SuSE Local Security Checks : SUSE: Security Advisory (SUSE-SU-2019:1829-1)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.4.2019.1829.1

Kategorie: SuSE Local Security Checks

Titel: SUSE: Security Advisory (SUSE-SU-2019:1829-1)

Zusammenfassung: The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2019:1829-1 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2019:1829-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise 15 kernel version 4.12.14 was updated to receive various security and bugfixes.

The following security bugs were fixed:
CVE-2019-10638: Attackers used to be able to track the Linux kernel by
the IP ID values the kernel produces for connection-less protocols. When
such traffic was sent to multiple destination IP addresses, it was
possible to
obtain hash collisions (of indices to the counter array) and thereby
obtain the hashing key (via enumeration). An attack could have been
conducted by hosting a crafted web page that uses WebRTC or gQUIC to
force UDP traffic to attacker-controlled IP addresses. [bnc#1140575]
CVE-2019-10639: The Linux kernel used to allow Information Exposure
(partial kernel address disclosure), leading to a KASLR bypass.
Specifically, it was possible to extract the KASLR kernel image offset
using the IP ID values the kernel produces for connection-less
protocols. When such traffic was sent to multiple destination IP
addresses, it was possible to obtain hash collisions (of indices to the
counter array) and thereby obtain the hashing key (via enumeration).
This key contains enough bits from a kernel address (of a static
variable) so when the key was extracted (via enumeration), the offset
of the kernel image was exposed. This attack could be carried out
remotely by the attacker forcing the target device to send UDP or ICMP
traffic to attacker-controlled IP addresses. Forcing a server to send
UDP traffic is trivial if the server is a DNS server. ICMP traffic is
trivial if the server answers ICMP Echo requests (ping). For client
targets, if the target visits the attacker's web page, then WebRTC or
gQUIC can be used to force UDP traffic to attacker-controlled IP
addresses. [bnc#1140577]
CVE-2018-20836: A race condition used to exist in smp_task_timedout()
and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a
use-after-free. [bnc#1134395]
CVE-2019-10126: A heap based buffer overflow in the wireless driver code
was fixed. This issue might have lead to memory corruption and possibly
other consequences. [bnc#1136935]
CVE-2019-11599: The coredump implementation did not use locking or other
mechanisms to prevent vma layout or vma flags changes while it ran,
which allowed local users to obtain sensitive information, cause a
denial of service, or possibly have unspecified other impact by
triggering a race condition with mmget_not_zero or get_task_mm calls.
[bnc#1131645].
CVE-2019-12614: There was an unchecked kstrdup of prop->name on PowerPC
platforms, which allowed an attacker to cause a denial of service (NULL
pointer dereference and system crash). [bnc#1137194]
CVE-2018-16871: A flaw was found in the NFS implementation. An attacker
who was able to mount an exported NFS filesystem was able to trigger a
null pointer dereference by an invalid NFS sequence. This could panic
the machine ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Linux Kernel' package(s) on SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1, SUSE Linux Enterprise Module for Public Cloud 15.

Solution:
Please install the updated package(s).

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2018-16871
Common Vulnerability Exposure (CVE) ID: CVE-2018-20836
Common Vulnerability Exposure (CVE) ID: CVE-2019-10126
Common Vulnerability Exposure (CVE) ID: CVE-2019-10638
Common Vulnerability Exposure (CVE) ID: CVE-2019-10639
Common Vulnerability Exposure (CVE) ID: CVE-2019-11599
Common Vulnerability Exposure (CVE) ID: CVE-2019-12380
Common Vulnerability Exposure (CVE) ID: CVE-2019-12456
Common Vulnerability Exposure (CVE) ID: CVE-2019-12614
Common Vulnerability Exposure (CVE) ID: CVE-2019-12818
Common Vulnerability Exposure (CVE) ID: CVE-2019-12819

Copyright Copyright (C) 2021 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.4.2019.1829.1
Kategorie:	SuSE Local Security Checks
Titel:	SUSE: Security Advisory (SUSE-SU-2019:1829-1)
Zusammenfassung:	The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2019:1829-1 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2019:1829-1 advisory. Vulnerability Insight: The SUSE Linux Enterprise 15 kernel version 4.12.14 was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2019-10638: Attackers used to be able to track the Linux kernel by the IP ID values the kernel produces for connection-less protocols. When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack could have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. [bnc#1140575] CVE-2019-10639: The Linux kernel used to allow Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols. When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key was extracted (via enumeration), the offset of the kernel image was exposed. This attack could be carried out remotely by the attacker forcing the target device to send UDP or ICMP traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. [bnc#1140577] CVE-2018-20836: A race condition used to exist in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. [bnc#1134395] CVE-2019-10126: A heap based buffer overflow in the wireless driver code was fixed. This issue might have lead to memory corruption and possibly other consequences. [bnc#1136935] CVE-2019-11599: The coredump implementation did not use locking or other mechanisms to prevent vma layout or vma flags changes while it ran, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. [bnc#1131645]. CVE-2019-12614: There was an unchecked kstrdup of prop->name on PowerPC platforms, which allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). [bnc#1137194] CVE-2018-16871: A flaw was found in the NFS implementation. An attacker who was able to mount an exported NFS filesystem was able to trigger a null pointer dereference by an invalid NFS sequence. This could panic the machine ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'Linux Kernel' package(s) on SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1, SUSE Linux Enterprise Module for Public Cloud 15. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2018-16871 Common Vulnerability Exposure (CVE) ID: CVE-2018-20836 Common Vulnerability Exposure (CVE) ID: CVE-2019-10126 Common Vulnerability Exposure (CVE) ID: CVE-2019-10638 Common Vulnerability Exposure (CVE) ID: CVE-2019-10639 Common Vulnerability Exposure (CVE) ID: CVE-2019-11599 Common Vulnerability Exposure (CVE) ID: CVE-2019-12380 Common Vulnerability Exposure (CVE) ID: CVE-2019-12456 Common Vulnerability Exposure (CVE) ID: CVE-2019-12614 Common Vulnerability Exposure (CVE) ID: CVE-2019-12818 Common Vulnerability Exposure (CVE) ID: CVE-2019-12819
Copyright	Copyright (C) 2021 Greenbone Networks GmbH