Test ID:	1.3.6.1.4.1.25623.1.0.843926
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-3903-1)
Summary:	The remote host is missing an update for the 'linux, linux-azure, linux-gcp, linux-kvm, linux-raspi2' package(s) announced via the USN-3903-1 advisory.
Description:	Summary: The remote host is missing an update for the 'linux, linux-azure, linux-gcp, linux-kvm, linux-raspi2' package(s) announced via the USN-3903-1 advisory. Vulnerability Insight: Jason Wang discovered that the vhost net driver in the Linux kernel contained an out of bounds write vulnerability. An attacker in a guest virtual machine could use this to cause a denial of service (host system crash) or possibly execute arbitrary code in the host kernel. (CVE-2018-16880) Jann Horn discovered that the userfaultd implementation in the Linux kernel did not properly restrict access to certain ioctls. A local attacker could use this possibly to modify files. (CVE-2018-18397) Jann Horn discovered a race condition in the fork() system call in the Linux kernel. A local attacker could use this to gain access to services that cache authorizations. (CVE-2019-6133) Affected Software/OS: 'linux, linux-azure, linux-gcp, linux-kvm, linux-raspi2' package(s) on Ubuntu 18.10. Solution: Please install the updated package(s). CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-16880 106735 http://www.securityfocus.com/bid/106735 USN-3903-1 https://usn.ubuntu.com/3903-1/ USN-3903-2 https://usn.ubuntu.com/3903-2/ https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16880 https://support.f5.com/csp/article/K03593314 openSUSE-SU-2019:1404 http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html Common Vulnerability Exposure (CVE) ID: CVE-2018-18397 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=29ec90660d68bbdd69507c1c8b4e33aa299278b1 https://bugs.chromium.org/p/project-zero/issues/detail?id=1700 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.87 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.7 https://github.com/torvalds/linux/commit/29ec90660d68bbdd69507c1c8b4e33aa299278b1 RedHat Security Advisories: RHBA-2019:0327 https://access.redhat.com/errata/RHBA-2019:0327 RedHat Security Advisories: RHSA-2019:0163 https://access.redhat.com/errata/RHSA-2019:0163 RedHat Security Advisories: RHSA-2019:0202 https://access.redhat.com/errata/RHSA-2019:0202 RedHat Security Advisories: RHSA-2019:0324 https://access.redhat.com/errata/RHSA-2019:0324 RedHat Security Advisories: RHSA-2019:0831 https://access.redhat.com/errata/RHSA-2019:0831 https://usn.ubuntu.com/3901-1/ https://usn.ubuntu.com/3901-2/ Common Vulnerability Exposure (CVE) ID: CVE-2019-6133 BugTraq ID: 106537 http://www.securityfocus.com/bid/106537 https://bugs.chromium.org/p/project-zero/issues/detail?id=1692 https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81 https://gitlab.freedesktop.org/polkit/polkit/merge_requests/19 https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html RedHat Security Advisories: RHSA-2019:0230 https://access.redhat.com/errata/RHSA-2019:0230 RedHat Security Advisories: RHSA-2019:0420 https://access.redhat.com/errata/RHSA-2019:0420 RedHat Security Advisories: RHSA-2019:0832 https://access.redhat.com/errata/RHSA-2019:0832 RedHat Security Advisories: RHSA-2019:2699 https://access.redhat.com/errata/RHSA-2019:2699 RedHat Security Advisories: RHSA-2019:2978 https://access.redhat.com/errata/RHSA-2019:2978 SuSE Security Announcement: openSUSE-SU-2019:1914 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00049.html https://usn.ubuntu.com/3908-1/ https://usn.ubuntu.com/3908-2/ https://usn.ubuntu.com/3910-1/ https://usn.ubuntu.com/3910-2/ https://usn.ubuntu.com/3934-1/ https://usn.ubuntu.com/3934-2/
Copyright	Copyright (C) 2019 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.