Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.891930
Category:Debian Local Security Checks
Title:Debian LTS: Security Advisory for linux (DLA-1930-1)
Summary:The remote host is missing an update for the 'linux'; package(s) announced via the DLA-1930-1 advisory.
Description:Summary:
The remote host is missing an update for the 'linux'
package(s) announced via the DLA-1930-1 advisory.

Vulnerability Insight:
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

CVE-2016-10905

A race condition was discovered in the GFS2 file-system
implementation, which could lead to a use-after-free. On a system
using GFS2, a local attacker could use this for denial of service
(memory corruption or crash) or possibly for privilege escalation.

CVE-2018-20976

It was discovered that the XFS file-system implementation did not
correctly handle some mount failure conditions, which could lead
to a use-after-free. The security impact of this is unclear.

CVE-2018-21008

It was discovered that the rsi wifi driver did not correctly
handle some failure conditions, which could lead to a use-after-
free. The security impact of this is unclear.

CVE-2019-0136

It was discovered that the wifi soft-MAC implementation (mac80211)
did not properly authenticate Tunneled Direct Link Setup (TDLS)
messages. A nearby attacker could use this for denial of service
(loss of wifi connectivity).

CVE-2019-9506

Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen
discovered a weakness in the Bluetooth pairing protocols, dubbed
the 'KNOB attack'. An attacker that is nearby during pairing
could use this to weaken the encryption used between the paired
devices, and then to eavesdrop on and/or spoof communication
between them.

This update mitigates the attack by requiring a minimum encryption
key length of 56 bits.

CVE-2019-14814, CVE-2019-14815, CVE-2019-14816

Multiple bugs were discovered in the mwifiex wifi driver, which
could lead to heap buffer overflows. A local user permitted to
configure a device handled by this driver could probably use this
for privilege escalation.

CVE-2019-14821

Matt Delco reported a race condition in KVM's coalesced MMIO
facility, which could lead to out-of-bounds access in the kernel.
A local attacker permitted to access /dev/kvm could use this to
cause a denial of service (memory corruption or crash) or possibly
for privilege escalation.

CVE-2019-14835

Peter Pi of Tencent Blade Team discovered a missing bounds check
in vhost_net, the network back-end driver for KVM hosts, leading
to a buffer overflow when the host begins live migration of a VM.
An attacker in control of a VM could use this to cause a denial of
service (memory corruption or crash) or possibly for privilege
escalation on the host.

CVE-2019-15117

Hui Peng and Mathias Payer reported a missing bounds check in the
usb-audio driver's descriptor parsing code, leading to a buffer
over-read. An attacker able to add USB devices could possibly use
this to cause a deni ...

Description truncated. Please see the references for more information.

Affected Software/OS:
'linux' package(s) on Debian Linux.

Solution:
For Debian 8 'Jessie', these problems have been fixed in version
3.16.74-1.

We recommend that you upgrade your linux packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-0136
BugTraq ID: 108777
http://www.securityfocus.com/bid/108777
http://jvn.jp/en/jp/JVN75617741/index.html
http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html
https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html
https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html
https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
https://usn.ubuntu.com/4115-1/
https://usn.ubuntu.com/4118-1/
https://usn.ubuntu.com/4145-1/
https://usn.ubuntu.com/4147-1/
Common Vulnerability Exposure (CVE) ID: CVE-2019-9506
CERT/CC vulnerability note: VU#918987
https://www.kb.cert.org/vuls/id/918987/
http://seclists.org/fulldisclosure/2019/Aug/11
http://seclists.org/fulldisclosure/2019/Aug/13
http://seclists.org/fulldisclosure/2019/Aug/14
http://seclists.org/fulldisclosure/2019/Aug/15
http://www.cs.ox.ac.uk/publications/publication12404-abstract.html
https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli
RedHat Security Advisories: RHSA-2019:2975
https://access.redhat.com/errata/RHSA-2019:2975
RedHat Security Advisories: RHSA-2019:3055
https://access.redhat.com/errata/RHSA-2019:3055
RedHat Security Advisories: RHSA-2019:3076
https://access.redhat.com/errata/RHSA-2019:3076
RedHat Security Advisories: RHSA-2019:3089
https://access.redhat.com/errata/RHSA-2019:3089
RedHat Security Advisories: RHSA-2019:3165
https://access.redhat.com/errata/RHSA-2019:3165
RedHat Security Advisories: RHSA-2019:3187
https://access.redhat.com/errata/RHSA-2019:3187
RedHat Security Advisories: RHSA-2019:3217
https://access.redhat.com/errata/RHSA-2019:3217
RedHat Security Advisories: RHSA-2019:3218
https://access.redhat.com/errata/RHSA-2019:3218
RedHat Security Advisories: RHSA-2019:3220
https://access.redhat.com/errata/RHSA-2019:3220
RedHat Security Advisories: RHSA-2019:3231
https://access.redhat.com/errata/RHSA-2019:3231
RedHat Security Advisories: RHSA-2019:3309
https://access.redhat.com/errata/RHSA-2019:3309
RedHat Security Advisories: RHSA-2019:3517
https://access.redhat.com/errata/RHSA-2019:3517
RedHat Security Advisories: RHSA-2020:0204
https://access.redhat.com/errata/RHSA-2020:0204
SuSE Security Announcement: openSUSE-SU-2019:2307 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html
SuSE Security Announcement: openSUSE-SU-2019:2308 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html
CopyrightCopyright (C) 2019 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.