Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.892114 |
Category: | Debian Local Security Checks |
Title: | Debian LTS: Security Advisory for linux-4.9 (DLA-2114-1) |
Summary: | The remote host is missing an update for the 'linux-4.9'; package(s) announced via the DLA-2114-1 advisory. |
Description: | Summary: The remote host is missing an update for the 'linux-4.9' package(s) announced via the DLA-2114-1 advisory. Vulnerability Insight: Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2018-13093, CVE-2018-13094 Wen Xu from SSLab at Gatech reported several NULL pointer dereference flaws that may be triggered when mounting and operating a crafted XFS volume. An attacker able to mount arbitrary XFS volumes could use this to cause a denial of service (crash). CVE-2018-20976 It was discovered that the XFS file-system implementation did not correctly handle some mount failure conditions, which could lead to a use-after-free. The security impact of this is unclear. CVE-2018-21008 It was discovered that the rsi wifi driver did not correctly handle some failure conditions, which could lead to a use-after- free. The security impact of this is unclear. CVE-2019-0136 It was discovered that the wifi soft-MAC implementation (mac80211) did not properly authenticate Tunneled Direct Link Setup (TDLS) messages. A nearby attacker could use this for denial of service (loss of wifi connectivity). CVE-2019-2215 The syzkaller tool discovered a use-after-free vulnerability in the Android binder driver. A local user on a system with this driver enabled could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation. However, this driver is not enabled on Debian packaged kernels. CVE-2019-10220 Various developers and researchers found that if a crafted file- system or malicious file server presented a directory with filenames including a '/' character, this could confuse and possibly defeat security checks in applications that read the directory. The kernel will now return an error when reading such a directory, rather than passing the invalid filenames on to user-space. CVE-2019-14615 It was discovered that Intel 9th and 10th generation GPUs did not clear user-visible state during a context switch, which resulted in information leaks between GPU tasks. This has been mitigated in the i915 driver. The affected chips (gen9 and gen10) are listed at < CVE-2019-14814, CVE-2019-14815, CVE-2019-14816 Multiple bugs were discovered in the mwifiex wifi driver, which could lead to heap buffer overflows. A local user permitted to configure a device handled by this driver could probably use this for privilege escalation. CVE-2019-14895, CVE-2019-14901 ADLab of Venustech discovered potential heap buffer overflows in the mwifiex wifi driver. On systems using this driver, a malicious Wireless Access Point or adhoc/P2P peer could use these to cause a denial of service (memory corruption or crash) or possibly for remote code ... Description truncated. Please see the references for more information. Affected Software/OS: 'linux-4.9' package(s) on Debian Linux. Solution: For Debian 8 'Jessie', these problems have been fixed in version 4.9.210-1~ deb8u1. This update additionally fixes Debian bugs #869511 and 945023, and includes many more bug fixes from stable updates 4.9.190-4.9.210 inclusive. We recommend that you upgrade your linux-4.9 packages. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2019-0136 BugTraq ID: 108777 http://www.securityfocus.com/bid/108777 http://jvn.jp/en/jp/JVN75617741/index.html http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://usn.ubuntu.com/4115-1/ https://usn.ubuntu.com/4118-1/ https://usn.ubuntu.com/4145-1/ https://usn.ubuntu.com/4147-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-2215 Bugtraq: 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01) (Google Search) https://seclists.org/bugtraq/2019/Nov/11 http://seclists.org/fulldisclosure/2019/Oct/38 http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html https://usn.ubuntu.com/4186-1/ |
Copyright | Copyright (C) 2020 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |