 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.844765 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu: Security Advisory (USN-4680-1) |
| Summary: | The remote host is missing an update for the 'linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon' package(s) announced via the USN-4680-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon' package(s) announced via the USN-4680-1 advisory. Vulnerability Insight: It was discovered that debugfs in the Linux kernel as used by blktrace contained a use-after-free in some situations. A privileged local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-19770) It was discovered that a race condition existed in the binder IPC implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-0423) Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proximate attacker could use this to impersonate a previously paired Bluetooth device. (CVE-2020-10135) It was discovered that the console keyboard driver in the Linux kernel contained a race condition. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-25656) Minh Yuan discovered that the tty driver in the Linux kernel contained race conditions when handling fonts. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2020-25668) Keyu Man discovered that the ICMP global rate limiter in the Linux kernel could be used to assist in scanning open UDP ports. A remote attacker could use to facilitate attacks on UDP based services that depend on source port randomization. (CVE-2020-25705) Jinoh Kang discovered that the Xen event channel infrastructure in the Linux kernel contained a race condition. An attacker in guest could possibly use this to cause a denial of service (dom0 crash). (CVE-2020-27675) Daniel Axtens discovered that PowerPC RTAS implementation in the Linux kernel did not properly restrict memory accesses in some situations. A privileged local attacker could use this to arbitrarily modify kernel memory, potentially bypassing kernel lockdown restrictions. (CVE-2020-27777) Minh Yuan discovered that the framebuffer console driver in the Linux kernel did not properly handle fonts in some conditions. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2020-28974) Affected Software/OS: 'linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon' package(s) on Ubuntu 14.04, Ubuntu 16.04, Ubuntu 18.04. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2019-19770 https://bugzilla.kernel.org/show_bug.cgi?id=205713 https://lore.kernel.org/linux-block/20200402000002.7442-1-mcgrof@kernel.org/ https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html SuSE Security Announcement: openSUSE-SU-2020:0543 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html Common Vulnerability Exposure (CVE) ID: CVE-2020-0423 https://source.android.com/security/bulletin/2020-10-01 Common Vulnerability Exposure (CVE) ID: CVE-2020-10135 CERT/CC vulnerability note: VU#647177 https://kb.cert.org/vuls/id/647177/ https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/bias-vulnerability/ http://seclists.org/fulldisclosure/2020/Jun/5 http://packetstormsecurity.com/files/157922/Bluetooth-Impersonation-Attack-BIAS-Proof-Of-Concept.html https://francozappa.github.io/about-bias/ SuSE Security Announcement: openSUSE-SU-2020:1153 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html SuSE Security Announcement: openSUSE-SU-2020:1236 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html Common Vulnerability Exposure (CVE) ID: CVE-2020-25656 https://www.starwindsoftware.com/security/sw-20210325-0006/ https://bugzilla.redhat.com/show_bug.cgi?id=1888726 https://lkml.org/lkml/2020/10/16/84 https://lkml.org/lkml/2020/10/29/528 https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html Common Vulnerability Exposure (CVE) ID: CVE-2020-25668 https://bugzilla.redhat.com/show_bug.cgi?id=1893287, https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=90bfdeef83f1d6c696039b6a917190dcbbad3220 https://www.openwall.com/lists/oss-security/2020/10/30/1, https://www.openwall.com/lists/oss-security/2020/11/04/3, http://www.openwall.com/lists/oss-security/2020/10/30/1 http://www.openwall.com/lists/oss-security/2020/11/04/3 Common Vulnerability Exposure (CVE) ID: CVE-2020-25705 https://us-cert.cisa.gov/ics/advisories/icsa-21-131-03 Common Vulnerability Exposure (CVE) ID: CVE-2020-27675 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6USZ4APZSBQDHGJLJMHW5JBN4QZV6SKZ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ZG6TZLD23QO3PV2AN2HB625ZX47ALTT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNF2R7FUT4IOJ2RIRGQ7X5R4F4FVVLSR/ https://security.gentoo.org/glsa/202011-06 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=073d0552ead5bfc7a3a9c01de590e924f11b5dd2 https://github.com/torvalds/linux/commit/073d0552ead5bfc7a3a9c01de590e924f11b5dd2 https://xenbits.xen.org/xsa/advisory-331.html http://www.openwall.com/lists/oss-security/2021/01/19/3 Common Vulnerability Exposure (CVE) ID: CVE-2020-27777 https://bugzilla.redhat.com/show_bug.cgi?id=1900844 https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?h=next&id=bd59380c5ba4147dcbaad3e582b55ccfd120b764 https://www.openwall.com/lists/oss-security/2020/10/09/1 https://www.openwall.com/lists/oss-security/2020/11/23/2 Common Vulnerability Exposure (CVE) ID: CVE-2020-28974 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.7 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c4e0dff2095c579b142d5a0693257f1c58b4804 https://seclists.org/oss-sec/2020/q4/104 http://www.openwall.com/lists/oss-security/2020/11/25/1 |
| Copyright | Copyright (C) 2021 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |