English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.12.2018.3698.2
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-3698-2)
Summary:The remote host is missing an update for the 'linux-lts-trusty' package(s) announced via the USN-3698-2 advisory.
Description:Summary:
The remote host is missing an update for the 'linux-lts-trusty' package(s) announced via the USN-3698-2 advisory.

Vulnerability Insight:
USN-3698-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu
12.04 ESM.

It was discovered that the nested KVM implementation in the Linux kernel in
some situations did not properly prevent second level guests from reading
and writing the hardware CR8 register. A local attacker in a guest could
use this to cause a denial of service (system crash). (CVE-2017-12154)

Fan Wu, Haoran Qiu, and Shixiong Zhao discovered that the associative array
implementation in the Linux kernel sometimes did not properly handle adding
a new entry. A local attacker could use this to cause a denial of service
(system crash). (CVE-2017-12193)

It was discovered that a race condition existed in the ALSA subsystem of
the Linux kernel when creating and deleting a port via ioctl(). A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2017-15265)

It was discovered that a null pointer dereference vulnerability existed in
the DCCP protocol implementation in the Linux kernel. A local attacker
could use this to cause a denial of service (system crash). (CVE-2018-1130)

Julian Stecklina and Thomas Prescher discovered that FPU register states
(such as MMX, SSE, and AVX registers) which are lazily restored are
potentially vulnerable to a side channel attack. A local attacker could use
this to expose sensitive information. (CVE-2018-3665)

Wang Qize discovered that an information disclosure vulnerability existed
in the SMBus driver for ACPI Embedded Controllers in the Linux kernel. A
local attacker could use this to expose sensitive information (kernel
pointer addresses). (CVE-2018-5750)

It was discovered that the SCTP Protocol implementation in the Linux kernel
did not properly validate userspace provided payload lengths in some
situations. A local attacker could use this to cause a denial of service
(system crash). (CVE-2018-5803)

It was discovered that an integer overflow error existed in the futex
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash). (CVE-2018-6927)

It was discovered that an information leak vulnerability existed in the
floppy driver in the Linux kernel. A local attacker could use this to
expose sensitive information (kernel memory). (CVE-2018-7755)

It was discovered that a memory leak existed in the SAS driver subsystem of
the Linux kernel. A local attacker could use this to cause a denial of
service (memory exhaustion). (CVE-2018-7757)

Affected Software/OS:
'linux-lts-trusty' package(s) on Ubuntu 12.04.

Solution:
Please install the updated package(s).

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2017-12154
100856
http://www.securityfocus.com/bid/100856
DSA-3981
http://www.debian.org/security/2017/dsa-3981
RHSA-2018:0676
https://access.redhat.com/errata/RHSA-2018:0676
RHSA-2018:1062
https://access.redhat.com/errata/RHSA-2018:1062
RHSA-2019:1946
https://access.redhat.com/errata/RHSA-2019:1946
USN-3698-1
https://usn.ubuntu.com/3698-1/
USN-3698-2
https://usn.ubuntu.com/3698-2/
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51aa68e7d57e3217192d88ce90fd5b8ef29ec94f
https://bugzilla.redhat.com/show_bug.cgi?id=1491224
https://github.com/torvalds/linux/commit/51aa68e7d57e3217192d88ce90fd5b8ef29ec94f
https://www.spinics.net/lists/kvm/msg155414.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-12193
101678
http://www.securityfocus.com/bid/101678
RHSA-2018:0151
https://access.redhat.com/errata/RHSA-2018:0151
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ea6789980fdaa610d7eb63602c746bf6ec70cd2b
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11
https://bugzilla.redhat.com/show_bug.cgi?id=1501215
https://github.com/torvalds/linux/commit/ea6789980fdaa610d7eb63602c746bf6ec70cd2b
Common Vulnerability Exposure (CVE) ID: CVE-2017-15265
BugTraq ID: 101288
http://www.securityfocus.com/bid/101288
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=71105998845fb012937332fe2e806d443c09e026
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8
https://bugzilla.suse.com/show_bug.cgi?id=1062520
https://github.com/torvalds/linux/commit/71105998845fb012937332fe2e806d443c09e026
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
https://source.android.com/security/bulletin/2018-02-01
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
http://mailman.alsa-project.org/pipermail/alsa-devel/2017-October/126292.html
https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html
http://www.openwall.com/lists/oss-security/2017/10/11/3
RedHat Security Advisories: RHSA-2018:0676
RedHat Security Advisories: RHSA-2018:1062
RedHat Security Advisories: RHSA-2018:1130
https://access.redhat.com/errata/RHSA-2018:1130
RedHat Security Advisories: RHSA-2018:1170
https://access.redhat.com/errata/RHSA-2018:1170
RedHat Security Advisories: RHSA-2018:2390
https://access.redhat.com/errata/RHSA-2018:2390
RedHat Security Advisories: RHSA-2018:3822
https://access.redhat.com/errata/RHSA-2018:3822
RedHat Security Advisories: RHSA-2018:3823
https://access.redhat.com/errata/RHSA-2018:3823
http://www.securitytracker.com/id/1039561
Common Vulnerability Exposure (CVE) ID: CVE-2018-1130
https://syzkaller.appspot.com/bug?id=833568de043e0909b2aeaef7be136db39d21ba94
https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html
https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html
https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html
https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html
https://marc.info/?l=linux-netdev&m=152036596825220&w=2
RedHat Security Advisories: RHSA-2018:1854
https://access.redhat.com/errata/RHSA-2018:1854
RedHat Security Advisories: RHSA-2018:3083
https://access.redhat.com/errata/RHSA-2018:3083
RedHat Security Advisories: RHSA-2018:3096
https://access.redhat.com/errata/RHSA-2018:3096
https://usn.ubuntu.com/3654-1/
https://usn.ubuntu.com/3654-2/
https://usn.ubuntu.com/3656-1/
https://usn.ubuntu.com/3697-1/
https://usn.ubuntu.com/3697-2/
Common Vulnerability Exposure (CVE) ID: CVE-2018-3665
BugTraq ID: 104460
http://www.securityfocus.com/bid/104460
https://nvidia.custhelp.com/app/answers/detail/a_id/4787
https://security.netapp.com/advisory/ntap-20181016-0001/
https://security.paloaltonetworks.com/CVE-2018-3665
https://support.citrix.com/article/CTX235745
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html
https://www.synology.com/support/security/Synology_SA_18_31
Debian Security Information: DSA-4232 (Google Search)
https://www.debian.org/security/2018/dsa-4232
FreeBSD Security Advisory: FreeBSD-SA-18:07
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:07.lazyfpu.asc
RedHat Security Advisories: RHSA-2018:1852
https://access.redhat.com/errata/RHSA-2018:1852
RedHat Security Advisories: RHSA-2018:1944
https://access.redhat.com/errata/RHSA-2018:1944
RedHat Security Advisories: RHSA-2018:2164
https://access.redhat.com/errata/RHSA-2018:2164
RedHat Security Advisories: RHSA-2018:2165
https://access.redhat.com/errata/RHSA-2018:2165
RedHat Security Advisories: RHSA-2019:1170
https://access.redhat.com/errata/RHSA-2019:1170
RedHat Security Advisories: RHSA-2019:1190
https://access.redhat.com/errata/RHSA-2019:1190
http://www.securitytracker.com/id/1041124
http://www.securitytracker.com/id/1041125
https://usn.ubuntu.com/3696-1/
https://usn.ubuntu.com/3696-2/
Common Vulnerability Exposure (CVE) ID: CVE-2018-5750
Debian Security Information: DSA-4120 (Google Search)
https://www.debian.org/security/2018/dsa-4120
Debian Security Information: DSA-4187 (Google Search)
https://www.debian.org/security/2018/dsa-4187
https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html
RedHat Security Advisories: RHSA-2018:2948
https://access.redhat.com/errata/RHSA-2018:2948
http://www.securitytracker.com/id/1040319
https://usn.ubuntu.com/3631-1/
https://usn.ubuntu.com/3631-2/
Common Vulnerability Exposure (CVE) ID: CVE-2018-5803
Debian Security Information: DSA-4188 (Google Search)
https://www.debian.org/security/2018/dsa-4188
https://secuniaresearch.flexerasoftware.com/secunia_research/2018-2/
https://www.spinics.net/lists/linux-sctp/msg07036.html
https://www.spinics.net/lists/netdev/msg482523.html
RedHat Security Advisories: RHSA-2019:0641
https://access.redhat.com/errata/RHSA-2019:0641
https://secuniaresearch.flexerasoftware.com/advisories/81331/
Common Vulnerability Exposure (CVE) ID: CVE-2018-6927
BugTraq ID: 103023
http://www.securityfocus.com/bid/103023
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a
https://github.com/torvalds/linux/commit/fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.15
RedHat Security Advisories: RHSA-2018:0654
https://access.redhat.com/errata/RHSA-2018:0654
https://usn.ubuntu.com/3619-1/
https://usn.ubuntu.com/3619-2/
Common Vulnerability Exposure (CVE) ID: CVE-2018-7755
Debian Security Information: DSA-4308 (Google Search)
https://www.debian.org/security/2018/dsa-4308
https://lkml.org/lkml/2018/3/7/1116
https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html
RedHat Security Advisories: RHSA-2019:2029
https://access.redhat.com/errata/RHSA-2019:2029
RedHat Security Advisories: RHSA-2019:2043
https://access.redhat.com/errata/RHSA-2019:2043
https://usn.ubuntu.com/3695-1/
https://usn.ubuntu.com/3695-2/
Common Vulnerability Exposure (CVE) ID: CVE-2018-7757
BugTraq ID: 103348
http://www.securityfocus.com/bid/103348
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4a491b1ab11ca0556d2fda1ff1301e862a2d44c4
https://github.com/torvalds/linux/commit/4a491b1ab11ca0556d2fda1ff1301e862a2d44c4
CopyrightCopyright (C) 2022 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.