English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.843861
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-3847-3)
Summary:The remote host is missing an update for the 'linux-azure' package(s) announced via the USN-3847-3 advisory.
Description:Summary:
The remote host is missing an update for the 'linux-azure' package(s) announced via the USN-3847-3 advisory.

Vulnerability Insight:
USN-3847-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04
LTS. This update provides the corresponding updates for the Linux
kernel for Microsoft Azure Cloud systems for Ubuntu 14.04 LTS.

It was discovered that a race condition existed in the raw MIDI driver for
the Linux kernel, leading to a double free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2018-10902)

It was discovered that an integer overrun vulnerability existed in the
POSIX timers implementation in the Linux kernel. A local attacker could use
this to cause a denial of service. (CVE-2018-12896)

Noam Rathaus discovered that a use-after-free vulnerability existed in the
Infiniband implementation in the Linux kernel. An attacker could use this
to cause a denial of service (system crash). (CVE-2018-14734)

It was discovered that the YUREX USB device driver for the Linux kernel did
not properly restrict user space reads or writes. A physically proximate
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2018-16276)

It was discovered that the BPF verifier in the Linux kernel did not
correctly compute numeric bounds in some situations. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2018-18445)

Kanda Motohiro discovered that writing extended attributes to an XFS file
system in the Linux kernel in certain situations could cause an error
condition to occur. A local attacker could use this to cause a denial of
service. (CVE-2018-18690)

It was discovered that an integer overflow vulnerability existed in the
CDROM driver of the Linux kernel. A local attacker could use this to expose
sensitive information (kernel memory). (CVE-2018-18710)

Affected Software/OS:
'linux-azure' package(s) on Ubuntu 14.04.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-10902
1041529
http://www.securitytracker.com/id/1041529
105119
http://www.securityfocus.com/bid/105119
DSA-4308
https://www.debian.org/security/2018/dsa-4308
RHSA-2018:3083
https://access.redhat.com/errata/RHSA-2018:3083
RHSA-2018:3096
https://access.redhat.com/errata/RHSA-2018:3096
RHSA-2019:0415
https://access.redhat.com/errata/RHSA-2019:0415
RHSA-2019:0641
https://access.redhat.com/errata/RHSA-2019:0641
RHSA-2019:3217
https://access.redhat.com/errata/RHSA-2019:3217
RHSA-2019:3967
https://access.redhat.com/errata/RHSA-2019:3967
USN-3776-1
https://usn.ubuntu.com/3776-1/
USN-3776-2
https://usn.ubuntu.com/3776-2/
USN-3847-1
https://usn.ubuntu.com/3847-1/
USN-3847-2
https://usn.ubuntu.com/3847-2/
USN-3847-3
https://usn.ubuntu.com/3847-3/
USN-3849-1
https://usn.ubuntu.com/3849-1/
USN-3849-2
https://usn.ubuntu.com/3849-2/
[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update
https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10902
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39675f7a7c7e7702f7d5341f1e0d01db746543a0
Common Vulnerability Exposure (CVE) ID: CVE-2018-12896
https://bugzilla.kernel.org/show_bug.cgi?id=200189
https://github.com/lcytxw/bug_repro/tree/master/bug_200189
https://github.com/torvalds/linux/commit/78c9c4dfbf8c04883941445a195276bb4bb92c76
https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html
https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html
https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html
https://usn.ubuntu.com/3848-1/
https://usn.ubuntu.com/3848-2/
Common Vulnerability Exposure (CVE) ID: CVE-2018-14734
Debian Security Information: DSA-4308 (Google Search)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cb2595c1393b4a5211534e6f0a0fbad369e21ad8
https://github.com/torvalds/linux/commit/cb2595c1393b4a5211534e6f0a0fbad369e21ad8
RedHat Security Advisories: RHSA-2019:0831
https://access.redhat.com/errata/RHSA-2019:0831
RedHat Security Advisories: RHSA-2019:2029
https://access.redhat.com/errata/RHSA-2019:2029
RedHat Security Advisories: RHSA-2019:2043
https://access.redhat.com/errata/RHSA-2019:2043
https://usn.ubuntu.com/3797-1/
https://usn.ubuntu.com/3797-2/
Common Vulnerability Exposure (CVE) ID: CVE-2018-16276
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f1e255d60ae66a9f672ff9a207ee6cd8e33d2679
https://bugzilla.suse.com/show_bug.cgi?id=1106095
https://bugzilla.suse.com/show_bug.cgi?id=1115593
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.7
https://github.com/torvalds/linux/commit/f1e255d60ae66a9f672ff9a207ee6cd8e33d2679
Common Vulnerability Exposure (CVE) ID: CVE-2018-18445
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b799207e1e1816b09e7a5920fbb2d5fcf6edd681
https://bugs.chromium.org/p/project-zero/issues/detail?id=1686
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.75
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.13
https://github.com/torvalds/linux/commit/b799207e1e1816b09e7a5920fbb2d5fcf6edd681
RedHat Security Advisories: RHSA-2019:0512
https://access.redhat.com/errata/RHSA-2019:0512
RedHat Security Advisories: RHSA-2019:0514
https://access.redhat.com/errata/RHSA-2019:0514
https://usn.ubuntu.com/3832-1/
https://usn.ubuntu.com/3835-1/
Common Vulnerability Exposure (CVE) ID: CVE-2018-18690
BugTraq ID: 105753
http://www.securityfocus.com/bid/105753
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7b38460dc8e4eafba06c78f8e37099d3b34d473c
https://bugzilla.kernel.org/show_bug.cgi?id=199119
https://bugzilla.suse.com/show_bug.cgi?id=1105025
https://github.com/torvalds/linux/commit/7b38460dc8e4eafba06c78f8e37099d3b34d473c
Common Vulnerability Exposure (CVE) ID: CVE-2018-18710
BugTraq ID: 106041
http://www.securityfocus.com/bid/106041
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e4f3aa2e1e67bb48dfbaaf1cad59013d5a5bc276
https://github.com/torvalds/linux/commit/e4f3aa2e1e67bb48dfbaaf1cad59013d5a5bc276
https://usn.ubuntu.com/3846-1/
CopyrightCopyright (C) 2018 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.