Test ID:	1.3.6.1.4.1.25623.1.0.843823
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-3821-2)
Summary:	The remote host is missing an update for the 'linux-aws, linux-lts-xenial' package(s) announced via the USN-3821-2 advisory.
Description:	Summary: The remote host is missing an update for the 'linux-aws, linux-lts-xenial' package(s) announced via the USN-3821-2 advisory. Vulnerability Insight: USN-3821-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly ensure that xattr information remained in inode bodies. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10880) It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. (CVE-2018-13053) Wen Xu discovered that the f2fs filesystem implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13096) Wen Xu and Po-Ning Tseng discovered that the btrfs filesystem implementation in the Linux kernel did not properly handle relocations in some situations. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14609) Wen Xu discovered that the HFS+ filesystem implementation in the Linux kernel did not properly handle malformed catalog data in some situations. An attacker could use this to construct a malicious HFS+ image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14617) Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. (CVE-2018-17972) It was discovered that the KVM implementation in the Linux kernel on ARM 64bit processors did not properly handle some ioctls. An attacker with the privilege to create KVM-based virtual machines could use this to cause a denial of service (host system crash) or execute arbitrary code in the host. (CVE-2018-18021) Affected Software/OS: 'linux-aws, linux-lts-xenial' package(s) on Ubuntu 14.04. Solution: Please install the updated package(s). CVSS Score: 7.1 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-10880 104907 http://www.securityfocus.com/bid/104907 106503 http://www.securityfocus.com/bid/106503 RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:2948 USN-3821-1 https://usn.ubuntu.com/3821-1/ USN-3821-2 https://usn.ubuntu.com/3821-2/ USN-3871-1 https://usn.ubuntu.com/3871-1/ USN-3871-3 https://usn.ubuntu.com/3871-3/ USN-3871-4 https://usn.ubuntu.com/3871-4/ USN-3871-5 https://usn.ubuntu.com/3871-5/ [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html http://patchwork.ozlabs.org/patch/930639/ https://bugzilla.kernel.org/show_bug.cgi?id=200005 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10880 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8cdb5240ec5928b20490a2bb34cb87e9a5f40226 Common Vulnerability Exposure (CVE) ID: CVE-2018-13053 BugTraq ID: 104671 http://www.securityfocus.com/bid/104671 https://bugzilla.kernel.org/show_bug.cgi?id=200303 https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=5f936e19cc0ef97dbe3a56e9498922ad5ba1edef https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html RedHat Security Advisories: RHSA-2019:0831 https://access.redhat.com/errata/RHSA-2019:0831 RedHat Security Advisories: RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2029 RedHat Security Advisories: RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2019:2043 https://usn.ubuntu.com/4094-1/ https://usn.ubuntu.com/4118-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-13096 Bugtraq: 20190130 [slackware-security] Slackware 14.2 kernel (SSA:2019-030-01) (Google Search) https://seclists.org/bugtraq/2019/Jan/52 http://packetstormsecurity.com/files/151420/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html https://bugzilla.kernel.org/show_bug.cgi?id=200167 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e34438c903b653daca2b2a7de95aed46226f8ed3 SuSE Security Announcement: openSUSE-SU-2018:3202 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html Common Vulnerability Exposure (CVE) ID: CVE-2018-14609 BugTraq ID: 104917 http://www.securityfocus.com/bid/104917 Debian Security Information: DSA-4308 (Google Search) https://www.debian.org/security/2018/dsa-4308 https://bugzilla.kernel.org/show_bug.cgi?id=199833 https://patchwork.kernel.org/patch/10500521/ https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html Common Vulnerability Exposure (CVE) ID: CVE-2018-14617 https://bugzilla.kernel.org/show_bug.cgi?id=200297 https://www.spinics.net/lists/linux-fsdevel/msg130021.html Common Vulnerability Exposure (CVE) ID: CVE-2018-17972 BugTraq ID: 105525 http://www.securityfocus.com/bid/105525 https://marc.info/?l=linux-fsdevel&m=153806242024956&w=2 RedHat Security Advisories: RHSA-2019:0512 https://access.redhat.com/errata/RHSA-2019:0512 RedHat Security Advisories: RHSA-2019:0514 https://access.redhat.com/errata/RHSA-2019:0514 RedHat Security Advisories: RHSA-2019:2473 https://access.redhat.com/errata/RHSA-2019:2473 SuSE Security Announcement: openSUSE-SU-2019:1407 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html https://usn.ubuntu.com/3832-1/ https://usn.ubuntu.com/3835-1/ https://usn.ubuntu.com/3880-1/ https://usn.ubuntu.com/3880-2/ Common Vulnerability Exposure (CVE) ID: CVE-2018-18021 BugTraq ID: 105550 http://www.securityfocus.com/bid/105550 Debian Security Information: DSA-4313 (Google Search) https://www.debian.org/security/2018/dsa-4313 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2a3f93459d689d990b3ecfbe782fec89b97d3279 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d26c25a9d19b5976b319af528886f89cf455692d https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.12 https://github.com/torvalds/linux/commit/2a3f93459d689d990b3ecfbe782fec89b97d3279 https://github.com/torvalds/linux/commit/d26c25a9d19b5976b319af528886f89cf455692d https://www.openwall.com/lists/oss-security/2018/10/02/2 RedHat Security Advisories: RHSA-2018:3656 https://access.redhat.com/errata/RHSA-2018:3656 https://usn.ubuntu.com/3931-1/ https://usn.ubuntu.com/3931-2/
Copyright	Copyright (C) 2018 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.