Debian Local Security Checks : Debian: Security Advisory (DLA-1392-1)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.891392
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DLA-1392-1)
Summary:	The remote host is missing an update for the Debian 'linux' package(s) announced via the DLA-1392-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'linux' package(s) announced via the DLA-1392-1 advisory. Vulnerability Insight: Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service. CVE-2018-1093 Wen Xu reported that a crafted ext4 filesystem image could trigger an out-of-bounds read in the ext4_valid_block_bitmap() function. A local user able to mount arbitrary filesystems could use this for denial of service. CVE-2018-1130 The syzbot software found that the DCCP implementation of sendmsg() does not check the socket state, potentially leading to a null pointer dereference. A local user could use this to cause a denial of service (crash). CVE-2018-8897 Nick Peterson of Everdox Tech LLC discovered that #DB exceptions that are deferred by MOV SS or POP SS are not properly handled, allowing an unprivileged user to crash the kernel and cause a denial of service. CVE-2018-10940 Dan Carpenter reported that the cdrom driver does not correctly validate the parameter to the CDROM_MEDIA_CHANGED ioctl. A user with access to a cdrom device could use this to cause a denial of service (crash). For Debian 7 Wheezy, these problems have been fixed in version 3.2.102-1. This version also includes bug fixes from upstream version 3.2.102, including a fix for a regression in the SCTP implementation in version 3.2.101. We recommend that you upgrade your linux packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: [link moved to references] Affected Software/OS: 'linux' package(s) on Debian 7. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-1093 DSA-4188 https://www.debian.org/security/2018/dsa-4188 USN-3676-1 https://usn.ubuntu.com/3676-1/ USN-3676-2 https://usn.ubuntu.com/3676-2/ USN-3752-1 https://usn.ubuntu.com/3752-1/ USN-3752-2 https://usn.ubuntu.com/3752-2/ USN-3752-3 https://usn.ubuntu.com/3752-3/ USN-3754-1 https://usn.ubuntu.com/3754-1/ [debian-lts-announce] 20180601 [SECURITY] [DLA 1392-1] linux security update https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html [debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html [debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html http://openwall.com/lists/oss-security/2018/03/29/1 https://bugzilla.kernel.org/show_bug.cgi?id=199181 https://bugzilla.redhat.com/show_bug.cgi?id=1560782 https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=7dac4a1726a9c64a517d595c40e95e2d0d135f6f Common Vulnerability Exposure (CVE) ID: CVE-2018-10940 BugTraq ID: 104154 http://www.securityfocus.com/bid/104154 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9de4ee40547fd315d4a0ed1dd15a2fa3559ad707 https://github.com/torvalds/linux/commit/9de4ee40547fd315d4a0ed1dd15a2fa3559ad707 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.6 https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html RedHat Security Advisories: RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:2948 RedHat Security Advisories: RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3083 RedHat Security Advisories: RHSA-2018:3096 https://access.redhat.com/errata/RHSA-2018:3096 https://usn.ubuntu.com/3695-1/ https://usn.ubuntu.com/3695-2/ Common Vulnerability Exposure (CVE) ID: CVE-2018-1130 https://syzkaller.appspot.com/bug?id=833568de043e0909b2aeaef7be136db39d21ba94 https://marc.info/?l=linux-netdev&m=152036596825220&w=2 RedHat Security Advisories: RHSA-2018:1854 https://access.redhat.com/errata/RHSA-2018:1854 https://usn.ubuntu.com/3654-1/ https://usn.ubuntu.com/3654-2/ https://usn.ubuntu.com/3656-1/ https://usn.ubuntu.com/3697-1/ https://usn.ubuntu.com/3697-2/ https://usn.ubuntu.com/3698-1/ https://usn.ubuntu.com/3698-2/ Common Vulnerability Exposure (CVE) ID: CVE-2018-8897 BugTraq ID: 104071 http://www.securityfocus.com/bid/104071 CERT/CC vulnerability note: VU#631579 https://www.kb.cert.org/vuls/id/631579 Debian Security Information: DSA-4196 (Google Search) https://www.debian.org/security/2018/dsa-4196 Debian Security Information: DSA-4201 (Google Search) https://www.debian.org/security/2018/dsa-4201 https://www.exploit-db.com/exploits/44697/ https://www.exploit-db.com/exploits/45024/ http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9 http://openwall.com/lists/oss-security/2018/05/08/1 http://openwall.com/lists/oss-security/2018/05/08/4 https://bugzilla.redhat.com/show_bug.cgi?id=1567074 https://github.com/can1357/CVE-2018-8897/ https://github.com/torvalds/linux/commit/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9 https://patchwork.kernel.org/patch/10386677/ https://support.apple.com/HT208742 https://svnweb.freebsd.org/base?view=revision&revision=333368 https://www.freebsd.org/security/advisories/FreeBSD-SA-18:06.debugreg.asc https://www.triplefault.io/2018/05/spurious-db-exceptions-with-pop-ss.html https://xenbits.xen.org/xsa/advisory-260.html https://lists.debian.org/debian-lts-announce/2018/05/msg00015.html https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html RedHat Security Advisories: RHSA-2018:1318 https://access.redhat.com/errata/RHSA-2018:1318 RedHat Security Advisories: RHSA-2018:1319 https://access.redhat.com/errata/RHSA-2018:1319 RedHat Security Advisories: RHSA-2018:1345 https://access.redhat.com/errata/RHSA-2018:1345 RedHat Security Advisories: RHSA-2018:1346 https://access.redhat.com/errata/RHSA-2018:1346 RedHat Security Advisories: RHSA-2018:1347 https://access.redhat.com/errata/RHSA-2018:1347 RedHat Security Advisories: RHSA-2018:1348 https://access.redhat.com/errata/RHSA-2018:1348 RedHat Security Advisories: RHSA-2018:1349 https://access.redhat.com/errata/RHSA-2018:1349 RedHat Security Advisories: RHSA-2018:1350 https://access.redhat.com/errata/RHSA-2018:1350 RedHat Security Advisories: RHSA-2018:1351 https://access.redhat.com/errata/RHSA-2018:1351 RedHat Security Advisories: RHSA-2018:1352 https://access.redhat.com/errata/RHSA-2018:1352 RedHat Security Advisories: RHSA-2018:1353 https://access.redhat.com/errata/RHSA-2018:1353 RedHat Security Advisories: RHSA-2018:1354 https://access.redhat.com/errata/RHSA-2018:1354 RedHat Security Advisories: RHSA-2018:1355 https://access.redhat.com/errata/RHSA-2018:1355 RedHat Security Advisories: RHSA-2018:1524 https://access.redhat.com/errata/RHSA-2018:1524 http://www.securitytracker.com/id/1040744 http://www.securitytracker.com/id/1040849 http://www.securitytracker.com/id/1040861 http://www.securitytracker.com/id/1040866 http://www.securitytracker.com/id/1040882 https://usn.ubuntu.com/3641-1/ https://usn.ubuntu.com/3641-2/
Copyright	Copyright (C) 2018 Greenbone AG