Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.852851 |
Kategorie: | SuSE Local Security Checks |
Titel: | openSUSE: Security Advisory for the Linux Kernel (openSUSE-SU-2019:1923-1) |
Zusammenfassung: | The remote host is missing an update for the 'Linux Kernel'; package(s) announced via the openSUSE-SU-2019:1923-1 advisory. |
Beschreibung: | Summary: The remote host is missing an update for the 'Linux Kernel' package(s) announced via the openSUSE-SU-2019:1923-1 advisory. Vulnerability Insight: The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-1125: Fix Spectre V1 variant memory disclosure by speculation over the SWAPGS instruction (bsc#1139358). - CVE-2019-10207: A NULL pointer dereference was possible in the bluetooth stack, which could lead to crashes. (bnc#1123959 bnc#1142857). - CVE-2018-20855: In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace (bnc#1143045). - CVE-2019-14284: drivers/block/floppy.c allowed a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted. (bnc#1143189). - CVE-2019-14283: set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. (bnc#1143191). - CVE-2019-11810: A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free (bnc#1134399). - CVE-2019-13648: In the Linux kernel on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c (bnc#1142254 bnc#1142265). - CVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages (bnc#1142023). The following non-security bugs were fixed: - 9p: acl: fix uninitialized iattr access (bsc#1051510). - 9p: p9dirent_read: check network-provided name length (bsc#1051510). - 9p: pass the correct prototype to read_cache_page (bsc#1051510). - 9p/rdma: do not disconnect on down_interruptible EAGAIN (bsc#1051510). - 9p/rdma: remove useless check in cm_event_handler (bsc#1051510). - 9p/virtio: Add cleanup path in p9_virtio_init (bsc#1051510). - 9p/x ... Description truncated. Please see the references for more information. Affected Software/OS: 'the' package(s) on openSUSE Leap 15.1. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2019-1125 http://packetstormsecurity.com/files/156337/SWAPGS-Attack-Proof-Of-Concept.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1125 RedHat Security Advisories: RHBA-2019:2824 https://access.redhat.com/errata/RHBA-2019:2824 RedHat Security Advisories: RHBA-2019:3248 https://access.redhat.com/errata/RHBA-2019:3248 RedHat Security Advisories: RHSA-2019:2600 https://access.redhat.com/errata/RHSA-2019:2600 RedHat Security Advisories: RHSA-2019:2609 https://access.redhat.com/errata/RHSA-2019:2609 RedHat Security Advisories: RHSA-2019:2695 https://access.redhat.com/errata/RHSA-2019:2695 RedHat Security Advisories: RHSA-2019:2696 https://access.redhat.com/errata/RHSA-2019:2696 RedHat Security Advisories: RHSA-2019:2730 https://access.redhat.com/errata/RHSA-2019:2730 RedHat Security Advisories: RHSA-2019:2899 https://access.redhat.com/errata/RHSA-2019:2899 RedHat Security Advisories: RHSA-2019:2900 https://access.redhat.com/errata/RHSA-2019:2900 RedHat Security Advisories: RHSA-2019:2975 https://access.redhat.com/errata/RHSA-2019:2975 RedHat Security Advisories: RHSA-2019:3011 https://access.redhat.com/errata/RHSA-2019:3011 RedHat Security Advisories: RHSA-2019:3220 https://access.redhat.com/errata/RHSA-2019:3220 |
Copyright | Copyright (C) 2020 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |