English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.844647
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-4578-1)
Summary:The remote host is missing an update for the 'linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon' package(s) announced via the USN-4578-1 advisory.
Description:Summary:
The remote host is missing an update for the 'linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon' package(s) announced via the USN-4578-1 advisory.

Vulnerability Insight:
Hadar Manor discovered that the DCCP protocol implementation in the Linux
kernel improperly handled socket reuse, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2020-16119)

Wen Xu discovered that the XFS file system in the Linux kernel did not
properly validate inode metadata in some situations. An attacker could use
this to construct a malicious XFS image that, when mounted, could cause a
denial of service (system crash). (CVE-2018-10322)

It was discovered that the btrfs file system in the Linux kernel contained
a use-after-free vulnerability when merging free space. An attacker could
use this to construct a malicious btrfs image that, when mounted and
operated on, could cause a denial of service (system crash).
(CVE-2019-19448)

Jay Shin discovered that the ext4 file system implementation in the Linux
kernel did not properly handle directory access with broken indexing,
leading to an out-of-bounds read vulnerability. A local attacker could use
this to cause a denial of service (system crash). (CVE-2020-14314)

Giuseppe Scrivano discovered that the overlay file system in the Linux
kernel did not properly perform permission checks in some situations. A
local attacker could possibly use this to bypass intended restrictions and
gain read access to restricted files. (CVE-2020-16120)

It was discovered that the NFS client implementation in the Linux kernel
did not properly perform bounds checking before copying security labels in
some situations. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2020-25212)

It was discovered that the NFC implementation in the Linux kernel did not
properly perform permissions checks when opening raw sockets. A local
attacker could use this to create or listen to NFC traffic.
(CVE-2020-26088)

Affected Software/OS:
'linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon' package(s) on Ubuntu 14.04, Ubuntu 16.04, Ubuntu 18.04.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-10322
BugTraq ID: 103960
http://www.securityfocus.com/bid/103960
https://bugzilla.kernel.org/show_bug.cgi?id=199377
https://www.spinics.net/lists/linux-xfs/msg17215.html
RedHat Security Advisories: RHSA-2018:2948
https://access.redhat.com/errata/RHSA-2018:2948
RedHat Security Advisories: RHSA-2018:3083
https://access.redhat.com/errata/RHSA-2018:3083
RedHat Security Advisories: RHSA-2018:3096
https://access.redhat.com/errata/RHSA-2018:3096
https://usn.ubuntu.com/4578-1/
https://usn.ubuntu.com/4579-1/
Common Vulnerability Exposure (CVE) ID: CVE-2019-19448
https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19448
https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html
https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html
https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html
Common Vulnerability Exposure (CVE) ID: CVE-2020-14314
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14314
https://www.starwindsoftware.com/security/sw-20210325-0003/
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5872331b3d91820e14716632ebb56b1399b34fe1
https://lore.kernel.org/linux-ext4/f53e246b-647c-64bb-16ec-135383c70ad7@redhat.com/T/#u
https://usn.ubuntu.com/4576-1/
Common Vulnerability Exposure (CVE) ID: CVE-2020-16119
https://lore.kernel.org/netdev/20201013171849.236025-1-kleber.souza@canonical.com/T/
Debian Security Information: DSA-4978 (Google Search)
https://www.debian.org/security/2021/dsa-4978
https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=01872cb896c76cedeabe93a08456976ab55ad695
https://launchpad.net/bugs/1883840
https://ubuntu.com/USN-4576-1
https://ubuntu.com/USN-4577-1
https://ubuntu.com/USN-4578-1
https://ubuntu.com/USN-4579-1
https://ubuntu.com/USN-4580-1
Common Vulnerability Exposure (CVE) ID: CVE-2020-16120
https://git.kernel.org/linus/05acefb4872dae89e772729efb194af754c877e8
https://git.kernel.org/linus/48bd024b8a40d73ad6b086de2615738da0c7004f
https://git.kernel.org/linus/56230d956739b9cb1cbde439d76227d77979a04d
https://git.kernel.org/linus/b6650dab404c701d7fe08a108b746542a934da84
https://git.kernel.org/linus/d1d04ef8572bc8c22265057bd3d5a79f223f8f52
https://www.openwall.com/lists/oss-security/2020/10/14/2
https://launchpad.net/bugs/1894980
https://launchpad.net/bugs/1900141
Common Vulnerability Exposure (CVE) ID: CVE-2020-25212
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.3
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b4487b93545214a9db8cbf32e86411677b0cca21
https://twitter.com/grsecurity/status/1303370421958578179
SuSE Security Announcement: openSUSE-SU-2020:1655 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html
SuSE Security Announcement: openSUSE-SU-2020:1682 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00035.html
SuSE Security Announcement: openSUSE-SU-2020:1698 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html
https://usn.ubuntu.com/4525-1/
https://usn.ubuntu.com/4527-1/
Common Vulnerability Exposure (CVE) ID: CVE-2020-26088
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.2
https://github.com/torvalds/linux/commit/26896f01467a28651f7a536143fe5ac8449d4041
SuSE Security Announcement: openSUSE-SU-2020:1586 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html
CopyrightCopyright (C) 2020 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.