Test ID:	1.3.6.1.4.1.25623.1.0.843923
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-3901-1)
Summary:	The remote host is missing an update for the 'linux, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-oracle, linux-raspi2' package(s) announced via the USN-3901-1 advisory.
Description:	Summary: The remote host is missing an update for the 'linux, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-oracle, linux-raspi2' package(s) announced via the USN-3901-1 advisory. Vulnerability Insight: Jann Horn discovered that the userfaultd implementation in the Linux kernel did not properly restrict access to certain ioctls. A local attacker could use this possibly to modify files. (CVE-2018-18397) It was discovered that the crypto subsystem of the Linux kernel leaked uninitialized memory to user space in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-19854) Jann Horn discovered a race condition in the fork() system call in the Linux kernel. A local attacker could use this to gain access to services that cache authorizations. (CVE-2019-6133) Affected Software/OS: 'linux, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-oracle, linux-raspi2' package(s) on Ubuntu 18.04. Solution: Please install the updated package(s). CVSS Score: 4.4 CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-18397 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=29ec90660d68bbdd69507c1c8b4e33aa299278b1 https://bugs.chromium.org/p/project-zero/issues/detail?id=1700 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.87 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.7 https://github.com/torvalds/linux/commit/29ec90660d68bbdd69507c1c8b4e33aa299278b1 RedHat Security Advisories: RHBA-2019:0327 https://access.redhat.com/errata/RHBA-2019:0327 RedHat Security Advisories: RHSA-2019:0163 https://access.redhat.com/errata/RHSA-2019:0163 RedHat Security Advisories: RHSA-2019:0202 https://access.redhat.com/errata/RHSA-2019:0202 RedHat Security Advisories: RHSA-2019:0324 https://access.redhat.com/errata/RHSA-2019:0324 RedHat Security Advisories: RHSA-2019:0831 https://access.redhat.com/errata/RHSA-2019:0831 https://usn.ubuntu.com/3901-1/ https://usn.ubuntu.com/3901-2/ https://usn.ubuntu.com/3903-1/ https://usn.ubuntu.com/3903-2/ Common Vulnerability Exposure (CVE) ID: CVE-2018-19854 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f43f39958beb206b53292801e216d9b8a660f087 https://github.com/torvalds/linux/commit/f43f39958beb206b53292801e216d9b8a660f087 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.3 RedHat Security Advisories: RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3309 RedHat Security Advisories: RHSA-2019:3517 https://access.redhat.com/errata/RHSA-2019:3517 https://usn.ubuntu.com/3872-1/ https://usn.ubuntu.com/3878-1/ https://usn.ubuntu.com/3878-2/ Common Vulnerability Exposure (CVE) ID: CVE-2019-6133 BugTraq ID: 106537 http://www.securityfocus.com/bid/106537 https://bugs.chromium.org/p/project-zero/issues/detail?id=1692 https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81 https://gitlab.freedesktop.org/polkit/polkit/merge_requests/19 https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html RedHat Security Advisories: RHSA-2019:0230 https://access.redhat.com/errata/RHSA-2019:0230 RedHat Security Advisories: RHSA-2019:0420 https://access.redhat.com/errata/RHSA-2019:0420 RedHat Security Advisories: RHSA-2019:0832 https://access.redhat.com/errata/RHSA-2019:0832 RedHat Security Advisories: RHSA-2019:2699 https://access.redhat.com/errata/RHSA-2019:2699 RedHat Security Advisories: RHSA-2019:2978 https://access.redhat.com/errata/RHSA-2019:2978 SuSE Security Announcement: openSUSE-SU-2019:1914 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00049.html https://usn.ubuntu.com/3908-1/ https://usn.ubuntu.com/3908-2/ https://usn.ubuntu.com/3910-1/ https://usn.ubuntu.com/3910-2/ https://usn.ubuntu.com/3934-1/ https://usn.ubuntu.com/3934-2/
Copyright	Copyright (C) 2019 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.