Test ID:	1.3.6.1.4.1.25623.1.0.843595
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-3718-1)
Summary:	The remote host is missing an update for the 'linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem' package(s) announced via the USN-3718-1 advisory.
Description:	Summary: The remote host is missing an update for the 'linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem' package(s) announced via the USN-3718-1 advisory. Vulnerability Insight: USN-3695-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. Unfortunately, the fix for CVE-2018-1108 introduced a regression where insufficient early entropy prevented services from starting, leading in some situations to a failure to boot, This update addresses the issue. We apologize for the inconvenience. Original advisory details: Jann Horn discovered that the Linux kernel's implementation of random seed data reported that it was in a ready state before it had gathered sufficient entropy. An attacker could use this to expose sensitive information. (CVE-2018-1108) Wen Xu discovered that the ext4 file system implementation in the Linux kernel did not properly initialize the crc32c checksum driver. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1094) It was discovered that the cdrom driver in the Linux kernel contained an incorrect bounds check. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-10940) Wen Xu discovered that the ext4 file system implementation in the Linux kernel did not properly validate xattr sizes. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1095) Jann Horn discovered that the 32 bit adjtimex() syscall implementation for 64 bit Linux kernels did not properly initialize memory returned to user space in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-11508) It was discovered that an information leak vulnerability existed in the floppy driver in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-7755) Affected Software/OS: 'linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem' package(s) on Ubuntu 18.04. Solution: Please install the updated package(s). CVSS Score: 7.1 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-1094 RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:2948 RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3083 RHSA-2018:3096 https://access.redhat.com/errata/RHSA-2018:3096 USN-3695-1 https://usn.ubuntu.com/3695-1/ USN-3695-2 https://usn.ubuntu.com/3695-2/ http://openwall.com/lists/oss-security/2018/03/29/1 https://bugzilla.kernel.org/show_bug.cgi?id=199183 https://bugzilla.redhat.com/show_bug.cgi?id=1560788 https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=18db4b4e6fc31eda838dd1c1296d67dbcb3dc957 https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=a45403b51582a87872927a3e0fc0a389c26867f1 Common Vulnerability Exposure (CVE) ID: CVE-2018-10940 BugTraq ID: 104154 http://www.securityfocus.com/bid/104154 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9de4ee40547fd315d4a0ed1dd15a2fa3559ad707 https://github.com/torvalds/linux/commit/9de4ee40547fd315d4a0ed1dd15a2fa3559ad707 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.6 https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html RedHat Security Advisories: RHSA-2018:2948 RedHat Security Advisories: RHSA-2018:3083 RedHat Security Advisories: RHSA-2018:3096 https://usn.ubuntu.com/3676-1/ https://usn.ubuntu.com/3676-2/ https://usn.ubuntu.com/3754-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-1095 https://bugzilla.kernel.org/show_bug.cgi?id=199185 https://bugzilla.redhat.com/show_bug.cgi?id=1560793 https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=ce3fd194fcc6fbdc00ce095a852f22df97baa401 Common Vulnerability Exposure (CVE) ID: CVE-2018-1108 BugTraq ID: 104055 http://www.securityfocus.com/bid/104055 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1108 Debian Security Information: DSA-4188 (Google Search) https://www.debian.org/security/2018/dsa-4188 https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html https://usn.ubuntu.com/3718-1/ https://usn.ubuntu.com/3718-2/ https://usn.ubuntu.com/3752-1/ https://usn.ubuntu.com/3752-2/ https://usn.ubuntu.com/3752-3/ Common Vulnerability Exposure (CVE) ID: CVE-2018-11508 BugTraq ID: 104292 http://www.securityfocus.com/bid/104292 https://www.exploit-db.com/exploits/46208/ http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0a0b98734479aa5b3c671d5190e86273372cab95 https://bugs.chromium.org/p/project-zero/issues/detail?id=1574 https://github.com/torvalds/linux/commit/0a0b98734479aa5b3c671d5190e86273372cab95 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.9 https://usn.ubuntu.com/3697-1/ https://usn.ubuntu.com/3697-2/ Common Vulnerability Exposure (CVE) ID: CVE-2018-7755 Debian Security Information: DSA-4308 (Google Search) https://www.debian.org/security/2018/dsa-4308 https://lkml.org/lkml/2018/3/7/1116 https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html RedHat Security Advisories: RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2029 RedHat Security Advisories: RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2019:2043 https://usn.ubuntu.com/3696-1/ https://usn.ubuntu.com/3696-2/ https://usn.ubuntu.com/3698-1/ https://usn.ubuntu.com/3698-2/
Copyright	Copyright (C) 2018 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.