English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.843646
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-3776-1)
Summary:The remote host is missing an update for the 'linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon' package(s) announced via the USN-3776-1 advisory.
Description:Summary:
The remote host is missing an update for the 'linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon' package(s) announced via the USN-3776-1 advisory.

Vulnerability Insight:
Jann Horn discovered that the vmacache subsystem did not properly handle
sequence number overflows, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or execute arbitrary code. (CVE-2018-17182)

It was discovered that the paravirtualization implementation in the Linux
kernel did not properly handle some indirect calls, reducing the
effectiveness of Spectre v2 mitigations for paravirtual guests. A local
attacker could use this to expose sensitive information. (CVE-2018-15594)

It was discovered that microprocessors utilizing speculative execution and
prediction of return addresses via Return Stack Buffer (RSB) may allow
unauthorized memory reads via sidechannel attacks. An attacker could use
this to expose sensitive information. (CVE-2018-15572)

It was discovered that a NULL pointer dereference could be triggered in the
OCFS2 file system implementation in the Linux kernel. A local attacker
could use this to cause a denial of service (system crash).
(CVE-2017-18216)

It was discovered that a race condition existed in the raw MIDI driver for
the Linux kernel, leading to a double free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2018-10902)

It was discovered that a stack-based buffer overflow existed in the iSCSI
target implementation of the Linux kernel. A remote attacker could use this
to cause a denial of service (system crash). (CVE-2018-14633)

It was discovered that the YUREX USB device driver for the Linux kernel did
not properly restrict user space reads or writes. A physically proximate
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2018-16276)

It was discovered that a memory leak existed in the IRDA subsystem of the
Linux kernel. A local attacker could use this to cause a denial of service
(kernel memory exhaustion). (CVE-2018-6554)

It was discovered that a use-after-free vulnerability existed in the IRDA
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2018-6555)

Affected Software/OS:
'linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon' package(s) on Ubuntu 16.04.

Solution:
Please install the updated package(s).

CVSS Score:
8.3

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2017-18216
BugTraq ID: 103278
http://www.securityfocus.com/bid/103278
Debian Security Information: DSA-4187 (Google Search)
https://www.debian.org/security/2018/dsa-4187
Debian Security Information: DSA-4188 (Google Search)
https://www.debian.org/security/2018/dsa-4188
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=853bc26a7ea39e354b9f8889ae7ad1492ffa28d2
https://github.com/torvalds/linux/commit/853bc26a7ea39e354b9f8889ae7ad1492ffa28d2
https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html
https://usn.ubuntu.com/3776-1/
https://usn.ubuntu.com/3776-2/
https://usn.ubuntu.com/3798-1/
https://usn.ubuntu.com/3798-2/
Common Vulnerability Exposure (CVE) ID: CVE-2018-10902
1041529
http://www.securitytracker.com/id/1041529
105119
http://www.securityfocus.com/bid/105119
DSA-4308
https://www.debian.org/security/2018/dsa-4308
RHSA-2018:3083
https://access.redhat.com/errata/RHSA-2018:3083
RHSA-2018:3096
https://access.redhat.com/errata/RHSA-2018:3096
RHSA-2019:0415
https://access.redhat.com/errata/RHSA-2019:0415
RHSA-2019:0641
https://access.redhat.com/errata/RHSA-2019:0641
RHSA-2019:3217
https://access.redhat.com/errata/RHSA-2019:3217
RHSA-2019:3967
https://access.redhat.com/errata/RHSA-2019:3967
USN-3776-1
USN-3776-2
USN-3847-1
https://usn.ubuntu.com/3847-1/
USN-3847-2
https://usn.ubuntu.com/3847-2/
USN-3847-3
https://usn.ubuntu.com/3847-3/
USN-3849-1
https://usn.ubuntu.com/3849-1/
USN-3849-2
https://usn.ubuntu.com/3849-2/
[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update
https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10902
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39675f7a7c7e7702f7d5341f1e0d01db746543a0
Common Vulnerability Exposure (CVE) ID: CVE-2018-14633
105388
http://www.securityfocus.com/bid/105388
RHSA-2018:3651
https://access.redhat.com/errata/RHSA-2018:3651
RHSA-2018:3666
https://access.redhat.com/errata/RHSA-2018:3666
RHSA-2019:1946
https://access.redhat.com/errata/RHSA-2019:1946
USN-3775-1
https://usn.ubuntu.com/3775-1/
USN-3775-2
https://usn.ubuntu.com/3775-2/
USN-3777-1
https://usn.ubuntu.com/3777-1/
USN-3777-2
https://usn.ubuntu.com/3777-2/
USN-3777-3
https://usn.ubuntu.com/3777-3/
USN-3779-1
https://usn.ubuntu.com/3779-1/
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14633
https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.19/scsi-fixes&id=1816494330a83f2a064499d8ed2797045641f92c
https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.19/scsi-fixes&id=8c39e2699f8acb2e29782a834e56306da24937fe
https://seclists.org/oss-sec/2018/q3/270
Common Vulnerability Exposure (CVE) ID: CVE-2018-15572
Debian Security Information: DSA-4308 (Google Search)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdf82a7856b32d905c39afc85e34364491e46346
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.1
https://github.com/torvalds/linux/commit/fdf82a7856b32d905c39afc85e34364491e46346
Common Vulnerability Exposure (CVE) ID: CVE-2018-15594
BugTraq ID: 105120
http://www.securityfocus.com/bid/105120
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5800dc5c19f34e6e03b5adab1282535cb102fafd
https://github.com/torvalds/linux/commit/5800dc5c19f34e6e03b5adab1282535cb102fafd
https://twitter.com/grsecurity/status/1029324426142199808
RedHat Security Advisories: RHSA-2019:2029
https://access.redhat.com/errata/RHSA-2019:2029
RedHat Security Advisories: RHSA-2019:2043
https://access.redhat.com/errata/RHSA-2019:2043
http://www.securitytracker.com/id/1041601
SuSE Security Announcement: openSUSE-SU-2019:1407 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html
Common Vulnerability Exposure (CVE) ID: CVE-2018-16276
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f1e255d60ae66a9f672ff9a207ee6cd8e33d2679
https://bugzilla.suse.com/show_bug.cgi?id=1106095
https://bugzilla.suse.com/show_bug.cgi?id=1115593
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.7
https://github.com/torvalds/linux/commit/f1e255d60ae66a9f672ff9a207ee6cd8e33d2679
Common Vulnerability Exposure (CVE) ID: CVE-2018-17182
BugTraq ID: 105417
http://www.securityfocus.com/bid/105417
BugTraq ID: 106503
http://www.securityfocus.com/bid/106503
https://www.exploit-db.com/exploits/45497/
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7a9cdebdcc17e426fb5287e4a82db1dfe86339b2
https://github.com/torvalds/linux/commit/7a9cdebdcc17e426fb5287e4a82db1dfe86339b2
https://www.openwall.com/lists/oss-security/2018/09/18/4
RedHat Security Advisories: RHSA-2018:3656
https://access.redhat.com/errata/RHSA-2018:3656
http://www.securitytracker.com/id/1041748
Common Vulnerability Exposure (CVE) ID: CVE-2018-6554
BugTraq ID: 105302
http://www.securityfocus.com/bid/105302
https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html
https://www.spinics.net/lists/stable/msg255030.html
https://www.spinics.net/lists/stable/msg255034.html
Common Vulnerability Exposure (CVE) ID: CVE-2018-6555
BugTraq ID: 105304
http://www.securityfocus.com/bid/105304
https://www.spinics.net/lists/stable/msg255031.html
https://www.spinics.net/lists/stable/msg255035.html
CopyrightCopyright (C) 2018 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.