English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.843924
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-3901-2)
Summary:The remote host is missing an update for the 'linux-aws-hwe, linux-azure, linux-gcp, linux-hwe, linux-oracle' package(s) announced via the USN-3901-2 advisory.
Description:Summary:
The remote host is missing an update for the 'linux-aws-hwe, linux-azure, linux-gcp, linux-hwe, linux-oracle' package(s) announced via the USN-3901-2 advisory.

Vulnerability Insight:
USN-3901-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu
16.04 LTS.

Jann Horn discovered that the userfaultd implementation in the Linux kernel
did not properly restrict access to certain ioctls. A local attacker could
use this possibly to modify files. (CVE-2018-18397)

It was discovered that the crypto subsystem of the Linux kernel leaked
uninitialized memory to user space in some situations. A local attacker
could use this to expose sensitive information (kernel memory).
(CVE-2018-19854)

Jann Horn discovered a race condition in the fork() system call in the
Linux kernel. A local attacker could use this to gain access to services
that cache authorizations. (CVE-2019-6133)

Affected Software/OS:
'linux-aws-hwe, linux-azure, linux-gcp, linux-hwe, linux-oracle' package(s) on Ubuntu 14.04, Ubuntu 16.04.

Solution:
Please install the updated package(s).

CVSS Score:
4.4

CVSS Vector:
AV:L/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-18397
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=29ec90660d68bbdd69507c1c8b4e33aa299278b1
https://bugs.chromium.org/p/project-zero/issues/detail?id=1700
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.87
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.7
https://github.com/torvalds/linux/commit/29ec90660d68bbdd69507c1c8b4e33aa299278b1
RedHat Security Advisories: RHBA-2019:0327
https://access.redhat.com/errata/RHBA-2019:0327
RedHat Security Advisories: RHSA-2019:0163
https://access.redhat.com/errata/RHSA-2019:0163
RedHat Security Advisories: RHSA-2019:0202
https://access.redhat.com/errata/RHSA-2019:0202
RedHat Security Advisories: RHSA-2019:0324
https://access.redhat.com/errata/RHSA-2019:0324
RedHat Security Advisories: RHSA-2019:0831
https://access.redhat.com/errata/RHSA-2019:0831
https://usn.ubuntu.com/3901-1/
https://usn.ubuntu.com/3901-2/
https://usn.ubuntu.com/3903-1/
https://usn.ubuntu.com/3903-2/
Common Vulnerability Exposure (CVE) ID: CVE-2018-19854
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f43f39958beb206b53292801e216d9b8a660f087
https://github.com/torvalds/linux/commit/f43f39958beb206b53292801e216d9b8a660f087
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.3
RedHat Security Advisories: RHSA-2019:3309
https://access.redhat.com/errata/RHSA-2019:3309
RedHat Security Advisories: RHSA-2019:3517
https://access.redhat.com/errata/RHSA-2019:3517
https://usn.ubuntu.com/3872-1/
https://usn.ubuntu.com/3878-1/
https://usn.ubuntu.com/3878-2/
Common Vulnerability Exposure (CVE) ID: CVE-2019-6133
BugTraq ID: 106537
http://www.securityfocus.com/bid/106537
https://bugs.chromium.org/p/project-zero/issues/detail?id=1692
https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf
https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81
https://gitlab.freedesktop.org/polkit/polkit/merge_requests/19
https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html
https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html
https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html
RedHat Security Advisories: RHSA-2019:0230
https://access.redhat.com/errata/RHSA-2019:0230
RedHat Security Advisories: RHSA-2019:0420
https://access.redhat.com/errata/RHSA-2019:0420
RedHat Security Advisories: RHSA-2019:0832
https://access.redhat.com/errata/RHSA-2019:0832
RedHat Security Advisories: RHSA-2019:2699
https://access.redhat.com/errata/RHSA-2019:2699
RedHat Security Advisories: RHSA-2019:2978
https://access.redhat.com/errata/RHSA-2019:2978
SuSE Security Announcement: openSUSE-SU-2019:1914 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00049.html
https://usn.ubuntu.com/3908-1/
https://usn.ubuntu.com/3908-2/
https://usn.ubuntu.com/3910-1/
https://usn.ubuntu.com/3910-2/
https://usn.ubuntu.com/3934-1/
https://usn.ubuntu.com/3934-2/
CopyrightCopyright (C) 2019 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.