English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.844134
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-4095-1)
Summary:The remote host is missing an update for the 'linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon' package(s) announced via the USN-4095-1 advisory.
Description:Summary:
The remote host is missing an update for the 'linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon' package(s) announced via the USN-4095-1 advisory.

Vulnerability Insight:
Eli Biham and Lior Neumann discovered that the Bluetooth implementation in
the Linux kernel did not properly validate elliptic curve parameters during
Diffie-Hellman key exchange in some situations. An attacker could use this
to expose sensitive information. (CVE-2018-5383)

It was discovered that a heap buffer overflow existed in the Marvell
Wireless LAN device driver for the Linux kernel. An attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2019-10126)

Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors
incorrectly handle SWAPGS instructions during speculative execution. A
local attacker could use this to expose sensitive information (kernel
memory). (CVE-2019-1125)

Jann Horn discovered that a race condition existed in the Linux kernel when
performing core dumps. A local attacker could use this to cause a denial of
service (system crash) or expose sensitive information. (CVE-2019-11599)

It was discovered that the PowerPC dlpar implementation in the Linux kernel
did not properly check for allocation errors in some situations. A local
attacker could possibly use this to cause a denial of service (system
crash). (CVE-2019-12614)

Jann Horn discovered that the ptrace implementation in the Linux kernel did
not properly record credentials in some situations. A local attacker could
use this to cause a denial of service (system crash) or possibly gain
administrative privileges. (CVE-2019-13272)

It was discovered that the Marvell Wireless LAN device driver in the Linux
kernel did not properly validate the BSS descriptor. A local attacker could
possibly use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2019-3846)

Affected Software/OS:
'linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon' package(s) on Ubuntu 16.04.

Solution:
Please install the updated package(s).

CVSS Score:
8.3

CVSS Vector:
AV:A/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-5383
BugTraq ID: 104879
http://www.securityfocus.com/bid/104879
CERT/CC vulnerability note: VU#304725
https://www.kb.cert.org/vuls/id/304725
http://www.cs.technion.ac.il/~biham/BT/
https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html
RedHat Security Advisories: RHSA-2019:2169
https://access.redhat.com/errata/RHSA-2019:2169
http://www.securitytracker.com/id/1041432
https://usn.ubuntu.com/4094-1/
https://usn.ubuntu.com/4095-1/
https://usn.ubuntu.com/4095-2/
https://usn.ubuntu.com/4118-1/
https://usn.ubuntu.com/4351-1/
Common Vulnerability Exposure (CVE) ID: CVE-2019-10126
108817
http://www.securityfocus.com/bid/108817
20190618 [SECURITY] [DSA 4465-1] linux security update
https://seclists.org/bugtraq/2019/Jun/26
20190722 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)
https://seclists.org/bugtraq/2019/Jul/33
DSA-4465
https://www.debian.org/security/2019/dsa-4465
RHSA-2019:3055
https://access.redhat.com/errata/RHSA-2019:3055
RHSA-2019:3076
https://access.redhat.com/errata/RHSA-2019:3076
RHSA-2019:3089
https://access.redhat.com/errata/RHSA-2019:3089
RHSA-2019:3309
https://access.redhat.com/errata/RHSA-2019:3309
RHSA-2019:3517
https://access.redhat.com/errata/RHSA-2019:3517
RHSA-2020:0174
https://access.redhat.com/errata/RHSA-2020:0174
RHSA-2020:0204
https://access.redhat.com/errata/RHSA-2020:0204
USN-4093-1
https://usn.ubuntu.com/4093-1/
USN-4094-1
USN-4095-1
USN-4095-2
USN-4117-1
https://usn.ubuntu.com/4117-1/
USN-4118-1
[debian-lts-announce] 20190617 [SECURITY] [DLA 1823-1] linux security update
https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html
[debian-lts-announce] 20190618 [SECURITY] [DLA 1824-1] linux-4.9 security update
https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html
http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html
http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10126
https://security.netapp.com/advisory/ntap-20190710-0002/
https://support.f5.com/csp/article/K95593121
openSUSE-SU-2019:1716
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html
openSUSE-SU-2019:1757
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html
Common Vulnerability Exposure (CVE) ID: CVE-2019-1125
RHBA-2019:2824
https://access.redhat.com/errata/RHBA-2019:2824
RHBA-2019:3248
https://access.redhat.com/errata/RHBA-2019:3248
RHSA-2019:2600
https://access.redhat.com/errata/RHSA-2019:2600
RHSA-2019:2609
https://access.redhat.com/errata/RHSA-2019:2609
RHSA-2019:2695
https://access.redhat.com/errata/RHSA-2019:2695
RHSA-2019:2696
https://access.redhat.com/errata/RHSA-2019:2696
RHSA-2019:2730
https://access.redhat.com/errata/RHSA-2019:2730
RHSA-2019:2899
https://access.redhat.com/errata/RHSA-2019:2899
RHSA-2019:2900
https://access.redhat.com/errata/RHSA-2019:2900
RHSA-2019:2975
https://access.redhat.com/errata/RHSA-2019:2975
RHSA-2019:3011
https://access.redhat.com/errata/RHSA-2019:3011
RHSA-2019:3220
https://access.redhat.com/errata/RHSA-2019:3220
http://packetstormsecurity.com/files/156337/SWAPGS-Attack-Proof-Of-Concept.html
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-swapgs-en
https://kc.mcafee.com/corporate/index?page=content&id=SB10297
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1125
https://www.synology.com/security/advisory/Synology_SA_19_32
Common Vulnerability Exposure (CVE) ID: CVE-2019-11599
BugTraq ID: 108113
http://www.securityfocus.com/bid/108113
Bugtraq: 20190618 [SECURITY] [DSA 4465-1] linux security update (Google Search)
Bugtraq: 20190722 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01) (Google Search)
https://security.netapp.com/advisory/ntap-20190517-0002/
https://security.netapp.com/advisory/ntap-20200608-0001/
https://support.f5.com/csp/article/K51674118
https://support.f5.com/csp/article/K51674118?utm_source=f5support&utm_medium=RSS
Debian Security Information: DSA-4465 (Google Search)
https://www.exploit-db.com/exploits/46781/
http://packetstormsecurity.com/files/152663/Linux-Missing-Lockdown.html
https://bugs.chromium.org/p/project-zero/issues/detail?id=1790
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.37
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04f5866e41fb70690e28397487d8bd8eea7d712a
https://github.com/torvalds/linux/commit/04f5866e41fb70690e28397487d8bd8eea7d712a
https://www.oracle.com/security-alerts/cpuApr2021.html
https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html
https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html
http://www.openwall.com/lists/oss-security/2019/04/29/1
http://www.openwall.com/lists/oss-security/2019/04/29/2
http://www.openwall.com/lists/oss-security/2019/04/30/1
RedHat Security Advisories: RHSA-2019:2029
https://access.redhat.com/errata/RHSA-2019:2029
RedHat Security Advisories: RHSA-2019:2043
https://access.redhat.com/errata/RHSA-2019:2043
RedHat Security Advisories: RHSA-2019:3309
RedHat Security Advisories: RHSA-2019:3517
RedHat Security Advisories: RHSA-2020:0100
https://access.redhat.com/errata/RHSA-2020:0100
RedHat Security Advisories: RHSA-2020:0103
https://access.redhat.com/errata/RHSA-2020:0103
RedHat Security Advisories: RHSA-2020:0179
https://access.redhat.com/errata/RHSA-2020:0179
RedHat Security Advisories: RHSA-2020:0543
https://access.redhat.com/errata/RHSA-2020:0543
SuSE Security Announcement: openSUSE-SU-2019:1716 (Google Search)
SuSE Security Announcement: openSUSE-SU-2019:1757 (Google Search)
https://usn.ubuntu.com/4069-1/
https://usn.ubuntu.com/4069-2/
https://usn.ubuntu.com/4115-1/
Common Vulnerability Exposure (CVE) ID: CVE-2019-12614
BugTraq ID: 108550
http://www.securityfocus.com/bid/108550
Bugtraq: 20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01) (Google Search)
https://seclists.org/bugtraq/2020/Jan/10
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OBJHGQXA4PQ5EOGCOXEH3KFDNVZ2I4X7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDURACJVGIBIYBSGDZJTRDPX46H5WPZW/
http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?id=efa9ace68e487ddd29c2b4d6dd23242158f1f607
https://lkml.org/lkml/2019/6/3/526
Common Vulnerability Exposure (CVE) ID: CVE-2019-13272
Bugtraq: 20190722 [SECURITY] [DSA 4484-1] linux security update (Google Search)
https://seclists.org/bugtraq/2019/Jul/30
Debian Security Information: DSA-4484 (Google Search)
https://www.debian.org/security/2019/dsa-4484
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGRK5LYWBJ4E4SRI4DKX367NHYSI3VOH/
http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.html
http://packetstormsecurity.com/files/154957/Linux-Polkit-pkexec-Helper-PTRACE_TRACEME-Local-Root.html
http://packetstormsecurity.com/files/156929/Linux-PTRACE_TRACEME-Local-Root.html
http://packetstormsecurity.com/files/165051/Linux-Kernel-5.1.x-PTRACE_TRACEME-pkexec-Local-Privilege-Escalation.html
https://bugs.chromium.org/p/project-zero/issues/detail?id=1903
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee
https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee
https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html
https://lists.debian.org/debian-lts-announce/2019/07/msg00023.html
RedHat Security Advisories: RHSA-2019:2405
https://access.redhat.com/errata/RHSA-2019:2405
RedHat Security Advisories: RHSA-2019:2411
https://access.redhat.com/errata/RHSA-2019:2411
RedHat Security Advisories: RHSA-2019:2809
https://access.redhat.com/errata/RHSA-2019:2809
Common Vulnerability Exposure (CVE) ID: CVE-2019-3846
FEDORA-2019-7ec378191e
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLGWJKLMTBBB53D5QLS4HOY2EH246WBE/
FEDORA-2019-f40bd7826f
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J36BIJTKEPUOZKJNHQBUZA47RQONUKOI/
RHSA-2019:2703
https://access.redhat.com/errata/RHSA-2019:2703
RHSA-2019:2741
https://access.redhat.com/errata/RHSA-2019:2741
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3846
https://seclists.org/oss-sec/2019/q2/133
openSUSE-SU-2019:1570
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html
openSUSE-SU-2019:1571
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00040.html
openSUSE-SU-2019:1579
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html
Common Vulnerability Exposure (CVE) ID: CVE-2019-9503
https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html
https://bugzilla.redhat.com/show_bug.cgi?id=1701842
https://bugzilla.suse.com/show_bug.cgi?id=1132828
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4176ec356c73a46c07c181c6d04039fafa34a9f
https://kb.cert.org/vuls/id/166939/
https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9503.html
https://security-tracker.debian.org/tracker/CVE-2019-9503
CopyrightCopyright (C) 2019 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.