English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.12.2017.3406.2
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-3406-2)
Summary:The remote host is missing an update for the 'linux-lts-trusty' package(s) announced via the USN-3406-2 advisory.
Description:Summary:
The remote host is missing an update for the 'linux-lts-trusty' package(s) announced via the USN-3406-2 advisory.

Vulnerability Insight:
USN-3406-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu
12.04 ESM.

It was discovered that an out of bounds read vulnerability existed in the
associative array implementation in the Linux kernel. A local attacker
could use this to cause a denial of service (system crash) or expose
sensitive information. (CVE-2016-7914)

It was discovered that a NULL pointer dereference existed in the Direct
Rendering Manager (DRM) driver for VMWare devices in the Linux kernel. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2017-7261)

It was discovered that the USB Cypress HID drivers for the Linux kernel did
not properly validate reported information from the device. An attacker
with physical access could use this to expose sensitive information (kernel
memory). (CVE-2017-7273)

A reference count bug was discovered in the Linux kernel ipx protocol
stack. A local attacker could exploit this flaw to cause a denial of
service or possibly other unspecified problems. (CVE-2017-7487)

Huang Weller discovered that the ext4 filesystem implementation in the
Linux kernel mishandled a needs-flushing-before-commit list. A local
attacker could use this to expose sensitive information. (CVE-2017-7495)

It was discovered that an information leak existed in the set_mempolicy and
mbind compat syscalls in the Linux kernel. A local attacker could use this
to expose sensitive information (kernel memory). (CVE-2017-7616)

Affected Software/OS:
'linux-lts-trusty' package(s) on Ubuntu 12.04.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2016-7914
BugTraq ID: 94138
http://www.securityfocus.com/bid/94138
RedHat Security Advisories: RHSA-2016:2574
http://rhn.redhat.com/errata/RHSA-2016-2574.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-7261
BugTraq ID: 97096
http://www.securityfocus.com/bid/97096
http://marc.info/?t=149037004200005&r=1&w=2
https://bugzilla.redhat.com/show_bug.cgi?id=1435719
https://lists.freedesktop.org/archives/dri-devel/2017-March/136814.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-7273
BugTraq ID: 97190
http://www.securityfocus.com/bid/97190
Common Vulnerability Exposure (CVE) ID: CVE-2017-7487
1039237
http://www.securitytracker.com/id/1039237
98439
http://www.securityfocus.com/bid/98439
DSA-3886
http://www.debian.org/security/2017/dsa-3886
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee0d8d8482345ff97a75a7d747efc309f13b0d80
https://bugzilla.redhat.com/show_bug.cgi?id=1447734
https://github.com/torvalds/linux/commit/ee0d8d8482345ff97a75a7d747efc309f13b0d80
https://patchwork.ozlabs.org/patch/757549/
https://source.android.com/security/bulletin/2017-09-01
Common Vulnerability Exposure (CVE) ID: CVE-2017-7495
98491
http://www.securityfocus.com/bid/98491
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=06bd3c36a733ac27962fea7d6f47168841376824
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.2
http://www.openwall.com/lists/oss-security/2017/05/15/2
https://bugzilla.redhat.com/show_bug.cgi?id=1450261
https://github.com/torvalds/linux/commit/06bd3c36a733ac27962fea7d6f47168841376824
Common Vulnerability Exposure (CVE) ID: CVE-2017-7616
BugTraq ID: 97527
http://www.securityfocus.com/bid/97527
RedHat Security Advisories: RHSA-2017:1842
https://access.redhat.com/errata/RHSA-2017:1842
RedHat Security Advisories: RHSA-2017:2077
https://access.redhat.com/errata/RHSA-2017:2077
RedHat Security Advisories: RHSA-2018:1854
https://access.redhat.com/errata/RHSA-2018:1854
http://www.securitytracker.com/id/1038503
CopyrightCopyright (C) 2022 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.