Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.871855
Category:Red Hat Local Security Checks
Title:RedHat Update for kernel RHSA-2017:1842-01
Summary:The remote host is missing an update for the 'kernel'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'kernel'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The kernel packages contain the Linux
kernel, the core of any Linux operating system. Security Fix(es): * An
use-after-free flaw was found in the Linux kernel which enables a race condition
in the L2TPv3 IP Encapsulation feature. A local user could use this flaw to
escalate their privileges or crash the system. (CVE-2016-10200, Important) * A
flaw was found that can be triggered in keyring_search_iterator in keyring.c if
type- match is NULL. A local user could use this flaw to crash the system or,
potentially, escalate their privileges. (CVE-2017-2647, Important) * It was
found that the NFSv4 server in the Linux kernel did not properly validate layout
type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. A remote
attacker could use this flaw to soft-lockup the system and thus cause denial of
service. (CVE-2017-8797, Important) This update also fixes multiple Moderate and
Low impact security issues: * CVE-2015-8839, CVE-2015-8970, CVE-2016-9576,
CVE-2016-7042, CVE-2016-7097, CVE-2016-8645, CVE-2016-9576, CVE-2016-9588,
CVE-2016-9806, CVE-2016-10088, CVE-2016-10147, CVE-2017-2596, CVE-2017-2671,
CVE-2017-5970, CVE-2017-6001, CVE-2017-6951, CVE-2017-7187, CVE-2017-7616,
CVE-2017-7889, CVE-2017-8890, CVE-2017-9074, CVE-2017-8890, CVE-2017-9075,
CVE-2017-8890, CVE-2017-9076, CVE-2017-8890, CVE-2017-9077, CVE-2017-9242,
CVE-2014-7970, CVE-2014-7975, CVE-2016-6213, CVE-2016-9604, CVE-2016-9685
Documentation for these issues is available from the Release Notes document
linked from the References section. Red Hat would like to thank Igor Redko
(Virtuozzo) and Andrey Ryabinin (Virtuozzo) for reporting CVE-2017-2647 Igor
Redko (Virtuozzo) and Vasily Averin (Virtuozzo) for reporting CVE-2015-8970
Marco Grassi for reporting CVE-2016-8645 and Dmitry Vyukov (Google Inc.) for
reporting CVE-2017-2596. The CVE-2016-7042 issue was discovered by Ondrej Kozina
(Red Hat) the CVE-2016-7097 issue was discovered by Andreas Gruenbacher (Red
Hat) and Jan Kara (SUSE) the CVE-2016-6213 and CVE-2016-9685 issues were
discovered by Qian Cai (Red Hat) and the CVE-2016-9604 issue was discovered by
David Howells (Red Hat). Additional Changes: For detailed information on other
changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes
linked from the References section.

Affected Software/OS:
kernel on Red Hat Enterprise Linux Server (v. 7)

Solution:
Please Install the Updated Packages.

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-7970
BugTraq ID: 70319
http://www.securityfocus.com/bid/70319
http://www.spinics.net/lists/linux-fsdevel/msg79153.html
http://www.openwall.com/lists/oss-security/2014/10/08/21
RedHat Security Advisories: RHSA-2017:1842
https://access.redhat.com/errata/RHSA-2017:1842
RedHat Security Advisories: RHSA-2017:2077
https://access.redhat.com/errata/RHSA-2017:2077
http://www.securitytracker.com/id/1030991
http://secunia.com/advisories/60174
http://secunia.com/advisories/61142
SuSE Security Announcement: SUSE-SU-2015:0736 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html
http://www.ubuntu.com/usn/USN-2419-1
http://www.ubuntu.com/usn/USN-2420-1
http://www.ubuntu.com/usn/USN-2513-1
http://www.ubuntu.com/usn/USN-2514-1
XForce ISS Database: linux-kernel-cve20147970-dos(96921)
https://exchange.xforce.ibmcloud.com/vulnerabilities/96921
Common Vulnerability Exposure (CVE) ID: CVE-2014-7975
BugTraq ID: 70314
http://www.securityfocus.com/bid/70314
http://www.openwall.com/lists/oss-security/2014/10/08/22
http://thread.gmane.org/gmane.linux.kernel.stable/109312
http://www.securitytracker.com/id/1031180
http://secunia.com/advisories/61145
http://secunia.com/advisories/62633
http://secunia.com/advisories/62634
http://www.ubuntu.com/usn/USN-2415-1
http://www.ubuntu.com/usn/USN-2416-1
http://www.ubuntu.com/usn/USN-2417-1
http://www.ubuntu.com/usn/USN-2418-1
http://www.ubuntu.com/usn/USN-2421-1
XForce ISS Database: linux-kernel-cve20147975-dos(96994)
https://exchange.xforce.ibmcloud.com/vulnerabilities/96994
Common Vulnerability Exposure (CVE) ID: CVE-2015-8839
BugTraq ID: 85798
http://www.securityfocus.com/bid/85798
https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html
https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html
http://www.openwall.com/lists/oss-security/2016/04/01/4
RedHat Security Advisories: RHSA-2017:2669
https://access.redhat.com/errata/RHSA-2017:2669
http://www.securitytracker.com/id/1035455
http://www.ubuntu.com/usn/USN-3005-1
http://www.ubuntu.com/usn/USN-3006-1
http://www.ubuntu.com/usn/USN-3007-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-8970
BugTraq ID: 94217
http://www.securityfocus.com/bid/94217
http://www.openwall.com/lists/oss-security/2016/11/04/3
RedHat Security Advisories: RHSA-2017:2437
https://access.redhat.com/errata/RHSA-2017:2437
RedHat Security Advisories: RHSA-2017:2444
https://access.redhat.com/errata/RHSA-2017:2444
Common Vulnerability Exposure (CVE) ID: CVE-2016-6213
BugTraq ID: 91754
http://www.securityfocus.com/bid/91754
http://www.openwall.com/lists/oss-security/2016/07/13/8
Common Vulnerability Exposure (CVE) ID: CVE-2016-7042
BugTraq ID: 93544
http://www.securityfocus.com/bid/93544
http://www.openwall.com/lists/oss-security/2016/10/13/5
RedHat Security Advisories: RHSA-2017:0817
http://rhn.redhat.com/errata/RHSA-2017-0817.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-7097
BugTraq ID: 92659
http://www.securityfocus.com/bid/92659
http://www.spinics.net/lists/linux-fsdevel/msg98328.html
http://marc.info/?l=linux-fsdevel&m=147162313630259&w=2
http://www.openwall.com/lists/oss-security/2016/08/26/3
http://www.securitytracker.com/id/1038201
http://www.ubuntu.com/usn/USN-3146-1
http://www.ubuntu.com/usn/USN-3146-2
http://www.ubuntu.com/usn/USN-3147-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-8645
BugTraq ID: 94264
http://www.securityfocus.com/bid/94264
http://www.openwall.com/lists/oss-security/2016/11/11/3
http://www.openwall.com/lists/oss-security/2016/11/30/3
http://www.securitytracker.com/id/1037285
Common Vulnerability Exposure (CVE) ID: CVE-2016-9576
BugTraq ID: 94821
http://www.securityfocus.com/bid/94821
http://www.openwall.com/lists/oss-security/2016/12/08/19
SuSE Security Announcement: SUSE-SU-2016:3146 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00062.html
SuSE Security Announcement: SUSE-SU-2016:3188 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00072.html
SuSE Security Announcement: SUSE-SU-2016:3203 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00075.html
SuSE Security Announcement: SUSE-SU-2016:3217 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00081.html
SuSE Security Announcement: SUSE-SU-2016:3248 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00088.html
SuSE Security Announcement: SUSE-SU-2016:3252 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00091.html
SuSE Security Announcement: openSUSE-SU-2016:3085 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00040.html
SuSE Security Announcement: openSUSE-SU-2016:3086 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00041.html
SuSE Security Announcement: openSUSE-SU-2016:3118 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00057.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-9588
BugTraq ID: 94933
http://www.securityfocus.com/bid/94933
Debian Security Information: DSA-3804 (Google Search)
http://www.debian.org/security/2017/dsa-3804
http://www.openwall.com/lists/oss-security/2016/12/15/3
https://usn.ubuntu.com/3822-1/
https://usn.ubuntu.com/3822-2/
Common Vulnerability Exposure (CVE) ID: CVE-2016-9604
BugTraq ID: 102135
http://www.securityfocus.com/bid/102135
Common Vulnerability Exposure (CVE) ID: CVE-2016-9685
BugTraq ID: 94593
http://www.securityfocus.com/bid/94593
http://www.openwall.com/lists/oss-security/2016/11/30/1
Common Vulnerability Exposure (CVE) ID: CVE-2016-9806
BugTraq ID: 94653
http://www.securityfocus.com/bid/94653
http://lists.openwall.net/netdev/2016/05/15/69
http://www.openwall.com/lists/oss-security/2016/12/03/4
http://www.securitytracker.com/id/1037968
Common Vulnerability Exposure (CVE) ID: CVE-2017-2596
BugTraq ID: 95878
http://www.securityfocus.com/bid/95878
Debian Security Information: DSA-3791 (Google Search)
http://www.debian.org/security/2017/dsa-3791
http://www.openwall.com/lists/oss-security/2017/01/31/4
Common Vulnerability Exposure (CVE) ID: CVE-2017-2647
BugTraq ID: 97258
http://www.securityfocus.com/bid/97258
https://usn.ubuntu.com/3849-1/
https://usn.ubuntu.com/3849-2/
Common Vulnerability Exposure (CVE) ID: CVE-2017-2671
BugTraq ID: 97407
http://www.securityfocus.com/bid/97407
https://www.exploit-db.com/exploits/42135/
https://github.com/danieljiang0415/android_kernel_crash_poc
https://twitter.com/danieljiang0415/status/845116665184497664
http://openwall.com/lists/oss-security/2017/04/04/8
RedHat Security Advisories: RHSA-2018:1854
https://access.redhat.com/errata/RHSA-2018:1854
https://usn.ubuntu.com/3754-1/
Common Vulnerability Exposure (CVE) ID: CVE-2017-5970
BugTraq ID: 96233
http://www.securityfocus.com/bid/96233
http://www.openwall.com/lists/oss-security/2017/02/12/3
Common Vulnerability Exposure (CVE) ID: CVE-2017-6001
BugTraq ID: 96264
http://www.securityfocus.com/bid/96264
http://www.openwall.com/lists/oss-security/2017/02/16/1
Common Vulnerability Exposure (CVE) ID: CVE-2017-6951
BugTraq ID: 96943
http://www.securityfocus.com/bid/96943
http://www.spinics.net/lists/keyrings/msg01845.html
http://www.spinics.net/lists/keyrings/msg01846.html
http://www.spinics.net/lists/keyrings/msg01849.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-7187
BugTraq ID: 96989
http://www.securityfocus.com/bid/96989
https://gist.github.com/dvyukov/48ad14e84de45b0be92b7f0eda20ff1b
https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.11/scsi-fixes&id=bf33f87dd04c371ea33feb821b60d63d754e3124
http://www.securitytracker.com/id/1038086
Common Vulnerability Exposure (CVE) ID: CVE-2017-7616
BugTraq ID: 97527
http://www.securityfocus.com/bid/97527
http://www.securitytracker.com/id/1038503
Common Vulnerability Exposure (CVE) ID: CVE-2017-7889
BugTraq ID: 97690
http://www.securityfocus.com/bid/97690
Debian Security Information: DSA-3945 (Google Search)
http://www.debian.org/security/2017/dsa-3945
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a4866aa812518ed1a37d8ea0c881dc946409de94
http://www.openwall.com/lists/oss-security/2017/04/16/4
https://github.com/torvalds/linux/commit/a4866aa812518ed1a37d8ea0c881dc946409de94
https://usn.ubuntu.com/3583-1/
https://usn.ubuntu.com/3583-2/
Common Vulnerability Exposure (CVE) ID: CVE-2017-8797
BugTraq ID: 99298
http://www.securityfocus.com/bid/99298
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b550a32e60a4941994b437a8d662432a486235a5
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f961e3f2acae94b727380c0b74e2d3954d0edf79
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.3
http://www.openwall.com/lists/oss-security/2017/06/27/5
https://bugzilla.redhat.com/show_bug.cgi?id=1466329
https://github.com/torvalds/linux/commit/b550a32e60a4941994b437a8d662432a486235a5
https://github.com/torvalds/linux/commit/f961e3f2acae94b727380c0b74e2d3954d0edf79
http://www.securitytracker.com/id/1038790
Common Vulnerability Exposure (CVE) ID: CVE-2017-8890
BugTraq ID: 98562
http://www.securityfocus.com/bid/98562
Debian Security Information: DSA-3886 (Google Search)
http://www.debian.org/security/2017/dsa-3886
Common Vulnerability Exposure (CVE) ID: CVE-2017-9074
BugTraq ID: 98577
http://www.securityfocus.com/bid/98577
RedHat Security Advisories: RHSA-2018:0169
https://access.redhat.com/errata/RHSA-2018:0169
Common Vulnerability Exposure (CVE) ID: CVE-2017-9075
BugTraq ID: 98597
http://www.securityfocus.com/bid/98597
Common Vulnerability Exposure (CVE) ID: CVE-2017-9076
BugTraq ID: 98586
http://www.securityfocus.com/bid/98586
Common Vulnerability Exposure (CVE) ID: CVE-2017-9077
BugTraq ID: 98583
http://www.securityfocus.com/bid/98583
Common Vulnerability Exposure (CVE) ID: CVE-2017-9242
BugTraq ID: 98731
http://www.securityfocus.com/bid/98731
CopyrightCopyright (C) 2017 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.