Test Kennung:	1.3.6.1.4.1.25623.1.0.120659
Kategorie:	Amazon Linux Local Security Checks
Titel:	Amazon Linux: Security Advisory (ALAS-2016-669)
Zusammenfassung:	The remote host is missing an update for the 'kernel' package(s) announced via the ALAS-2016-669 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'kernel' package(s) announced via the ALAS-2016-669 advisory. Vulnerability Insight: When running as a Xen 64-bit PV guest, user mode processes not supposed to be able to access I/O ports may be granted such permission, potentially resulting in one or more of in-guest privilege escalation, guest crashes (Denial of Service), or in-guest information leaks. (CVE-2016-3157) In some cases, the kernel did not correctly fix backward jumps in a new eBPF program, which could allow arbitrary reads. (CVE-2016-2383) The kernel incorrectly accounted for the number of in-flight fds over a unix domain socket to the original opener of the file descriptor. Another process could arbitrarily deplete the original file opener's maximum open files resource limit. (CVE-2016-2550) A resource-exhaustion vulnerability was found in the kernel, where an unprivileged process could allocate and accumulate far more file descriptors than the process' limit. A local, unauthenticated user could exploit this flaw by sending file descriptors over a Unix socket and then closing them to keep the process' fd count low, thereby creating kernel-memory or file-descriptors exhaustion (denial of service). (CVE-2016-2847) Affected Software/OS: 'kernel' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-2383 http://www.openwall.com/lists/oss-security/2016/02/14/1 SuSE Security Announcement: openSUSE-SU-2016:1008 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html http://www.ubuntu.com/usn/USN-2947-1 http://www.ubuntu.com/usn/USN-2947-2 http://www.ubuntu.com/usn/USN-2947-3 Common Vulnerability Exposure (CVE) ID: CVE-2016-2550 Debian Security Information: DSA-3503 (Google Search) http://www.debian.org/security/2016/dsa-3503 http://www.openwall.com/lists/oss-security/2016/02/23/2 http://www.ubuntu.com/usn/USN-2946-1 http://www.ubuntu.com/usn/USN-2946-2 http://www.ubuntu.com/usn/USN-2948-1 http://www.ubuntu.com/usn/USN-2948-2 http://www.ubuntu.com/usn/USN-2949-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-2847 83870 http://www.securityfocus.com/bid/83870 DSA-3503 RHSA-2016:2574 http://rhn.redhat.com/errata/RHSA-2016-2574.html RHSA-2016:2584 http://rhn.redhat.com/errata/RHSA-2016-2584.html RHSA-2017:0217 http://rhn.redhat.com/errata/RHSA-2017-0217.html SUSE-SU-2016:1672 http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html SUSE-SU-2016:1690 http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html SUSE-SU-2016:1696 http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html SUSE-SU-2016:1707 http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html SUSE-SU-2016:1937 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html SUSE-SU-2016:2074 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html USN-2946-1 USN-2946-2 USN-2947-1 USN-2947-2 USN-2947-3 USN-2948-1 USN-2948-2 USN-2949-1 USN-2967-1 http://www.ubuntu.com/usn/USN-2967-1 USN-2967-2 http://www.ubuntu.com/usn/USN-2967-2 [oss-security] 20160301 CVE request -- linux kernel: pipe: limit the per-user amount of pages allocated in pipes http://www.openwall.com/lists/oss-security/2016/03/01/3 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=759c01142a5d0f364a462346168a56de28a80f52 http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html https://bugzilla.redhat.com/show_bug.cgi?id=1313428 https://github.com/torvalds/linux/commit/759c01142a5d0f364a462346168a56de28a80f52 openSUSE-SU-2016:1382 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html Common Vulnerability Exposure (CVE) ID: CVE-2016-3157 BugTraq ID: 84594 http://www.securityfocus.com/bid/84594 Debian Security Information: DSA-3607 (Google Search) http://www.debian.org/security/2016/dsa-3607 http://www.securitytracker.com/id/1035308 http://www.ubuntu.com/usn/USN-2968-1 http://www.ubuntu.com/usn/USN-2968-2 http://www.ubuntu.com/usn/USN-2969-1 http://www.ubuntu.com/usn/USN-2970-1 http://www.ubuntu.com/usn/USN-2971-1 http://www.ubuntu.com/usn/USN-2971-2 http://www.ubuntu.com/usn/USN-2971-3 http://www.ubuntu.com/usn/USN-2996-1 http://www.ubuntu.com/usn/USN-2997-1
Copyright	Copyright (C) 2016 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.