Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.891919
Category:Debian Local Security Checks
Title:Debian LTS: Security Advisory for linux-4.9 (DLA-1919-1)
Summary:The remote host is missing an update for the 'linux-4.9'; package(s) announced via the DLA-1919-1 advisory.
Description:Summary:
The remote host is missing an update for the 'linux-4.9'
package(s) announced via the DLA-1919-1 advisory.

Vulnerability Insight:
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

CVE-2019-0136

It was discovered that the wifi soft-MAC implementation (mac80211)
did not properly authenticate Tunneled Direct Link Setup (TDLS)
messages. A nearby attacker could use this for denial of service
(loss of wifi connectivity).

CVE-2019-9506

Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen
discovered a weakness in the Bluetooth pairing protocols, dubbed
the 'KNOB attack'. An attacker that is nearby during pairing
could use this to weaken the encryption used between the paired
devices, and then to eavesdrop on and/or spoof communication
between them.

This update mitigates the attack by requiring a minimum encryption
key length of 56 bits.

CVE-2019-11487

Jann Horn discovered that the FUSE (Filesystem-in-Userspace)
facility could be used to cause integer overflow in page reference
counts, leading to a use-after-free. On a system with sufficient
physical memory, a local user permitted to create arbitrary FUSE
mounts could use this for privilege escalation.

By default, unprivileged users can only mount FUSE filesystems
through fusermount, which limits the number of mounts created and
should completely mitigate the issue.

CVE-2019-15211

The syzkaller tool found a bug in the radio-raremono driver that
could lead to a use-after-free. An attacker able to add and
remove USB devices could use this to cause a denial of service
(memory corruption or crash) or possibly for privilege escalation.

CVE-2019-15212

The syzkaller tool found that the rio500 driver does not work
correctly if more than one device is bound to it. An attacker
able to add USB devices could use this to cause a denial of
service (memory corruption or crash) or possibly for privilege
escalation.

CVE-2019-15215

The syzkaller tool found a bug in the cpia2_usb driver that leads
to a use-after-free. An attacker able to add and remove USB
devices could use this to cause a denial of service (memory
corruption or crash) or possibly for privilege escalation.

CVE-2019-15216

The syzkaller tool found a bug in the yurex driver that leads to
a use-after-free. An attacker able to add and remove USB
devices could use this to cause a denial of service (memory
corruption or crash) or possibly for privilege escalation.

CVE-2019-15218

The syzkaller tool found that the smsusb driver did not validate
that USB devices have the expected endpoints, potentially leading
to a null pointer dereference. An attacker able to add USB
devices could use this to cause a denial of service (BUG/oops).

CVE-2019 ...

Description truncated. Please see the references for more information.

Affected Software/OS:
'linux-4.9' package(s) on Debian Linux.

Solution:
For Debian 8 'Jessie', these problems have been fixed in version
4.9.189-3~
deb8u1.

We recommend that you upgrade your linux-4.9 packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-0136
BugTraq ID: 108777
http://www.securityfocus.com/bid/108777
http://jvn.jp/en/jp/JVN75617741/index.html
http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html
https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html
https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html
https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
https://usn.ubuntu.com/4115-1/
https://usn.ubuntu.com/4118-1/
https://usn.ubuntu.com/4145-1/
https://usn.ubuntu.com/4147-1/
Common Vulnerability Exposure (CVE) ID: CVE-2019-9506
CERT/CC vulnerability note: VU#918987
https://www.kb.cert.org/vuls/id/918987/
http://seclists.org/fulldisclosure/2019/Aug/11
http://seclists.org/fulldisclosure/2019/Aug/13
http://seclists.org/fulldisclosure/2019/Aug/14
http://seclists.org/fulldisclosure/2019/Aug/15
http://www.cs.ox.ac.uk/publications/publication12404-abstract.html
https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli
RedHat Security Advisories: RHSA-2019:2975
https://access.redhat.com/errata/RHSA-2019:2975
RedHat Security Advisories: RHSA-2019:3055
https://access.redhat.com/errata/RHSA-2019:3055
RedHat Security Advisories: RHSA-2019:3076
https://access.redhat.com/errata/RHSA-2019:3076
RedHat Security Advisories: RHSA-2019:3089
https://access.redhat.com/errata/RHSA-2019:3089
RedHat Security Advisories: RHSA-2019:3165
https://access.redhat.com/errata/RHSA-2019:3165
RedHat Security Advisories: RHSA-2019:3187
https://access.redhat.com/errata/RHSA-2019:3187
RedHat Security Advisories: RHSA-2019:3217
https://access.redhat.com/errata/RHSA-2019:3217
RedHat Security Advisories: RHSA-2019:3218
https://access.redhat.com/errata/RHSA-2019:3218
RedHat Security Advisories: RHSA-2019:3220
https://access.redhat.com/errata/RHSA-2019:3220
RedHat Security Advisories: RHSA-2019:3231
https://access.redhat.com/errata/RHSA-2019:3231
RedHat Security Advisories: RHSA-2019:3309
https://access.redhat.com/errata/RHSA-2019:3309
RedHat Security Advisories: RHSA-2019:3517
https://access.redhat.com/errata/RHSA-2019:3517
RedHat Security Advisories: RHSA-2020:0204
https://access.redhat.com/errata/RHSA-2020:0204
SuSE Security Announcement: openSUSE-SU-2019:2307 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html
SuSE Security Announcement: openSUSE-SU-2019:2308 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html
CopyrightCopyright (C) 2019 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.