English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.844158
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-4117-1)
Summary:The remote host is missing an update for the 'linux-aws' package(s) announced via the USN-4117-1 advisory.
Description:Summary:
The remote host is missing an update for the 'linux-aws' package(s) announced via the USN-4117-1 advisory.

Vulnerability Insight:
It was discovered that a heap buffer overflow existed in the Marvell
Wireless LAN device driver for the Linux kernel. An attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2019-10126)

Amit Klein and Benny Pinkas discovered that the Linux kernel did not
sufficiently randomize IP ID values generated for connectionless networking
protocols. A remote attacker could use this to track particular Linux
devices. (CVE-2019-10638)

It was discovered that a NULL pointer dereference vulnerability existed in
the Near-field communication (NFC) implementation in the Linux kernel. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2019-12984)

Jann Horn discovered a use-after-free vulnerability in the Linux kernel
when accessing LDT entries in some situations. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2019-13233)

Jann Horn discovered that the ptrace implementation in the Linux kernel did
not properly record credentials in some situations. A local attacker could
use this to cause a denial of service (system crash) or possibly gain
administrative privileges. (CVE-2019-13272)

It was discovered that the floppy driver in the Linux kernel did not
properly validate meta data, leading to a buffer overread. A local attacker
could use this to cause a denial of service (system crash).
(CVE-2019-14283)

It was discovered that the floppy driver in the Linux kernel did not
properly validate ioctl() calls, leading to a division-by-zero. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2019-14284)

It was discovered that the Marvell Wireless LAN device driver in the Linux
kernel did not properly validate the BSS descriptor. A local attacker could
possibly use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2019-3846)

Jason Wang discovered that an infinite loop vulnerability existed in the
virtio net driver in the Linux kernel. A local attacker in a guest VM could
possibly use this to cause a denial of service in the host system.
(CVE-2019-3900)

Affected Software/OS:
'linux-aws' package(s) on Ubuntu 19.04.

Solution:
Please install the updated package(s).

CVSS Score:
8.3

CVSS Vector:
AV:A/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-10126
108817
http://www.securityfocus.com/bid/108817
20190618 [SECURITY] [DSA 4465-1] linux security update
https://seclists.org/bugtraq/2019/Jun/26
20190722 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)
https://seclists.org/bugtraq/2019/Jul/33
DSA-4465
https://www.debian.org/security/2019/dsa-4465
RHSA-2019:3055
https://access.redhat.com/errata/RHSA-2019:3055
RHSA-2019:3076
https://access.redhat.com/errata/RHSA-2019:3076
RHSA-2019:3089
https://access.redhat.com/errata/RHSA-2019:3089
RHSA-2019:3309
https://access.redhat.com/errata/RHSA-2019:3309
RHSA-2019:3517
https://access.redhat.com/errata/RHSA-2019:3517
RHSA-2020:0174
https://access.redhat.com/errata/RHSA-2020:0174
RHSA-2020:0204
https://access.redhat.com/errata/RHSA-2020:0204
USN-4093-1
https://usn.ubuntu.com/4093-1/
USN-4094-1
https://usn.ubuntu.com/4094-1/
USN-4095-1
https://usn.ubuntu.com/4095-1/
USN-4095-2
https://usn.ubuntu.com/4095-2/
USN-4117-1
https://usn.ubuntu.com/4117-1/
USN-4118-1
https://usn.ubuntu.com/4118-1/
[debian-lts-announce] 20190617 [SECURITY] [DLA 1823-1] linux security update
https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html
[debian-lts-announce] 20190618 [SECURITY] [DLA 1824-1] linux-4.9 security update
https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html
http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html
http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10126
https://security.netapp.com/advisory/ntap-20190710-0002/
https://support.f5.com/csp/article/K95593121
openSUSE-SU-2019:1716
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html
openSUSE-SU-2019:1757
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html
Common Vulnerability Exposure (CVE) ID: CVE-2019-10638
BugTraq ID: 109092
http://www.securityfocus.com/bid/109092
Bugtraq: 20190812 [SECURITY] [DSA 4495-1] linux security update (Google Search)
https://seclists.org/bugtraq/2019/Aug/13
Bugtraq: 20190813 [SECURITY] [DSA 4497-1] linux security update (Google Search)
https://seclists.org/bugtraq/2019/Aug/18
Bugtraq: 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01) (Google Search)
https://seclists.org/bugtraq/2019/Nov/11
https://security.netapp.com/advisory/ntap-20190806-0001/
Debian Security Information: DSA-4495 (Google Search)
https://www.debian.org/security/2019/dsa-4495
Debian Security Information: DSA-4497 (Google Search)
https://www.debian.org/security/2019/dsa-4497
http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
https://arxiv.org/pdf/1906.10478.pdf
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.7
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=355b98553789b646ed97ad801a619ff898471b92
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=df453700e8d81b1bdafdf684365ee2b9431fb702
https://github.com/torvalds/linux/commit/355b98553789b646ed97ad801a619ff898471b92
https://github.com/torvalds/linux/commit/55f0fc7a02de8f12757f4937143d8d5091b2e40b
https://github.com/torvalds/linux/commit/df453700e8d81b1bdafdf684365ee2b9431fb702
https://www.oracle.com/security-alerts/cpuApr2021.html
https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html
https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html
RedHat Security Advisories: RHSA-2019:3309
RedHat Security Advisories: RHSA-2019:3517
SuSE Security Announcement: openSUSE-SU-2019:1716 (Google Search)
SuSE Security Announcement: openSUSE-SU-2019:1757 (Google Search)
https://usn.ubuntu.com/4114-1/
https://usn.ubuntu.com/4115-1/
https://usn.ubuntu.com/4116-1/
Common Vulnerability Exposure (CVE) ID: CVE-2019-12984
BugTraq ID: 108905
http://www.securityfocus.com/bid/108905
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.13
https://github.com/torvalds/linux/commit/385097a3675749cbc9e97c085c0e5dfe4269ca51
Common Vulnerability Exposure (CVE) ID: CVE-2019-13233
http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html
https://bugs.chromium.org/p/project-zero/issues/detail?id=1879
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.9
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=de9f869616dd95e95c00bdd6b0fcd3421e8a4323
https://github.com/torvalds/linux/commit/de9f869616dd95e95c00bdd6b0fcd3421e8a4323
Common Vulnerability Exposure (CVE) ID: CVE-2019-13272
Bugtraq: 20190722 [SECURITY] [DSA 4484-1] linux security update (Google Search)
https://seclists.org/bugtraq/2019/Jul/30
Bugtraq: 20190722 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01) (Google Search)
Debian Security Information: DSA-4484 (Google Search)
https://www.debian.org/security/2019/dsa-4484
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGRK5LYWBJ4E4SRI4DKX367NHYSI3VOH/
http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.html
http://packetstormsecurity.com/files/154957/Linux-Polkit-pkexec-Helper-PTRACE_TRACEME-Local-Root.html
http://packetstormsecurity.com/files/156929/Linux-PTRACE_TRACEME-Local-Root.html
http://packetstormsecurity.com/files/165051/Linux-Kernel-5.1.x-PTRACE_TRACEME-pkexec-Local-Privilege-Escalation.html
https://bugs.chromium.org/p/project-zero/issues/detail?id=1903
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee
https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee
https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html
https://lists.debian.org/debian-lts-announce/2019/07/msg00023.html
RedHat Security Advisories: RHSA-2019:2405
https://access.redhat.com/errata/RHSA-2019:2405
RedHat Security Advisories: RHSA-2019:2411
https://access.redhat.com/errata/RHSA-2019:2411
RedHat Security Advisories: RHSA-2019:2809
https://access.redhat.com/errata/RHSA-2019:2809
Common Vulnerability Exposure (CVE) ID: CVE-2019-14283
Bugtraq: 20190814 [slackware-security] Slackware 14.2 kernel (SSA:2019-226-01) (Google Search)
https://seclists.org/bugtraq/2019/Aug/26
http://packetstormsecurity.com/files/154059/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=da99466ac243f15fbba65bd261bfc75ffa1532b6
https://github.com/torvalds/linux/commit/da99466ac243f15fbba65bd261bfc75ffa1532b6
SuSE Security Announcement: openSUSE-SU-2019:1923 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html
SuSE Security Announcement: openSUSE-SU-2019:1924 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html
Common Vulnerability Exposure (CVE) ID: CVE-2019-14284
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f3554aeb991214cbfafd17d55e2bfddb50282e32
https://github.com/torvalds/linux/commit/f3554aeb991214cbfafd17d55e2bfddb50282e32
Common Vulnerability Exposure (CVE) ID: CVE-2019-3846
FEDORA-2019-7ec378191e
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLGWJKLMTBBB53D5QLS4HOY2EH246WBE/
FEDORA-2019-f40bd7826f
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J36BIJTKEPUOZKJNHQBUZA47RQONUKOI/
RHSA-2019:2703
https://access.redhat.com/errata/RHSA-2019:2703
RHSA-2019:2741
https://access.redhat.com/errata/RHSA-2019:2741
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3846
https://seclists.org/oss-sec/2019/q2/133
openSUSE-SU-2019:1570
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html
openSUSE-SU-2019:1571
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00040.html
openSUSE-SU-2019:1579
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html
Common Vulnerability Exposure (CVE) ID: CVE-2019-3900
108076
http://www.securityfocus.com/bid/108076
20190813 [SECURITY] [DSA 4497-1] linux security update
20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
DSA-4497
FEDORA-2019-8219efa9f6
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYTZH6QCNITK7353S6RCRT2PQHZSDPXD/
FEDORA-2019-87d807d7cb
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TOFNJA5NNVXQ6AV6KGZB677JIVXAMJHT/
FEDORA-2019-a6cd583a8d
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RI3WXXM5URTZSR3RVEKO6MDXDFIKTZ5R/
RHSA-2019:1973
https://access.redhat.com/errata/RHSA-2019:1973
RHSA-2019:2029
https://access.redhat.com/errata/RHSA-2019:2029
RHSA-2019:2043
https://access.redhat.com/errata/RHSA-2019:2043
RHSA-2019:3220
https://access.redhat.com/errata/RHSA-2019:3220
RHSA-2019:3836
https://access.redhat.com/errata/RHSA-2019:3836
RHSA-2019:3967
https://access.redhat.com/errata/RHSA-2019:3967
RHSA-2019:4058
https://access.redhat.com/errata/RHSA-2019:4058
USN-4114-1
USN-4115-1
USN-4116-1
[debian-lts-announce] 20190814 [SECURITY] [DLA 1884-1] linux security update
[debian-lts-announce] 20190814 [SECURITY] [DLA 1885-1] linux-4.9 security update
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3900
https://security.netapp.com/advisory/ntap-20190517-0005/
https://www.spinics.net/lists/kernel/msg3111012.html
CopyrightCopyright (C) 2019 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.