Test ID:	1.3.6.1.4.1.25623.1.0.843822
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-3821-1)
Summary:	The remote host is missing an update for the 'linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon' package(s) announced via the USN-3821-1 advisory.
Description:	Summary: The remote host is missing an update for the 'linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon' package(s) announced via the USN-3821-1 advisory. Vulnerability Insight: Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly ensure that xattr information remained in inode bodies. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10880) It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. (CVE-2018-13053) Wen Xu discovered that the f2fs filesystem implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13096) Wen Xu and Po-Ning Tseng discovered that the btrfs filesystem implementation in the Linux kernel did not properly handle relocations in some situations. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14609) Wen Xu discovered that the HFS+ filesystem implementation in the Linux kernel did not properly handle malformed catalog data in some situations. An attacker could use this to construct a malicious HFS+ image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14617) Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. (CVE-2018-17972) It was discovered that the KVM implementation in the Linux kernel on ARM 64bit processors did not properly handle some ioctls. An attacker with the privilege to create KVM-based virtual machines could use this to cause a denial of service (host system crash) or execute arbitrary code in the host. (CVE-2018-18021) Affected Software/OS: 'linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon' package(s) on Ubuntu 16.04. Solution: Please install the updated package(s). CVSS Score: 7.1 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-10880 104907 http://www.securityfocus.com/bid/104907 106503 http://www.securityfocus.com/bid/106503 RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:2948 USN-3821-1 https://usn.ubuntu.com/3821-1/ USN-3821-2 https://usn.ubuntu.com/3821-2/ USN-3871-1 https://usn.ubuntu.com/3871-1/ USN-3871-3 https://usn.ubuntu.com/3871-3/ USN-3871-4 https://usn.ubuntu.com/3871-4/ USN-3871-5 https://usn.ubuntu.com/3871-5/ [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html http://patchwork.ozlabs.org/patch/930639/ https://bugzilla.kernel.org/show_bug.cgi?id=200005 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10880 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8cdb5240ec5928b20490a2bb34cb87e9a5f40226 Common Vulnerability Exposure (CVE) ID: CVE-2018-13053 BugTraq ID: 104671 http://www.securityfocus.com/bid/104671 https://bugzilla.kernel.org/show_bug.cgi?id=200303 https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=5f936e19cc0ef97dbe3a56e9498922ad5ba1edef https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html RedHat Security Advisories: RHSA-2019:0831 https://access.redhat.com/errata/RHSA-2019:0831 RedHat Security Advisories: RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2029 RedHat Security Advisories: RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2019:2043 https://usn.ubuntu.com/4094-1/ https://usn.ubuntu.com/4118-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-13096 Bugtraq: 20190130 [slackware-security] Slackware 14.2 kernel (SSA:2019-030-01) (Google Search) https://seclists.org/bugtraq/2019/Jan/52 http://packetstormsecurity.com/files/151420/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html https://bugzilla.kernel.org/show_bug.cgi?id=200167 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e34438c903b653daca2b2a7de95aed46226f8ed3 SuSE Security Announcement: openSUSE-SU-2018:3202 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html Common Vulnerability Exposure (CVE) ID: CVE-2018-14609 BugTraq ID: 104917 http://www.securityfocus.com/bid/104917 Debian Security Information: DSA-4308 (Google Search) https://www.debian.org/security/2018/dsa-4308 https://bugzilla.kernel.org/show_bug.cgi?id=199833 https://patchwork.kernel.org/patch/10500521/ https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html Common Vulnerability Exposure (CVE) ID: CVE-2018-14617 https://bugzilla.kernel.org/show_bug.cgi?id=200297 https://www.spinics.net/lists/linux-fsdevel/msg130021.html Common Vulnerability Exposure (CVE) ID: CVE-2018-17972 BugTraq ID: 105525 http://www.securityfocus.com/bid/105525 https://marc.info/?l=linux-fsdevel&m=153806242024956&w=2 RedHat Security Advisories: RHSA-2019:0512 https://access.redhat.com/errata/RHSA-2019:0512 RedHat Security Advisories: RHSA-2019:0514 https://access.redhat.com/errata/RHSA-2019:0514 RedHat Security Advisories: RHSA-2019:2473 https://access.redhat.com/errata/RHSA-2019:2473 SuSE Security Announcement: openSUSE-SU-2019:1407 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html https://usn.ubuntu.com/3832-1/ https://usn.ubuntu.com/3835-1/ https://usn.ubuntu.com/3880-1/ https://usn.ubuntu.com/3880-2/ Common Vulnerability Exposure (CVE) ID: CVE-2018-18021 BugTraq ID: 105550 http://www.securityfocus.com/bid/105550 Debian Security Information: DSA-4313 (Google Search) https://www.debian.org/security/2018/dsa-4313 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2a3f93459d689d990b3ecfbe782fec89b97d3279 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d26c25a9d19b5976b319af528886f89cf455692d https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.12 https://github.com/torvalds/linux/commit/2a3f93459d689d990b3ecfbe782fec89b97d3279 https://github.com/torvalds/linux/commit/d26c25a9d19b5976b319af528886f89cf455692d https://www.openwall.com/lists/oss-security/2018/10/02/2 RedHat Security Advisories: RHSA-2018:3656 https://access.redhat.com/errata/RHSA-2018:3656 https://usn.ubuntu.com/3931-1/ https://usn.ubuntu.com/3931-2/
Copyright	Copyright (C) 2018 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.