3a517514e0d677bb3cec49258
Common Vulnerability Exposure (CVE) ID: CVE-2018-7757
BugTraq ID: 103348
http://www.securityfocus.com/bid/103348
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4a491b1ab11ca0556d2fda1ff1301e862a2d44c4
https://github.com/torvalds/linux/commit/4a491b1ab11ca0556d2fda1ff1301e862a2d44c4
Common Vulnerability Exposure (CVE) ID: CVE-2018-7995
BugTraq ID: 103356
http://www.securityfocus.com/bid/103356
https://bugzilla.suse.com/show_bug.cgi?id=1084755
https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=b3b7c4795ccab5be71f080774c45bbbcc75c2aaf
https://lkml.org/lkml/2018/3/2/970
Common Vulnerability Exposure (CVE) ID: CVE-2018-8781
https://patchwork.freedesktop.org/patch/211845/
https://research.checkpoint.com/mmap-vulnerabilities-linux-kernel/
Common Vulnerability Exposure (CVE) ID: CVE-2018-8822
BugTraq ID: 103476
http://www.securityfocus.com/bid/103476
http://www.openwall.com/lists/oss-security/2022/12/27/3
https://usn.ubuntu.com/3655-1/
https://usn.ubuntu.com/3655-2/
CopyrightCopyright (C) 2018 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.