English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.843856
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-3847-1)
Summary:The remote host is missing an update for the 'linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem, linux-raspi2' package(s) announced via the USN-3847-1 advisory.
Description:Summary:
The remote host is missing an update for the 'linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem, linux-raspi2' package(s) announced via the USN-3847-1 advisory.

Vulnerability Insight:
It was discovered that a race condition existed in the raw MIDI driver for
the Linux kernel, leading to a double free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2018-10902)

It was discovered that an integer overrun vulnerability existed in the
POSIX timers implementation in the Linux kernel. A local attacker could use
this to cause a denial of service. (CVE-2018-12896)

Noam Rathaus discovered that a use-after-free vulnerability existed in the
Infiniband implementation in the Linux kernel. An attacker could use this
to cause a denial of service (system crash). (CVE-2018-14734)

It was discovered that the YUREX USB device driver for the Linux kernel did
not properly restrict user space reads or writes. A physically proximate
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2018-16276)

It was discovered that the BPF verifier in the Linux kernel did not
correctly compute numeric bounds in some situations. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2018-18445)

Kanda Motohiro discovered that writing extended attributes to an XFS file
system in the Linux kernel in certain situations could cause an error
condition to occur. A local attacker could use this to cause a denial of
service. (CVE-2018-18690)

It was discovered that an integer overflow vulnerability existed in the
CDROM driver of the Linux kernel. A local attacker could use this to expose
sensitive information (kernel memory). (CVE-2018-18710)

Affected Software/OS:
'linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem, linux-raspi2' package(s) on Ubuntu 18.04.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-10902
1041529
http://www.securitytracker.com/id/1041529
105119
http://www.securityfocus.com/bid/105119
DSA-4308
https://www.debian.org/security/2018/dsa-4308
RHSA-2018:3083
https://access.redhat.com/errata/RHSA-2018:3083
RHSA-2018:3096
https://access.redhat.com/errata/RHSA-2018:3096
RHSA-2019:0415
https://access.redhat.com/errata/RHSA-2019:0415
RHSA-2019:0641
https://access.redhat.com/errata/RHSA-2019:0641
RHSA-2019:3217
https://access.redhat.com/errata/RHSA-2019:3217
RHSA-2019:3967
https://access.redhat.com/errata/RHSA-2019:3967
USN-3776-1
https://usn.ubuntu.com/3776-1/
USN-3776-2
https://usn.ubuntu.com/3776-2/
USN-3847-1
https://usn.ubuntu.com/3847-1/
USN-3847-2
https://usn.ubuntu.com/3847-2/
USN-3847-3
https://usn.ubuntu.com/3847-3/
USN-3849-1
https://usn.ubuntu.com/3849-1/
USN-3849-2
https://usn.ubuntu.com/3849-2/
[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update
https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10902
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39675f7a7c7e7702f7d5341f1e0d01db746543a0
Common Vulnerability Exposure (CVE) ID: CVE-2018-12896
https://bugzilla.kernel.org/show_bug.cgi?id=200189
https://github.com/lcytxw/bug_repro/tree/master/bug_200189
https://github.com/torvalds/linux/commit/78c9c4dfbf8c04883941445a195276bb4bb92c76
https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html
https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html
https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html
https://usn.ubuntu.com/3848-1/
https://usn.ubuntu.com/3848-2/
Common Vulnerability Exposure (CVE) ID: CVE-2018-14734
Debian Security Information: DSA-4308 (Google Search)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cb2595c1393b4a5211534e6f0a0fbad369e21ad8
https://github.com/torvalds/linux/commit/cb2595c1393b4a5211534e6f0a0fbad369e21ad8
RedHat Security Advisories: RHSA-2019:0831
https://access.redhat.com/errata/RHSA-2019:0831
RedHat Security Advisories: RHSA-2019:2029
https://access.redhat.com/errata/RHSA-2019:2029
RedHat Security Advisories: RHSA-2019:2043
https://access.redhat.com/errata/RHSA-2019:2043
https://usn.ubuntu.com/3797-1/
https://usn.ubuntu.com/3797-2/
Common Vulnerability Exposure (CVE) ID: CVE-2018-16276
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f1e255d60ae66a9f672ff9a207ee6cd8e33d2679
https://bugzilla.suse.com/show_bug.cgi?id=1106095
https://bugzilla.suse.com/show_bug.cgi?id=1115593
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.7
https://github.com/torvalds/linux/commit/f1e255d60ae66a9f672ff9a207ee6cd8e33d2679
Common Vulnerability Exposure (CVE) ID: CVE-2018-18445
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b799207e1e1816b09e7a5920fbb2d5fcf6edd681
https://bugs.chromium.org/p/project-zero/issues/detail?id=1686
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.75
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.13
https://github.com/torvalds/linux/commit/b799207e1e1816b09e7a5920fbb2d5fcf6edd681
RedHat Security Advisories: RHSA-2019:0512
https://access.redhat.com/errata/RHSA-2019:0512
RedHat Security Advisories: RHSA-2019:0514
https://access.redhat.com/errata/RHSA-2019:0514
https://usn.ubuntu.com/3832-1/
https://usn.ubuntu.com/3835-1/
Common Vulnerability Exposure (CVE) ID: CVE-2018-18690
BugTraq ID: 105753
http://www.securityfocus.com/bid/105753
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7b38460dc8e4eafba06c78f8e37099d3b34d473c
https://bugzilla.kernel.org/show_bug.cgi?id=199119
https://bugzilla.suse.com/show_bug.cgi?id=1105025
https://github.com/torvalds/linux/commit/7b38460dc8e4eafba06c78f8e37099d3b34d473c
Common Vulnerability Exposure (CVE) ID: CVE-2018-18710
BugTraq ID: 106041
http://www.securityfocus.com/bid/106041
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e4f3aa2e1e67bb48dfbaaf1cad59013d5a5bc276
https://github.com/torvalds/linux/commit/e4f3aa2e1e67bb48dfbaaf1cad59013d5a5bc276
https://usn.ubuntu.com/3846-1/
CopyrightCopyright (C) 2018 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.