 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.844758 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu: Security Advisory (USN-4659-2) |
| Summary: | The remote host is missing an update for the 'linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oracle, linux-raspi' package(s) announced via the USN-4659-2 advisory. |
| Description: | Summary: The remote host is missing an update for the 'linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oracle, linux-raspi' package(s) announced via the USN-4659-2 advisory. Vulnerability Insight: USN-4659-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression in the software raid10 driver when used with fstrim that could lead to data corruption. This update fixes the problem. Original advisory details: It was discovered that a race condition existed in the binder IPC implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-0423) Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proximate attacker could use this to impersonate a previously paired Bluetooth device. (CVE-2020-10135) It was discovered that a race condition existed in the perf subsystem of the Linux kernel, leading to a use-after-free vulnerability. An attacker with access to the perf subsystem could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-14351) Keyu Man discovered that the ICMP global rate limiter in the Linux kernel could be used to assist in scanning open UDP ports. A remote attacker could use to facilitate attacks on UDP based services that depend on source port randomization. (CVE-2020-25705) It was discovered that the KVM hypervisor in the Linux kernel did not properly handle interrupts in certain situations. A local attacker in a guest VM could possibly use this to cause a denial of service (host system crash). (CVE-2020-27152) It was discovered that the framebuffer implementation in the Linux kernel did not properly perform range checks in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-28915) It was discovered that Power 9 processors could be coerced to expose information from the L1 cache in certain situations. A local attacker could use this to expose sensitive information. (CVE-2020-4788) Affected Software/OS: 'linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oracle, linux-raspi' package(s) on Ubuntu 20.10. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2020-0423 https://source.android.com/security/bulletin/2020-10-01 https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html Common Vulnerability Exposure (CVE) ID: CVE-2020-10135 CERT/CC vulnerability note: VU#647177 https://kb.cert.org/vuls/id/647177/ https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/bias-vulnerability/ http://seclists.org/fulldisclosure/2020/Jun/5 http://packetstormsecurity.com/files/157922/Bluetooth-Impersonation-Attack-BIAS-Proof-Of-Concept.html https://francozappa.github.io/about-bias/ SuSE Security Announcement: openSUSE-SU-2020:1153 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html SuSE Security Announcement: openSUSE-SU-2020:1236 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html Common Vulnerability Exposure (CVE) ID: CVE-2020-14351 https://bugzilla.redhat.com/show_bug.cgi?id=1862849 https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html Common Vulnerability Exposure (CVE) ID: CVE-2020-25705 https://us-cert.cisa.gov/ics/advisories/icsa-21-131-03 Common Vulnerability Exposure (CVE) ID: CVE-2020-27152 https://bugzilla.kernel.org/show_bug.cgi?id=208767 http://www.openwall.com/lists/oss-security/2020/11/03/1 Common Vulnerability Exposure (CVE) ID: CVE-2020-28915 https://bugzilla.suse.com/show_bug.cgi?id=1178886 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.15 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5af08640795b2b9a940c9266c0260455377ae262 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6735b4632def0640dbdf4eb9f99816aca18c4f16 https://syzkaller.appspot.com/bug?id=08b8be45afea11888776f897895aef9ad1c3ecfd Common Vulnerability Exposure (CVE) ID: CVE-2020-4788 https://www.ibm.com/support/pages/node/6370729 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZF4OGZPKTAJJXWHPIFP3LHEWWEMR5LPT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TITJQPYDWZ4NB2ONJWUXW75KSQIPF35T/ https://www.oracle.com/security-alerts/cpujul2022.html http://www.openwall.com/lists/oss-security/2020/11/20/3 http://www.openwall.com/lists/oss-security/2020/11/23/1 XForce ISS Database: ibm-i-cve20204788-info-disc (189296) https://exchange.xforce.ibmcloud.com/vulnerabilities/189296 |
| Copyright | Copyright (C) 2020 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |