Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.892586
Category:Debian Local Security Checks
Title:Debian LTS: Security Advisory for linux (DLA-2586-1)
Summary:The remote host is missing an update for the 'linux'; package(s) announced via the DLA-2586-1 advisory.
Description:Summary:
The remote host is missing an update for the 'linux'
package(s) announced via the DLA-2586-1 advisory.

Vulnerability Insight:
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

CVE-2019-19318, CVE-2019-19813, CVE-2019-19816

'Team bobfuzzer' reported bugs in Btrfs that could lead to a
use-after-free or heap buffer overflow, and could be triggered by
crafted filesystem images. A user permitted to mount and access
arbitrary filesystems could use these to cause a denial of service
(crash or memory corruption) or possibly for privilege escalation.

CVE-2020-27815

A flaw was reported in the JFS filesystem code allowing a local
attacker with the ability to set extended attributes to cause a
denial of service.

CVE-2020-27825

Adam 'pi3' Zabrocki reported a use-after-free flaw in the ftrace
ring buffer resizing logic due to a race condition, which could
result in denial of service or information leak.

CVE-2020-28374

David Disseldorp discovered that the LIO SCSI target implementation
performed insufficient checking in certain XCOPY requests. An
attacker with access to a LUN and knowledge of Unit Serial Number
assignments can take advantage of this flaw to read and write to any
LIO backstore, regardless of the SCSI transport settings.

CVE-2020-29568 (XSA-349)

Michael Kurth and Pawel Wieczorkiewicz reported that frontends can
trigger OOM in backends by updating a watched path.

CVE-2020-29569 (XSA-350)

Olivier Benjamin and Pawel Wieczorkiewicz reported a use-after-free
flaw which can be triggered by a block frontend in Linux blkback. A
misbehaving guest can trigger a dom0 crash by continuously
connecting / disconnecting a block frontend.

CVE-2020-29660

Jann Horn reported a locking inconsistency issue in the tty
subsystem which may allow a local attacker to mount a
read-after-free attack against TIOCGSID.

CVE-2020-29661

Jann Horn reported a locking issue in the tty subsystem which can
result in a use-after-free. A local attacker can take advantage of
this flaw for memory corruption or privilege escalation.

CVE-2020-36158

A buffer overflow flaw was discovered in the mwifiex WiFi driver
which could result in denial of service or the execution of
arbitrary code via a long SSID value.

CVE-2021-3178

Wu Yi reported an information leak in the NFSv3 server. When only
a subdirectory of a filesystem volume is exported, an NFS client
listing the exported directory would obtain a file handle to the
parent directory, allowing it to access files that were not meant
to be exported.

Even after this update, it is still possible for NFSv3 clients to
guess valid file handles and access files outside an exported
subdirectory, unless the 'subtree_check' expor ...

Description truncated. Please see the references for more information.

Affected Software/OS:
'linux' package(s) on Debian Linux.

Solution:
For Debian 9 stretch, these problems have been fixed in version
4.9.258-1.

We recommend that you upgrade your linux packages.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2021-3178
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5SGB7TNDVQEOJ7NVTGX56UWHDNQM5TRC/
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51b2ee7d006a736a9126e8111d1f24e4fd0afaa6
https://patchwork.kernel.org/project/linux-nfs/patch/20210111210129.GA11652@fieldses.org/
https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html
Common Vulnerability Exposure (CVE) ID: CVE-2021-3347
Debian Security Information: DSA-4843 (Google Search)
https://www.debian.org/security/2021/dsa-4843
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CXAVDAK4RLAHBHHGEPL73UFXSI6BXQ7Q/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QOBMXDJABYE76RKNBAWA2E4TSSBX7CSJ/
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04b79c55201f02ffd675e1231d731365e335c307
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=12bb3f7f1b03d5913b3f9d4236a488aa7774dfe9
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2156ac1934166d6deb6cd0f6ffc4c1076ec63697
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=34b1a1ce1458f50ef27c54e28eb9b1947012907a
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6ccc84f917d33312eb2846bd7b567639f585ad6d
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5cade200ab9a2a3be9e7f32a752c8d86b502ec7
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c64396cc36c6e60704ab06c1fb1c4a46179c9120
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f2dac39d93987f7de1e20b3988c8685523247ae2
https://www.openwall.com/lists/oss-security/2021/01/29/1
https://www.openwall.com/lists/oss-security/2021/01/29/3
https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html
http://www.openwall.com/lists/oss-security/2021/01/29/4
http://www.openwall.com/lists/oss-security/2021/01/29/5
http://www.openwall.com/lists/oss-security/2021/02/01/4
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.