DATABASE RESOURCES PRICING ABOUT US

{"id": "F5:K05535399", "type": "f5", "bulletinFamily": "software", "title": "Linux kernel vulnerability CVE-2017-17855", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "published": "2018-02-02T23:20:00", "modified": "2018-02-02T23:20:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.f5.com/csp/article/K05535399", "reporter": "f5", "references": [], "cvelist": ["CVE-2017-17855"], "immutableFields": [], "lastseen": "2019-06-28T14:42:17", "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "archlinux", "idList": ["ASA-201801-1", "ASA-201801-3", "ASA-201801-4"]}, {"type": "cve", "idList": ["CVE-2017-17855"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-17855"]}, {"type": "fedora", "idList": ["FEDORA:08D3760E6566", "FEDORA:10F7D6255145", "FEDORA:25BDD6190ECF", "FEDORA:29049600CFF3", "FEDORA:29FCE65ECD33", "FEDORA:44065605602A", "FEDORA:4832F6079717", "FEDORA:4A25C608E179", "FEDORA:5D742610B071", "FEDORA:648496077DD1", "FEDORA:6EC6360BEA04", "FEDORA:6F1BC604D0C1", "FEDORA:74245604D4DA", "FEDORA:7640C641CB61", "FEDORA:87BD56087904", "FEDORA:8F974604E846", "FEDORA:909D360491BF", "FEDORA:AB52460321C9", "FEDORA:B395E6087A9D", "FEDORA:B54D264CBCAC", "FEDORA:C88F6601BD0C", "FEDORA:D6F86601E6D9", "FEDORA:DF5176048167", "FEDORA:E6F08605DCE7"]}, {"type": "mageia", "idList": ["MGASA-2018-0062", "MGASA-2018-0063", "MGASA-2018-0064"]}, {"type": "nessus", "idList": ["FEDORA_2018-22D5FA8A90.NASL", "FEDORA_2018-8ED5EFF2C0.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310873968", "OPENVAS:1361412562310873973", "OPENVAS:1361412562310874365", "OPENVAS:1361412562310874366", "OPENVAS:1361412562310874400", "OPENVAS:1361412562310874427", "OPENVAS:1361412562310874606", "OPENVAS:1361412562310874619", "OPENVAS:1361412562310874623", "OPENVAS:1361412562310874647", "OPENVAS:1361412562310874695", "OPENVAS:1361412562310874721", "OPENVAS:1361412562310874751", "OPENVAS:1361412562310874761", "OPENVAS:1361412562310874813", "OPENVAS:1361412562310874890", "OPENVAS:1361412562310874919", "OPENVAS:1361412562310874964", "OPENVAS:1361412562310874998", "OPENVAS:1361412562310875099", "OPENVAS:1361412562310875128", "OPENVAS:1361412562310875170", "OPENVAS:1361412562310875201", "OPENVAS:1361412562310875334"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-17855"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-17855"]}]}, "score": {"value": 2.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "archlinux", "idList": ["ASA-201801-1", "ASA-201801-4"]}, {"type": "cve", "idList": ["CVE-2017-17855"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-17855"]}, {"type": "fedora", "idList": ["FEDORA:08D3760E6566", "FEDORA:10F7D6255145", "FEDORA:25BDD6190ECF", "FEDORA:29049600CFF3", "FEDORA:29FCE65ECD33", "FEDORA:44065605602A", "FEDORA:4832F6079717", "FEDORA:4A25C608E179", "FEDORA:5D742610B071", "FEDORA:648496077DD1", "FEDORA:6EC6360BEA04", "FEDORA:6F1BC604D0C1", "FEDORA:74245604D4DA", "FEDORA:7640C641CB61", "FEDORA:87BD56087904", "FEDORA:8F974604E846", "FEDORA:909D360491BF", "FEDORA:AB52460321C9", "FEDORA:B395E6087A9D", "FEDORA:B54D264CBCAC", "FEDORA:C88F6601BD0C", "FEDORA:D6F86601E6D9", "FEDORA:DF5176048167", "FEDORA:E6F08605DCE7"]}, {"type": "nessus", "idList": ["FEDORA_2018-8ED5EFF2C0.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310873968", "OPENVAS:1361412562310873973"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-17855"]}]}, "exploitation": null, "vulnersScore": 2.3}, "affectedSoftware": [], "_state": {"dependencies": 1659976447, "score": 1659978068}, "_internal": {"score_hash": "48a3a358a2451ba58e870ce174d60507"}}

{"cve": [{"lastseen": "2022-03-23T15:07:27", "description": "kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging improper use of pointers in place of scalars.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-12-27T17:08:00", "type": "cve", "title": "CVE-2017-17855", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-17855"], "modified": "2018-01-09T15:46:00", "cpe": ["cpe:/o:debian:debian_linux:9.0", "cpe:/o:linux:linux_kernel:4.14.8"], "id": "CVE-2017-17855", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17855", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:4.14.8:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"]}], "ubuntucve": [{"lastseen": "2022-08-04T13:53:47", "description": "kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users\nto cause a denial of service (memory corruption) or possibly have\nunspecified other impact by leveraging improper use of pointers in place of\nscalars.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-12-27T00:00:00", "type": "ubuntucve", "title": "CVE-2017-17855", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-17855"], "modified": "2017-12-27T00:00:00", "id": "UB:CVE-2017-17855", "href": "https://ubuntu.com/security/CVE-2017-17855", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "redhatcve": [{"lastseen": "2022-07-07T11:11:22", "description": "kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging improper use of pointers in place of scalars.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-29T01:55:58", "type": "redhatcve", "title": "CVE-2017-17855", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-17855"], "modified": "2022-07-07T09:17:37", "id": "RH:CVE-2017-17855", "href": "https://access.redhat.com/security/cve/cve-2017-17855", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "debiancve": [{"lastseen": "2022-08-16T06:03:02", "description": "kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging improper use of pointers in place of scalars.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-12-27T17:08:00", "type": "debiancve", "title": "CVE-2017-17855", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-17855"], "modified": "2017-12-27T17:08:00", "id": "DEBIANCVE:CVE-2017-17855", "href": "https://security-tracker.debian.org/tracker/CVE-2017-17855", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:33:05", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-01-05T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-8ed5eff2c0", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17863", "CVE-2017-17862", "CVE-2017-17852", "CVE-2017-17854", "CVE-2017-17853", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17864", "CVE-2017-17856"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873973", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873973", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_8ed5eff2c0_kernel_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-8ed5eff2c0\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873973\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-01-05 23:59:23 +0100 (Fri, 05 Jan 2018)\");\n script_cve_id(\"CVE-2017-17857\", \"CVE-2017-17856\", \"CVE-2017-17855\", \"CVE-2017-17854\",\n \"CVE-2017-17853\", \"CVE-2017-17852\", \"CVE-2017-17862\", \"CVE-2017-17863\",\n \"CVE-2017-17864\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-8ed5eff2c0\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-8ed5eff2c0\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SEFHTLFUOREQQK4DCRD46ZY3QPR6RSJ5\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.14.11~200.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-01-05T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-22d5fa8a90", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17863", "CVE-2017-17862", "CVE-2017-17852", "CVE-2017-17854", "CVE-2017-17853", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17864", "CVE-2017-17856"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873968", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873968", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_22d5fa8a90_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-22d5fa8a90\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873968\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-01-05 23:58:52 +0100 (Fri, 05 Jan 2018)\");\n script_cve_id(\"CVE-2017-17857\", \"CVE-2017-17856\", \"CVE-2017-17855\", \"CVE-2017-17854\",\n \"CVE-2017-17853\", \"CVE-2017-17852\", \"CVE-2017-17862\", \"CVE-2017-17863\",\n \"CVE-2017-17864\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-22d5fa8a90\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-22d5fa8a90\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CFRT6EBC2HJ4XLWLZZ7MATZ2EWPTADAH\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.14.11~300.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-04-18T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-1e033dc308", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2017-17450", "CVE-2017-17558", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2017-12193", "CVE-2017-17862", "CVE-2017-17852", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2017-17853", "CVE-2018-7757", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2017-16650", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2017-17856"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874366", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874366", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_1e033dc308_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-1e033dc308\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874366\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-04-18 08:57:51 +0200 (Wed, 18 Apr 2018)\");\n script_cve_id(\"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\", \"CVE-2018-8043\",\n \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\", \"CVE-2018-1000026\",\n \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\", \"CVE-2018-5332\",\n \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\", \"CVE-2017-17864\",\n \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\", \"CVE-2017-17855\",\n \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\", \"CVE-2017-17712\",\n \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\", \"CVE-2017-17558\",\n \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\", \"CVE-2017-16650\",\n \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\", \"CVE-2017-16532\",\n \"CVE-2017-16538\", \"CVE-2017-12193\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-1e033dc308\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-1e033dc308\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKS5SHENFBKZBNJZ5A6BMP6JNTK5D4QC\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.15.17~300.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:08", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-05-02T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-e71875c4aa", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2017-12193", "CVE-2017-17862", "CVE-2017-17852", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2017-17853", "CVE-2018-7757", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2017-16650", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2017-17856"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874400", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874400", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_e71875c4aa_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-e71875c4aa\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874400\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-02 16:59:02 +0530 (Wed, 02 May 2018)\");\n script_cve_id(\"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\", \"CVE-2018-8043\",\n \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\", \"CVE-2018-1000026\",\n \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\", \"CVE-2018-5332\",\n \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\", \"CVE-2017-17864\",\n \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\", \"CVE-2017-17855\",\n \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\", \"CVE-2017-17712\",\n \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\", \"CVE-2017-17558\",\n \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\", \"CVE-2017-16650\",\n \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\", \"CVE-2017-16532\",\n \"CVE-2017-16538\", \"CVE-2017-12193\", \"CVE-2018-1108\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-e71875c4aa\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-e71875c4aa\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/23BZYWCPCFYSPRRRVNCK6UFYCODGX6GB\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.16.4~200.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:11", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-05-26T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-93c2e74446", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2017-12193", "CVE-2017-17862", "CVE-2017-17852", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2017-17853", "CVE-2018-7757", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-1120", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2018-10322", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874606", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874606", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_93c2e74446_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-93c2e74446\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874606\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-26 05:55:13 +0200 (Sat, 26 May 2018)\");\n script_cve_id(\"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\", \"CVE-2018-10323\",\n \"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\",\n \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\",\n \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\",\n \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\",\n \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\",\n \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\",\n \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\",\n \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\",\n \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\",\n \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-93c2e74446\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-93c2e74446\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4XJ6WFI3BA27DJD66OHZX644RGQ7EBV\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.16.11~200.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-06-06T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-e8f793bbfc", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2017-12193", "CVE-2017-17862", "CVE-2018-11506", "CVE-2017-17852", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2017-17853", "CVE-2018-7757", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-1120", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2018-10322", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874647", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874647", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_e8f793bbfc_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-e8f793bbfc\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874647\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-06 10:21:31 +0200 (Wed, 06 Jun 2018)\");\n script_cve_id(\"CVE-2018-11506\", \"CVE-2018-10840\", \"CVE-2018-3639\", \"CVE-2018-1120\",\n \"CVE-2018-10322\", \"CVE-2018-10323\", \"CVE-2018-1108\", \"CVE-2018-10021\",\n \"CVE-2017-18232\", \"CVE-2018-7995\", \"CVE-2018-8043\", \"CVE-2018-7757\",\n \"CVE-2018-5803\", \"CVE-2018-1065\", \"CVE-2018-1000026\", \"CVE-2018-5750\",\n \"CVE-2018-1000004\", \"CVE-2018-5344\", \"CVE-2018-5332\", \"CVE-2018-5333\",\n \"CVE-2017-17862\", \"CVE-2017-17863\", \"CVE-2017-17864\", \"CVE-2017-17852\",\n \"CVE-2017-17853\", \"CVE-2017-17854\", \"CVE-2017-17855\", \"CVE-2017-17856\",\n \"CVE-2017-17857\", \"CVE-2017-17741\", \"CVE-2017-17712\", \"CVE-2017-17449\",\n \"CVE-2017-17450\", \"CVE-2017-17448\", \"CVE-2017-17558\", \"CVE-2017-8824\",\n \"CVE-2017-1000405\", \"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16644\",\n \"CVE-2017-16647\", \"CVE-2017-15115\", \"CVE-2017-16532\", \"CVE-2017-16538\",\n \"CVE-2017-12193\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-e8f793bbfc\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-e8f793bbfc\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F32LED4G6QF446ZM5G7MOPFDAP4VB6M2\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.16.13~200.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:11", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-05-30T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-9d0e4e40b5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2017-12193", "CVE-2017-17862", "CVE-2017-17852", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2017-17853", "CVE-2018-7757", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-1120", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2018-10322", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874623", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874623", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_9d0e4e40b5_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-9d0e4e40b5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874623\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-30 06:02:06 +0200 (Wed, 30 May 2018)\");\n script_cve_id(\"CVE-2018-10840\", \"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\",\n \"CVE-2018-10323\", \"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\",\n \"CVE-2018-7995\", \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\",\n \"CVE-2018-1065\", \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\",\n \"CVE-2018-5344\", \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\",\n \"CVE-2017-17863\", \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\",\n \"CVE-2017-17854\", \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\",\n \"CVE-2017-17741\", \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\",\n \"CVE-2017-17448\", \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\",\n \"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\",\n \"CVE-2017-15115\", \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-9d0e4e40b5\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-9d0e4e40b5\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YAUGR47M3LDUN54S6SH2OQ3U6U2LS7HA\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.16.12~200.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:06", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-06-23T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-c449dc1c9c", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2017-12193", "CVE-2017-17862", "CVE-2018-11506", "CVE-2018-12232", "CVE-2017-17852", "CVE-2018-10853", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2017-17853", "CVE-2018-7757", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-1120", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2018-10322", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874721", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874721", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_c449dc1c9c_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-c449dc1c9c\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874721\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-23 06:16:07 +0200 (Sat, 23 Jun 2018)\");\n script_cve_id(\"CVE-2018-12232\", \"CVE-2018-10853\", \"CVE-2018-11506\", \"CVE-2018-10840\",\n \"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\", \"CVE-2018-10323\",\n \"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\",\n \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\",\n \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\",\n \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\",\n \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\",\n \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\",\n \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\",\n \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\",\n \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\",\n \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-c449dc1c9c\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-c449dc1c9c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y5RAP5M7DMT24XOVYRAYT7GRQE5OWLU3\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.16.16~200.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:03", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-06-18T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-b57db4753c", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2017-12193", "CVE-2017-17862", "CVE-2018-11506", "CVE-2017-17852", "CVE-2018-10853", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2017-17853", "CVE-2018-7757", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-1120", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2018-10322", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874695", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874695", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_b57db4753c_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-b57db4753c\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874695\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-18 06:02:23 +0200 (Mon, 18 Jun 2018)\");\n script_cve_id(\"CVE-2018-10853\", \"CVE-2018-11506\", \"CVE-2018-10840\", \"CVE-2018-3639\",\n \"CVE-2018-1120\", \"CVE-2018-10322\", \"CVE-2018-10323\", \"CVE-2018-1108\",\n \"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\", \"CVE-2018-8043\",\n \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\", \"CVE-2018-1000026\",\n \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\", \"CVE-2018-5332\",\n \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\", \"CVE-2017-17864\",\n \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\", \"CVE-2017-17855\",\n \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\", \"CVE-2017-17712\",\n \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\", \"CVE-2017-17558\",\n \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\", \"CVE-2017-16650\",\n \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\", \"CVE-2017-16532\",\n \"CVE-2017-16538\", \"CVE-2017-12193\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-b57db4753c\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-b57db4753c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22G4FPLZ4Y2WCMKTQG2WQFPR36Y3V4U4\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.16.15~200.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:01", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-06-29T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-b997780dca", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2017-12193", "CVE-2017-17862", "CVE-2018-12904", "CVE-2018-11506", "CVE-2018-12232", "CVE-2017-17852", "CVE-2018-10853", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2017-17853", "CVE-2018-7757", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-1120", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2018-10322", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874751", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874751", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_b997780dca_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-b997780dca\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874751\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-29 10:57:08 +0200 (Fri, 29 Jun 2018)\");\n script_cve_id(\"CVE-2018-12232\", \"CVE-2018-10853\", \"CVE-2018-11506\", \"CVE-2018-10840\",\n \"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\", \"CVE-2018-10323\",\n \"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\",\n \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\",\n \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\",\n \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\",\n \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\",\n \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\",\n \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\",\n \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\",\n \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\",\n \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\", \"CVE-2018-12904\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-b997780dca\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-b997780dca\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2V7GQIYQYXQJNRX5DEJNNO6YKOHQC42\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.17.2~100.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:01", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-07-03T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-2a0f8b2c9d", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-12633", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2017-12193", "CVE-2017-17862", "CVE-2018-11506", "CVE-2018-12232", "CVE-2017-17852", "CVE-2018-10853", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2017-17853", "CVE-2018-7757", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-1120", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2018-10322", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874761", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874761", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_2a0f8b2c9d_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-2a0f8b2c9d\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874761\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-07-03 06:02:18 +0200 (Tue, 03 Jul 2018)\");\n script_cve_id(\"CVE-2018-12633\", \"CVE-2018-12232\", \"CVE-2018-10853\", \"CVE-2018-11506\",\n \"CVE-2018-10840\", \"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\",\n \"CVE-2018-10323\", \"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\",\n \"CVE-2018-7995\", \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\",\n \"CVE-2018-1065\", \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\",\n \"CVE-2018-5344\", \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\",\n \"CVE-2017-17863\", \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\",\n \"CVE-2017-17854\", \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\",\n \"CVE-2017-17741\", \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\",\n \"CVE-2017-17448\", \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\",\n \"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\",\n \"CVE-2017-15115\", \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-2a0f8b2c9d\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-2a0f8b2c9d\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGVBVYZZR6UYWHRCMCVLU3DVJMBOYBLP\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.17.3~100.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:55", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-08-10T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-2f6df9abfb", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2018-13053", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-12633", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2018-13405", "CVE-2018-13095", "CVE-2017-12193", "CVE-2017-17862", "CVE-2018-12714", "CVE-2018-11506", "CVE-2018-12232", "CVE-2017-17852", "CVE-2018-10853", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2018-13093", "CVE-2017-17853", "CVE-2018-7757", "CVE-2017-15115", "CVE-2018-14734", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-1120", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2018-10322", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-14678", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856", "CVE-2018-12896", "CVE-2018-13094"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874919", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874919", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_2f6df9abfb_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-2f6df9abfb\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874919\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-08-10 06:22:46 +0200 (Fri, 10 Aug 2018)\");\n script_cve_id(\"CVE-2018-14734\", \"CVE-2018-14678\", \"CVE-2018-13405\", \"CVE-2018-13053\",\n \"CVE-2018-12896\", \"CVE-2018-13093\", \"CVE-2018-13094\", \"CVE-2018-13095\",\n \"CVE-2018-12714\", \"CVE-2018-12633\", \"CVE-2018-12232\", \"CVE-2018-10853\",\n \"CVE-2018-11506\", \"CVE-2018-10840\", \"CVE-2018-3639\", \"CVE-2018-1120\",\n \"CVE-2018-10322\", \"CVE-2018-10323\", \"CVE-2018-1108\", \"CVE-2018-10021\",\n \"CVE-2017-18232\", \"CVE-2018-7995\", \"CVE-2018-8043\", \"CVE-2018-7757\",\n \"CVE-2018-5803\", \"CVE-2018-1065\", \"CVE-2018-1000026\", \"CVE-2018-5750\",\n \"CVE-2018-1000004\", \"CVE-2018-5344\", \"CVE-2018-5332\", \"CVE-2018-5333\",\n \"CVE-2017-17862\", \"CVE-2017-17863\", \"CVE-2017-17864\", \"CVE-2017-17852\",\n \"CVE-2017-17853\", \"CVE-2017-17854\", \"CVE-2017-17855\", \"CVE-2017-17856\",\n \"CVE-2017-17857\", \"CVE-2017-17741\", \"CVE-2017-17712\", \"CVE-2017-17449\",\n \"CVE-2017-17450\", \"CVE-2017-17448\", \"CVE-2017-17558\", \"CVE-2017-8824\",\n \"CVE-2017-1000405\", \"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16644\",\n \"CVE-2017-16647\", \"CVE-2017-15115\", \"CVE-2017-16532\", \"CVE-2017-16538\",\n \"CVE-2017-12193\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-2f6df9abfb\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-2f6df9abfb\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2UJZBTWLH7WHZLJ6CMPDARHBP5OQRHT\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.17.12~100.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-04T17:06:35", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-05-12T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-884a105c04", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2017-14051", "CVE-2018-8043", "CVE-2017-17863", "CVE-2017-17450", "CVE-2017-5123", "CVE-2018-1108", "CVE-2017-17558", "CVE-2017-13695", "CVE-2018-1000004", "CVE-2017-1000111", "CVE-2018-5333", "CVE-2017-15265", "CVE-2017-17741", "CVE-2017-13694", "CVE-2017-12193", "CVE-2017-17862", "CVE-2017-13693", "CVE-2017-17852", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2017-17853", "CVE-2017-10810", "CVE-2018-7757", "CVE-2017-7533", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2017-1000251", "CVE-2017-1000112", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-7558", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2017-1000255", "CVE-2017-16650", "CVE-2017-12134", "CVE-2017-12153", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-14497", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-14954", "CVE-2017-16644", "CVE-2017-17864", "CVE-2017-12154", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2017-12190", "CVE-2017-17856"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874427", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874427", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_884a105c04_kernel_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-884a105c04\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874427\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-12 06:00:51 +0200 (Sat, 12 May 2018)\");\n script_cve_id(\"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\",\n \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\",\n \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\",\n \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\",\n \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\",\n \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\",\n \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\",\n \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\",\n \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\",\n \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\", \"CVE-2017-12190\",\n \"CVE-2017-5123\", \"CVE-2017-15265\", \"CVE-2017-1000255\", \"CVE-2017-14954\",\n \"CVE-2017-14497\", \"CVE-2017-12154\", \"CVE-2017-12153\", \"CVE-2017-1000251\",\n \"CVE-2017-14051\", \"CVE-2017-13693\", \"CVE-2017-13694\", \"CVE-2017-13695\",\n \"CVE-2017-7558\", \"CVE-2017-12134\", \"CVE-2017-1000111\", \"CVE-2017-1000112\",\n \"CVE-2017-7533\", \"CVE-2017-10810\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-884a105c04\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-884a105c04\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HM3JVAHYMEV65VTITHNUM7JTHTN7Q53I\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.16.7~100.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:08", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-08-04T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-49bda79bd5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2018-13053", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-12633", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2018-13405", "CVE-2018-13095", "CVE-2017-12193", "CVE-2017-17862", "CVE-2018-12714", "CVE-2018-11506", "CVE-2018-12232", "CVE-2017-17852", "CVE-2018-10853", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2018-13093", "CVE-2017-17853", "CVE-2018-7757", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-1120", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2018-10322", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-14678", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856", "CVE-2018-12896", "CVE-2018-13094"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874890", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874890", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_49bda79bd5_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-49bda79bd5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874890\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-08-04 06:04:25 +0200 (Sat, 04 Aug 2018)\");\n script_cve_id(\"CVE-2018-14678\", \"CVE-2018-13405\", \"CVE-2018-13053\", \"CVE-2018-12896\",\n \"CVE-2018-13093\", \"CVE-2018-13094\", \"CVE-2018-13095\", \"CVE-2018-12714\",\n \"CVE-2018-12633\", \"CVE-2018-12232\", \"CVE-2018-10853\", \"CVE-2018-11506\",\n \"CVE-2018-10840\", \"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\",\n \"CVE-2018-10323\", \"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\",\n \"CVE-2018-7995\", \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\",\n \"CVE-2018-1065\", \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\",\n \"CVE-2018-5344\", \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\",\n \"CVE-2017-17863\", \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\",\n \"CVE-2017-17854\", \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\",\n \"CVE-2017-17741\", \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\",\n \"CVE-2017-17448\", \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\",\n \"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\",\n \"CVE-2017-15115\", \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-49bda79bd5\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-49bda79bd5\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3AQDHJH4EQZ2WK343QWMUIUUHBY6PQ4\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.17.11~100.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-08-19T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-1c80fea1cd", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2018-13053", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-12633", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2018-13405", "CVE-2018-13095", "CVE-2017-12193", "CVE-2017-17862", "CVE-2018-12714", "CVE-2018-11506", "CVE-2018-12232", "CVE-2017-17852", "CVE-2018-10853", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2018-13093", "CVE-2017-17853", "CVE-2018-7757", "CVE-2017-15115", "CVE-2018-14734", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-3646", "CVE-2018-1120", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2018-3620", "CVE-2017-17449", "CVE-2018-10322", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-14678", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856", "CVE-2018-12896", "CVE-2018-13094"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874964", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874964", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_1c80fea1cd_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-1c80fea1cd\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874964\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-08-19 06:42:42 +0200 (Sun, 19 Aug 2018)\");\n script_cve_id(\"CVE-2018-3620\", \"CVE-2018-3646\", \"CVE-2018-14734\", \"CVE-2018-14678\",\n \"CVE-2018-13405\", \"CVE-2018-13053\", \"CVE-2018-12896\", \"CVE-2018-13093\",\n \"CVE-2018-13094\", \"CVE-2018-13095\", \"CVE-2018-12714\", \"CVE-2018-12633\",\n \"CVE-2018-12232\", \"CVE-2018-10853\", \"CVE-2018-11506\", \"CVE-2018-10840\",\n \"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\", \"CVE-2018-10323\",\n \"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\",\n \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\",\n \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\",\n \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\",\n \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\",\n \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\",\n \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\",\n \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\",\n \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\",\n \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-1c80fea1cd\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-1c80fea1cd\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.17.14~102.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-04T17:01:11", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-04-18T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-4ca01704a2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2017-14051", "CVE-2018-8043", "CVE-2017-17863", "CVE-2017-17450", "CVE-2017-5123", "CVE-2017-17558", "CVE-2017-13695", "CVE-2018-1000004", "CVE-2017-1000111", "CVE-2018-5333", "CVE-2017-15265", "CVE-2017-17741", "CVE-2017-13694", "CVE-2017-12193", "CVE-2017-17862", "CVE-2017-13693", "CVE-2017-17852", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2017-17853", "CVE-2017-10810", "CVE-2018-7757", "CVE-2017-7533", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2017-1000251", "CVE-2017-1000112", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-7558", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2017-1000255", "CVE-2017-16650", "CVE-2017-12134", "CVE-2017-12153", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-14497", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-14954", "CVE-2017-16644", "CVE-2017-17864", "CVE-2017-12154", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2017-12190", "CVE-2017-17856"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874365", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874365", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_4ca01704a2_kernel_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-4ca01704a2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874365\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-04-18 08:54:26 +0200 (Wed, 18 Apr 2018)\");\n script_cve_id(\"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\", \"CVE-2018-8043\",\n \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\", \"CVE-2018-1000026\",\n \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\", \"CVE-2018-5332\",\n \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\", \"CVE-2017-17864\",\n \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\", \"CVE-2017-17855\",\n \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\", \"CVE-2017-17712\",\n \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\", \"CVE-2017-17558\",\n \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\", \"CVE-2017-16650\",\n \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\", \"CVE-2017-16532\",\n \"CVE-2017-16538\", \"CVE-2017-12193\", \"CVE-2017-12190\", \"CVE-2017-5123\",\n \"CVE-2017-15265\", \"CVE-2017-1000255\", \"CVE-2017-14954\", \"CVE-2017-14497\",\n \"CVE-2017-12154\", \"CVE-2017-12153\", \"CVE-2017-1000251\", \"CVE-2017-14051\",\n \"CVE-2017-13693\", \"CVE-2017-13694\", \"CVE-2017-13695\", \"CVE-2017-7558\",\n \"CVE-2017-12134\", \"CVE-2017-1000111\", \"CVE-2017-1000112\", \"CVE-2017-7533\",\n \"CVE-2017-10810\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-4ca01704a2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-4ca01704a2\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3MAKT7ZDC6T4B52QFNRBYKWU75JMUX5C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.15.17~200.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-08-26T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-79d7c3d2df", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2018-13053", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-12633", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2018-13405", "CVE-2018-13095", "CVE-2017-12193", "CVE-2017-17862", "CVE-2018-12714", "CVE-2018-11506", "CVE-2018-12232", "CVE-2017-17852", "CVE-2018-10853", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2018-13093", "CVE-2017-17853", "CVE-2018-7757", "CVE-2017-15115", "CVE-2018-14734", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-3646", "CVE-2018-1120", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2018-3620", "CVE-2017-17449", "CVE-2018-10322", "CVE-2018-15471", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-14678", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856", "CVE-2018-12896", "CVE-2018-13094"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874998", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874998", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_79d7c3d2df_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-79d7c3d2df\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874998\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-08-26 07:09:43 +0200 (Sun, 26 Aug 2018)\");\n script_cve_id(\"CVE-2018-15471\", \"CVE-2018-3620\", \"CVE-2018-3646\", \"CVE-2018-14734\",\n \"CVE-2018-14678\", \"CVE-2018-13405\", \"CVE-2018-13053\", \"CVE-2018-12896\",\n \"CVE-2018-13093\", \"CVE-2018-13094\", \"CVE-2018-13095\", \"CVE-2018-12714\",\n \"CVE-2018-12633\", \"CVE-2018-12232\", \"CVE-2018-10853\", \"CVE-2018-11506\",\n \"CVE-2018-10840\", \"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\",\n \"CVE-2018-10323\", \"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\",\n \"CVE-2018-7995\", \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\",\n \"CVE-2018-1065\", \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\",\n \"CVE-2018-5344\", \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\",\n \"CVE-2017-17863\", \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\",\n \"CVE-2017-17854\", \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\",\n \"CVE-2017-17741\", \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\",\n \"CVE-2017-17448\", \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\",\n \"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\",\n \"CVE-2017-15115\", \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-79d7c3d2df\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-79d7c3d2df\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PWPRVELTRP4X6YB4R6SW3K356ROV3BE\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.17.17~100.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:03", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-07-15T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-8484550fff", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2018-13053", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-12633", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2018-13405", "CVE-2018-13095", "CVE-2017-12193", "CVE-2017-17862", "CVE-2018-12714", "CVE-2018-13406", "CVE-2018-11506", "CVE-2018-12232", "CVE-2017-17852", "CVE-2018-10853", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2018-13093", "CVE-2017-17853", "CVE-2018-7757", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-1120", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2018-10322", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856", "CVE-2018-12896", "CVE-2018-13094"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874813", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874813", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_8484550fff_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-8484550fff\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874813\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-07-15 06:04:39 +0200 (Sun, 15 Jul 2018)\");\n script_cve_id(\"CVE-2018-13405\", \"CVE-2018-13053\", \"CVE-2018-12896\", \"CVE-2018-13093\",\n \"CVE-2018-13094\", \"CVE-2018-13095\", \"CVE-2018-12714\", \"CVE-2018-12633\",\n \"CVE-2018-12232\", \"CVE-2018-10853\", \"CVE-2018-11506\", \"CVE-2018-10840\",\n \"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\", \"CVE-2018-10323\",\n \"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\",\n \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\",\n \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\",\n \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\",\n \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\",\n \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\",\n \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\",\n \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\",\n \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\",\n \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\", \"CVE-2018-13406\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-8484550fff\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-8484550fff\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOZHI2THAILWJPPQV3NONSSGW7WEZHWA\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.17.5~100.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-11T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-94315e9a6b", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2018-13053", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-12633", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2018-13405", "CVE-2018-13095", "CVE-2017-12193", "CVE-2017-17862", "CVE-2018-12714", "CVE-2018-11506", "CVE-2018-12232", "CVE-2017-17852", "CVE-2018-10853", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2018-13093", "CVE-2017-17853", "CVE-2018-17182", "CVE-2018-7757", "CVE-2017-15115", "CVE-2018-14734", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-3646", "CVE-2018-18021", "CVE-2018-1120", "CVE-2018-5391", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2018-3620", "CVE-2017-17449", "CVE-2018-10322", "CVE-2018-15471", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-14678", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2018-14633", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856", "CVE-2018-12896", "CVE-2018-13094"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875170", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875170", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_94315e9a6b_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-94315e9a6b\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875170\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-11 08:44:29 +0200 (Thu, 11 Oct 2018)\");\n script_cve_id(\"CVE-2018-14633\", \"CVE-2018-17182\", \"CVE-2018-5391\", \"CVE-2018-15471\",\n \"CVE-2018-3620\", \"CVE-2018-3646\", \"CVE-2018-14734\", \"CVE-2018-14678\",\n \"CVE-2018-13405\", \"CVE-2018-13053\", \"CVE-2018-12896\", \"CVE-2018-13093\",\n \"CVE-2018-13094\", \"CVE-2018-13095\", \"CVE-2018-12714\", \"CVE-2018-12633\",\n \"CVE-2018-12232\", \"CVE-2018-10853\", \"CVE-2018-11506\", \"CVE-2018-10840\",\n \"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\", \"CVE-2018-10323\",\n \"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\",\n \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\",\n \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\",\n \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\",\n \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\",\n \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\",\n \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\",\n \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\",\n \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\",\n \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\", \"CVE-2018-18021\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-94315e9a6b\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-94315e9a6b\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RKOLTEPUDYGM4MZIFXROKL3WL6JRMXZE\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.18.12~100.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:08", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-09-27T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-d77cc41f35", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2018-13053", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-12633", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2018-13405", "CVE-2018-13095", "CVE-2017-12193", "CVE-2017-17862", "CVE-2018-12714", "CVE-2018-11506", "CVE-2018-12232", "CVE-2017-17852", "CVE-2018-10853", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2018-13093", "CVE-2017-17853", "CVE-2018-17182", "CVE-2018-7757", "CVE-2017-15115", "CVE-2018-14734", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-3646", "CVE-2018-1120", "CVE-2018-5391", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2018-3620", "CVE-2017-17449", "CVE-2018-10322", "CVE-2018-15471", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-14678", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856", "CVE-2018-12896", "CVE-2018-13094"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875099", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875099", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_d77cc41f35_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-d77cc41f35\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875099\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-09-27 08:31:40 +0200 (Thu, 27 Sep 2018)\");\n script_cve_id(\"CVE-2018-5391\", \"CVE-2018-15471\", \"CVE-2018-3620\", \"CVE-2018-3646\",\n \"CVE-2018-14734\", \"CVE-2018-14678\", \"CVE-2018-13405\", \"CVE-2018-13053\",\n \"CVE-2018-12896\", \"CVE-2018-13093\", \"CVE-2018-13094\", \"CVE-2018-13095\",\n \"CVE-2018-12714\", \"CVE-2018-12633\", \"CVE-2018-12232\", \"CVE-2018-10853\",\n \"CVE-2018-11506\", \"CVE-2018-10840\", \"CVE-2018-3639\", \"CVE-2018-1120\",\n \"CVE-2018-10322\", \"CVE-2018-10323\", \"CVE-2018-1108\", \"CVE-2018-10021\",\n \"CVE-2017-18232\", \"CVE-2018-7995\", \"CVE-2018-8043\", \"CVE-2018-7757\",\n \"CVE-2018-5803\", \"CVE-2018-1065\", \"CVE-2018-1000026\", \"CVE-2018-5750\",\n \"CVE-2018-1000004\", \"CVE-2018-5344\", \"CVE-2018-5332\", \"CVE-2018-5333\",\n \"CVE-2017-17862\", \"CVE-2017-17863\", \"CVE-2017-17864\", \"CVE-2017-17852\",\n \"CVE-2017-17853\", \"CVE-2017-17854\", \"CVE-2017-17855\", \"CVE-2017-17856\",\n \"CVE-2017-17857\", \"CVE-2017-17741\", \"CVE-2017-17712\", \"CVE-2017-17449\",\n \"CVE-2017-17450\", \"CVE-2017-17448\", \"CVE-2017-17558\", \"CVE-2017-8824\",\n \"CVE-2017-1000405\", \"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16644\",\n \"CVE-2017-16647\", \"CVE-2017-15115\", \"CVE-2017-16532\", \"CVE-2017-16538\",\n \"CVE-2017-12193\", \"CVE-2018-17182\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-d77cc41f35\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-d77cc41f35\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKESRJO5EIBN6QFG4PO463OGQRU6HFOF\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.18.9~100.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-12-04T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-b68776e5b0", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2018-13053", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-12633", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2018-13405", "CVE-2018-13095", "CVE-2017-12193", "CVE-2017-17862", "CVE-2018-12714", "CVE-2018-11506", "CVE-2018-12232", "CVE-2017-17852", "CVE-2018-10853", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2018-13093", "CVE-2017-17853", "CVE-2018-17182", "CVE-2018-7757", "CVE-2017-15115", "CVE-2018-14734", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-3646", "CVE-2018-1120", "CVE-2018-5391", "CVE-2018-1065", "CVE-2017-18232", "CVE-2018-18710", "CVE-2017-16647", "CVE-2018-5332", "CVE-2018-3620", "CVE-2017-17449", "CVE-2018-10322", "CVE-2018-15471", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-14678", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2018-14633", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856", "CVE-2018-12896", "CVE-2018-13094"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875334", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875334", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_b68776e5b0_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-b68776e5b0\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875334\");\n script_version(\"$Revision: 14223 $\");\n script_cve_id(\"CVE-2018-18710\", \"CVE-2018-14633\", \"CVE-2018-17182\", \"CVE-2018-5391\", \"CVE-2018-15471\", \"CVE-2018-3620\", \"CVE-2018-3646\", \"CVE-2018-14734\", \"CVE-2018-14678\", \"CVE-2018-13405\", \"CVE-2018-13053\", \"CVE-2018-12896\", \"CVE-2018-13093\", \"CVE-2018-13094\", \"CVE-2018-13095\", \"CVE-2018-12714\", \"CVE-2018-12633\", \"CVE-2018-12232\", \"CVE-2018-10853\", \"CVE-2018-11506\", \"CVE-2018-10840\", \"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\", \"CVE-2018-10323\", \"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\", \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\", \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\", \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\", \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\", \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\", \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\", \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\", \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-12-04 08:34:37 +0100 (Tue, 04 Dec 2018)\");\n script_name(\"Fedora Update for kernel FEDORA-2018-b68776e5b0\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n script_xref(name:\"FEDORA\", value:\"2018-b68776e5b0\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OZHJB75FAIL6GZIEXPM735EW43TAV37\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the FEDORA-2018-b68776e5b0 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"kernel on Fedora 27.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.18.19~100.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:56", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-02T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-c0a1284064", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2018-13053", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-12633", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2018-13405", "CVE-2018-13095", "CVE-2017-12193", "CVE-2017-17862", "CVE-2018-12714", "CVE-2018-11506", "CVE-2018-12232", "CVE-2017-17852", "CVE-2018-10853", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2018-13093", "CVE-2017-17853", "CVE-2018-17182", "CVE-2018-7757", "CVE-2017-15115", "CVE-2018-14734", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-3646", "CVE-2018-1120", "CVE-2018-5391", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2018-3620", "CVE-2017-17449", "CVE-2018-10322", "CVE-2018-15471", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-14678", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2018-14633", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856", "CVE-2018-12896", "CVE-2018-13094"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875128", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875128", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_c0a1284064_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-c0a1284064\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875128\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-02 08:30:25 +0200 (Tue, 02 Oct 2018)\");\n script_cve_id(\"CVE-2018-14633\", \"CVE-2018-17182\", \"CVE-2018-5391\", \"CVE-2018-15471\",\n \"CVE-2018-3620\", \"CVE-2018-3646\", \"CVE-2018-14734\", \"CVE-2018-14678\",\n \"CVE-2018-13405\", \"CVE-2018-13053\", \"CVE-2018-12896\", \"CVE-2018-13093\",\n \"CVE-2018-13094\", \"CVE-2018-13095\", \"CVE-2018-12714\", \"CVE-2018-12633\",\n \"CVE-2018-12232\", \"CVE-2018-10853\", \"CVE-2018-11506\", \"CVE-2018-10840\",\n \"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\", \"CVE-2018-10323\",\n \"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\",\n \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\",\n \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\",\n \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\",\n \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\",\n \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\",\n \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\",\n \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\",\n \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\",\n \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-c0a1284064\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-c0a1284064\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3KRIRC4X5WWFMPBCO7YX3WEQQGQBGTNO\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.18.10~100.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:04", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-17T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-2ee3411cb8", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2018-13053", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-12633", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2018-13405", "CVE-2018-13095", "CVE-2017-12193", "CVE-2017-17862", "CVE-2018-12714", "CVE-2018-11506", "CVE-2018-12232", "CVE-2017-17852", "CVE-2018-10853", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2018-13093", "CVE-2017-17853", "CVE-2018-17182", "CVE-2018-7757", "CVE-2017-15115", "CVE-2018-14734", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-3646", "CVE-2018-1120", "CVE-2018-5391", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2018-3620", "CVE-2017-17449", "CVE-2018-10322", "CVE-2018-15471", "CVE-2017-16650", "CVE-2018-17972", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-14678", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2018-14633", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856", "CVE-2018-12896", "CVE-2018-13094"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875201", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875201", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_2ee3411cb8_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-2ee3411cb8\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875201\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-17 06:39:38 +0200 (Wed, 17 Oct 2018)\");\n script_cve_id(\"CVE-2018-14633\", \"CVE-2018-17182\", \"CVE-2018-5391\", \"CVE-2018-15471\",\n \"CVE-2018-3620\", \"CVE-2018-3646\", \"CVE-2018-14734\", \"CVE-2018-14678\",\n \"CVE-2018-13405\", \"CVE-2018-13053\", \"CVE-2018-12896\", \"CVE-2018-13093\",\n \"CVE-2018-13094\", \"CVE-2018-13095\", \"CVE-2018-12714\", \"CVE-2018-12633\",\n \"CVE-2018-12232\", \"CVE-2018-10853\", \"CVE-2018-11506\", \"CVE-2018-10840\",\n \"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\", \"CVE-2018-10323\",\n \"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\",\n \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\",\n \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\",\n \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\",\n \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\",\n \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\",\n \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\",\n \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\",\n \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\",\n \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\", \"CVE-2018-17972\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-2ee3411cb8\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-2ee3411cb8\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ACX4WW5ZZ3PNMAEPZVJGMZ2D2BYHVMUD\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.18.13~100.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-04T17:06:26", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-05-30T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-6367a17aa3", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2017-14051", "CVE-2018-8043", "CVE-2017-17863", "CVE-2017-17450", "CVE-2017-5123", "CVE-2018-1108", "CVE-2017-17558", "CVE-2017-13695", "CVE-2018-1000004", "CVE-2017-1000111", "CVE-2018-5333", "CVE-2017-15265", "CVE-2017-17741", "CVE-2017-13694", "CVE-2017-12193", "CVE-2017-17862", "CVE-2017-13693", "CVE-2017-17852", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2017-17853", "CVE-2017-10810", "CVE-2018-7757", "CVE-2017-7533", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2017-1000251", "CVE-2018-1120", "CVE-2017-1000112", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-7558", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2017-1000255", "CVE-2018-10322", "CVE-2017-16650", "CVE-2017-12134", "CVE-2018-10323", "CVE-2017-12153", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-14497", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-14954", "CVE-2017-16644", "CVE-2017-17864", "CVE-2017-12154", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2017-12190", "CVE-2018-3639", "CVE-2017-17856"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874619", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874619", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_6367a17aa3_kernel_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-6367a17aa3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874619\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-30 05:57:30 +0200 (Wed, 30 May 2018)\");\n script_cve_id(\"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\", \"CVE-2018-10323\",\n \"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\",\n \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\",\n \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\",\n \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\",\n \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\",\n \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\",\n \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\",\n \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\",\n \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\",\n \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\", \"CVE-2017-12190\",\n \"CVE-2017-5123\", \"CVE-2017-15265\", \"CVE-2017-1000255\", \"CVE-2017-14954\",\n \"CVE-2017-14497\", \"CVE-2017-12154\", \"CVE-2017-12153\", \"CVE-2017-1000251\",\n \"CVE-2017-14051\", \"CVE-2017-13693\", \"CVE-2017-13694\", \"CVE-2017-13695\",\n \"CVE-2017-7558\", \"CVE-2017-12134\", \"CVE-2017-1000111\", \"CVE-2017-1000112\",\n \"CVE-2017-7533\", \"CVE-2017-10810\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-6367a17aa3\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-6367a17aa3\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6U7NCPMTQKKHLC4ZHQCTLYN4LCP2JQ4C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.16.11~100.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-04T18:12:50", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: kernel-4.14.11-200.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17856", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864"], "modified": "2018-01-04T18:12:50", "id": "FEDORA:C88F6601BD0C", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SEFHTLFUOREQQK4DCRD46ZY3QPR6RSJ5/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-04T02:22:54", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.14.11-300.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17856", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864"], "modified": "2018-01-04T02:22:54", "id": "FEDORA:4A25C608E179", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CFRT6EBC2HJ4XLWLZZ7MATZ2EWPTADAH/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-04-18T01:31:51", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.15.17-300.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-1065", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-04-18T01:31:51", "id": "FEDORA:74245604D4DA", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SKS5SHENFBKZBNJZ5A6BMP6JNTK5D4QC/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-04-29T05:16:13", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.16.4-200.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-1065", "CVE-2018-1108", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-04-29T05:16:13", "id": "FEDORA:AB52460321C9", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/23BZYWCPCFYSPRRRVNCK6UFYCODGX6GB/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-05-25T15:46:24", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.16.11-200.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-3639", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-05-25T15:46:24", "id": "FEDORA:08D3760E6566", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Y4XJ6WFI3BA27DJD66OHZX644RGQ7EBV/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-17T19:45:35", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.16.15-200.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-3639", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-06-17T19:45:35", "id": "FEDORA:DF5176048167", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/22G4FPLZ4Y2WCMKTQG2WQFPR36Y3V4U4/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-05-29T11:50:44", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.16.12-200.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-3639", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-05-29T11:50:44", "id": "FEDORA:E6F08605DCE7", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YAUGR47M3LDUN54S6SH2OQ3U6U2LS7HA/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-05T14:11:50", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.16.13-200.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-3639", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-06-05T14:11:50", "id": "FEDORA:4832F6079717", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/F32LED4G6QF446ZM5G7MOPFDAP4VB6M2/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-07-01T01:37:15", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.17.3-100.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-12633", "CVE-2018-3639", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-07-01T01:37:15", "id": "FEDORA:909D360491BF", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QGVBVYZZR6UYWHRCMCVLU3DVJMBOYBLP/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-28T13:35:42", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.17.2-100.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-12904", "CVE-2018-3639", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-06-28T13:35:42", "id": "FEDORA:25BDD6190ECF", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/S2V7GQIYQYXQJNRX5DEJNNO6YKOHQC42/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-22T14:12:17", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.16.16-200.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-3639", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-06-22T14:12:17", "id": "FEDORA:10F7D6255145", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Y5RAP5M7DMT24XOVYRAYT7GRQE5OWLU3/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-07-13T16:38:23", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.17.5-100.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-12633", "CVE-2018-12714", "CVE-2018-12896", "CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-13405", "CVE-2018-13406", "CVE-2018-3639", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-07-13T16:38:23", "id": "FEDORA:29FCE65ECD33", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VOZHI2THAILWJPPQV3NONSSGW7WEZHWA/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:46:50", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-08-03T19:58:28", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.17.11-100.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-12633", "CVE-2018-12714", "CVE-2018-12896", "CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-13405", "CVE-2018-14678", "CVE-2018-3639", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-08-03T19:58:28", "id": "FEDORA:B54D264CBCAC", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/K3AQDHJH4EQZ2WK343QWMUIUUHBY6PQ4/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-04-18T01:07:00", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: kernel-4.15.17-200.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000111", "CVE-2017-1000112", "CVE-2017-1000251", "CVE-2017-1000255", "CVE-2017-1000405", "CVE-2017-10810", "CVE-2017-12134", "CVE-2017-12153", "CVE-2017-12154", "CVE-2017-12190", "CVE-2017-12193", "CVE-2017-13693", "CVE-2017-13694", "CVE-2017-13695", "CVE-2017-14051", "CVE-2017-14497", "CVE-2017-14954", "CVE-2017-15115", "CVE-2017-15265", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-5123", "CVE-2017-7533", "CVE-2017-7558", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-1065", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-04-18T01:07:00", "id": "FEDORA:6F1BC604D0C1", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3MAKT7ZDC6T4B52QFNRBYKWU75JMUX5C/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-05-11T17:46:05", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: kernel-4.16.7-100.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000111", "CVE-2017-1000112", "CVE-2017-1000251", "CVE-2017-1000255", "CVE-2017-1000405", "CVE-2017-10810", "CVE-2017-12134", "CVE-2017-12153", "CVE-2017-12154", "CVE-2017-12190", "CVE-2017-12193", "CVE-2017-13693", "CVE-2017-13694", "CVE-2017-13695", "CVE-2017-14051", "CVE-2017-14497", "CVE-2017-14954", "CVE-2017-15115", "CVE-2017-15265", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-5123", "CVE-2017-7533", "CVE-2017-7558", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-1065", "CVE-2018-1108", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-05-11T17:46:05", "id": "FEDORA:648496077DD1", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HM3JVAHYMEV65VTITHNUM7JTHTN7Q53I/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-07-28T14:46:50", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-08-24T07:16:18", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.17.17-100.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-12633", "CVE-2018-12714", "CVE-2018-12896", "CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-13405", "CVE-2018-14678", "CVE-2018-14734", "CVE-2018-15471", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-08-24T07:16:18", "id": "FEDORA:5D742610B071", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2PWPRVELTRP4X6YB4R6SW3K356ROV3BE/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:46:50", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-08-16T07:24:55", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.17.14-102.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-12633", "CVE-2018-12714", "CVE-2018-12896", "CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-13405", "CVE-2018-14678", "CVE-2018-14734", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-08-16T07:24:55", "id": "FEDORA:7640C641CB61", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-05-29T11:10:03", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: kernel-4.16.11-100.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000111", "CVE-2017-1000112", "CVE-2017-1000251", "CVE-2017-1000255", "CVE-2017-1000405", "CVE-2017-10810", "CVE-2017-12134", "CVE-2017-12153", "CVE-2017-12154", "CVE-2017-12190", "CVE-2017-12193", "CVE-2017-13693", "CVE-2017-13694", "CVE-2017-13695", "CVE-2017-14051", "CVE-2017-14497", "CVE-2017-14954", "CVE-2017-15115", "CVE-2017-15265", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-5123", "CVE-2017-7533", "CVE-2017-7558", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-3639", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-05-29T11:10:03", "id": "FEDORA:44065605602A", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6U7NCPMTQKKHLC4ZHQCTLYN4LCP2JQ4C/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-07-28T14:46:50", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-08-09T16:53:05", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.17.12-100.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-12633", "CVE-2018-12714", "CVE-2018-12896", "CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-13405", "CVE-2018-14678", "CVE-2018-14734", "CVE-2018-3639", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-08-09T16:53:05", "id": "FEDORA:6EC6360BEA04", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/E2UJZBTWLH7WHZLJ6CMPDARHBP5OQRHT/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:46:50", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-09-26T20:18:44", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.18.9-100.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-12633", "CVE-2018-12714", "CVE-2018-12896", "CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-13405", "CVE-2018-14678", "CVE-2018-14734", "CVE-2018-15471", "CVE-2018-17182", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5391", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-09-26T20:18:44", "id": "FEDORA:87BD56087904", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DKESRJO5EIBN6QFG4PO463OGQRU6HFOF/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:46:50", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-11-27T03:13:40", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.18.19-100.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-12633", "CVE-2018-12714", "CVE-2018-12896", "CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-13405", "CVE-2018-14633", "CVE-2018-14678", "CVE-2018-14734", "CVE-2018-15471", "CVE-2018-17182", "CVE-2018-18710", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5391", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-11-27T03:13:40", "id": "FEDORA:B395E6087A9D", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2OZHJB75FAIL6GZIEXPM735EW43TAV37/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:46:50", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-01T01:23:43", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.18.10-100.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-12633", "CVE-2018-12714", "CVE-2018-12896", "CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-13405", "CVE-2018-14633", "CVE-2018-14678", "CVE-2018-14734", "CVE-2018-15471", "CVE-2018-17182", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5391", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-10-01T01:23:43", "id": "FEDORA:8F974604E846", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3KRIRC4X5WWFMPBCO7YX3WEQQGQBGTNO/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:46:50", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-16T12:10:24", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.18.13-100.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-12633", "CVE-2018-12714", "CVE-2018-12896", "CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-13405", "CVE-2018-14633", "CVE-2018-14678", "CVE-2018-14734", "CVE-2018-15471", "CVE-2018-17182", "CVE-2018-17972", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5391", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-10-16T12:10:24", "id": "FEDORA:29049600CFF3", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ACX4WW5ZZ3PNMAEPZVJGMZ2D2BYHVMUD/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:46:50", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-10T21:55:37", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.18.12-100.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-12633", "CVE-2018-12714", "CVE-2018-12896", "CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-13405", "CVE-2018-14633", "CVE-2018-14678", "CVE-2018-14734", "CVE-2018-15471", "CVE-2018-17182", "CVE-2018-18021", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5391", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-10-10T21:55:37", "id": "FEDORA:D6F86601E6D9", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RKOLTEPUDYGM4MZIFXROKL3WL6JRMXZE/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2022-07-18T19:12:46", "description": "The 4.14.11 stable kernel update contains a number of important fixes across the tree. This also includes the KPTI patches to mitigate the Meltdown vulnerability for x86 architectures\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-01-05T00:00:00", "type": "nessus", "title": "Fedora 26 : kernel (2018-8ed5eff2c0)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17856", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2018-8ED5EFF2C0.NASL", "href": "https://www.tenable.com/plugins/nessus/105596", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-8ed5eff2c0.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105596);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\", \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17862\", \"CVE-2017-17863\", \"CVE-2017-17864\");\n script_xref(name:\"FEDORA\", value:\"2018-8ed5eff2c0\");\n\n script_name(english:\"Fedora 26 : kernel (2018-8ed5eff2c0)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.14.11 stable kernel update contains a number of important fixes\nacross the tree. This also includes the KPTI patches to mitigate the\nMeltdown vulnerability for x86 architectures\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-8ed5eff2c0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\", \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17862\", \"CVE-2017-17863\", \"CVE-2017-17864\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2018-8ed5eff2c0\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"kernel-4.14.11-200.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-18T19:12:06", "description": "The 4.14.11 stable kernel update contains a number of important fixes across the tree. This also includes the KPTI patches to mitigate the Meltdown vulnerability for x86 architectures.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-01-15T00:00:00", "type": "nessus", "title": "Fedora 27 : kernel (2018-22d5fa8a90)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17856", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2018-22D5FA8A90.NASL", "href": "https://www.tenable.com/plugins/nessus/106024", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-22d5fa8a90.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106024);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\", \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17862\", \"CVE-2017-17863\", \"CVE-2017-17864\");\n script_xref(name:\"FEDORA\", value:\"2018-22d5fa8a90\");\n\n script_name(english:\"Fedora 27 : kernel (2018-22d5fa8a90)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.14.11 stable kernel update contains a number of important fixes\nacross the tree. This also includes the KPTI patches to mitigate the\nMeltdown vulnerability for x86 architectures.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-22d5fa8a90\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\", \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17862\", \"CVE-2017-17863\", \"CVE-2017-17864\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2018-22d5fa8a90\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"kernel-4.14.11-300.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "archlinux": [{"lastseen": "2021-07-28T14:34:05", "description": "Arch Linux Security Advisory ASA-201801-1\n=========================================\n\nSeverity: High\nDate : 2018-01-05\nCVE-ID : CVE-2017-16995 CVE-2017-16996 CVE-2017-17449 CVE-2017-17558\nCVE-2017-17712 CVE-2017-17805 CVE-2017-17806 CVE-2017-17852\nCVE-2017-17853 CVE-2017-17854 CVE-2017-17855 CVE-2017-17856\nCVE-2017-17857 CVE-2017-17862 CVE-2017-17863 CVE-2017-17864\nCVE-2017-5754 CVE-2017-8824\nPackage : linux\nType : multiple issues\nRemote : No\nLink : https://security.archlinux.org/AVG-552\n\nSummary\n=======\n\nThe package linux before version 4.14.11-1 is vulnerable to multiple\nissues including access restriction bypass, denial of service,\nprivilege escalation and information disclosure.\n\nResolution\n==========\n\nUpgrade to 4.14.11-1.\n\n# pacman -Syu \"linux>=4.14.11-1\"\n\nThe problems have been fixed upstream in version 4.14.11.\n\nWorkaround\n==========\n\nBPF related issues can be circumvented by disabling unprivileged BPF:\n\n sysctl -w kernel.unprivileged_bpf_disabled=1\n\nOn systems that do not already have the dccp module loaded,\nCVE-2017-8824 can be mitigated by disabling it:\n\n echo >> /etc/modprobe.d/disable-dccp.conf install dccp false\n\nDescription\n===========\n\n- CVE-2017-16995 (privilege escalation)\n\nAn arbitrary memory r/w access issue was found in the Linux kernel\nbefore 4.14.9, 4.9.72 compiled with the eBPF bpf(2) system call\n(CONFIG_BPF_SYSCALL) support. The issue could occur due to calculation\nerrors in the eBPF verifier module, triggered by user supplied\nmalicious BPF program. An unprivileged user could use this flaw to\nescalate their privileges on a system. Setting parameter\n\"kernel.unprivileged_bpf_disabled=1\" prevents such privilege escalation\nby restricting access to bpf(2) call.\n\n- CVE-2017-16996 (privilege escalation)\n\nAn arbitrary memory r/w access issue was found in the Linux kernel\nbefore 4.14.9 compiled with the eBPF bpf(2) system call\n(CONFIG_BPF_SYSCALL) support. The issue could occur due to calculation\nerrors in the eBPF verifier module, triggered by user supplied\nmalicious BPF program. An unprivileged user could use this flaw to\nescalate their privileges on a system. Setting parameter\n\"kernel.unprivileged_bpf_disabled=1\" prevents such privilege escalation\nby restricting access to bpf(2) call.\n\n- CVE-2017-17449 (information disclosure)\n\nThe __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in\nthe Linux kernel before 4.14.11, 4.9.74, 4.4.109, 3.18.91 and 3.16.52\nwhen CONFIG_NLMON is enabled, does not restrict observations of Netlink\nmessages to a single net namespace, which allows local users to obtain\nsensitive information by leveraging the CAP_NET_ADMIN capability to\nsniff an nlmon interface for all Netlink activity on the system.\n\n- CVE-2017-17558 (denial of service)\n\nThe usb_destroy_configuration function in drivers/usb/core/config.c in\nthe USB core subsystem in the Linux kernel before 4.14.8, 4.9.71,\n4.4.107, 3.18.89, 3.16.52 and 3.2.97 does not consider the maximum\nnumber of configurations and interfaces before attempting to release\nresources, which allows local users to cause a denial of service (out-\nof-bounds write access) or possibly have unspecified other impact via a\ncrafted USB device.\n\n- CVE-2017-17712 (privilege escalation)\n\nA flaw was found in the Linux kernel's implementation of raw_sendmsg\nbefore 4.14.11, 4.4.109 and 4.9.74 allowing a local attacker to panic\nthe kernel or possibly leak kernel addresses. A local attacker, with\nthe privilege of creating raw sockets, can abuse a possible race\ncondition when setting the socket option to allow the kernel to\nautomatically create ip header values and thus potentially escalate\ntheir privileges.\n\n- CVE-2017-17805 (denial of service)\n\nThe Salsa20 encryption algorithm in the Linux kernel before 4.14.8,\n4.9.71, 4.4.107, 3.18.89, 3.16.52 and 3.2.97 does not correctly handle\nzero-length inputs, allowing a local attacker able to use the AF_ALG-\nbased skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a\ndenial of service (uninitialized-memory free and kernel crash) or have\nunspecified other impact by executing a crafted sequence of system\ncalls that use the blkcipher_walk API. Both the generic implementation\n(crypto/salsa20_generic.c) and x86 implementation\n(arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable.\n\n- CVE-2017-17806 (denial of service)\n\nThe HMAC implementation (crypto/hmac.c) in the Linux kernel before\n4.14.8, 4.9.71, 4.4.107, 3.18.89, 3.16.52 and 3.2.97 does not validate\nthat the underlying cryptographic hash algorithm is unkeyed, allowing a\nlocal attacker able to use the AF_ALG-based hash interface\n(CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm\n(CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by\nexecuting a crafted sequence of system calls that encounter a missing\nSHA-3 initialization.\n\n- CVE-2017-17852 (denial of service)\n\nIt has been discovered that kernel/bpf/verifier.c in the Linux kernel\nbefore 4.14.9 allows local users to cause a denial of service (memory\ncorruption) or possibly have unspecified other impact by leveraging\nmishandling of 32-bit ALU ops.\n\n- CVE-2017-17853 (denial of service)\n\nIt has been discovered kernel/bpf/verifier.c in the Linux kernel before\n4.14.9 allows local users to cause a denial of service (memory\ncorruption) or possibly have unspecified other impact by leveraging\nincorrect BPF_RSH signed bounds calculations.\n\n- CVE-2017-17854 (denial of service)\n\nIt has been discovered that kernel/bpf/verifier.c in the Linux kernel\nbefore 4.14.9 allows local users to cause a denial of service (integer\noverflow and memory corruption) or possibly have unspecified other\nimpact by leveraging unrestricted integer values for pointer\narithmetic.\n\n- CVE-2017-17855 (denial of service)\n\nIt has been discovered that kernel/bpf/verifier.c in the Linux kernel\nbefore 4.14.9 allows local users to cause a denial of service (memory\ncorruption) or possibly have unspecified other impact by leveraging\nimproper use of pointers in place of scalars.\n\n- CVE-2017-17856 (denial of service)\n\nIt has been discovered that kernel/bpf/verifier.c in the Linux kernel\nbefore 4.14.9 allows local users to cause a denial of service (memory\ncorruption) or possibly have unspecified other impact by leveraging the\nlack of stack-pointer alignment enforcement.\n\n- CVE-2017-17857 (denial of service)\n\nThe check_stack_boundary function in kernel/bpf/verifier.c in the Linux\nkernel before 4.14.9 allows local users to cause a denial of service\n(memory corruption) or possibly have unspecified other impact by\nleveraging mishandling of invalid variable stack read operations.\n\n- CVE-2017-17862 (denial of service)\n\nIt has been discovered that kernel/bpf/verifier.c in the Linux kernel\nbefore 4.14.9 and 4.9.72 ignore unreachable code, even though it would\nstill be processed by JIT compilers. This behavior, also considered an\nimproper branch-pruning logic issue, could possibly be used by local\nusers for denial of service.\n\n- CVE-2017-17863 (denial of service)\n\nIt has been discovered that kernel/bpf/verifier.c in the Linux kernel\nbefore 4.14.9 and 4.9.72 does not check the relationship between\npointer values and the BPF stack, which allows local users to cause a\ndenial of service (integer overflow or invalid memory access) or\npossibly have unspecified other impact.\n\n- CVE-2017-17864 (information disclosure)\n\nIt has been discovered that kernel/bpf/verifier.c in the Linux kernel\nbefore 4.14.9 and 4.9.73 mishandles states_equal comparisons between\nthe pointer data type and the UNKNOWN_VALUE data type, which allows\nlocal users to obtain potentially sensitive address information, aka a\n\"pointer leak.\"\n\n- CVE-2017-5754 (access restriction bypass)\n\nAn industry-wide issue was found in the way many modern microprocessor\ndesigns have implemented speculative execution of instructions (a\ncommonly used performance optimization).\nThis variant (\"Rogue Data Load\") relies on the fact that, on impacted\nmicroprocessors, during speculative execution of instruction permission\nfaults, exception generation triggered by a faulting access is\nsuppressed until the retirement of the whole instruction block. In a\ncombination with the fact that memory accesses may populate the cache\neven when the block is being dropped and never committed (executed), an\nunprivileged local attacker could use this flaw to read memory from\narbitrary addresses, including privileged (kernel space) and all other\nprocesses running on the system by conducting targeted cache side-\nchannel attacks.\n\n- CVE-2017-8824 (privilege escalation)\n\nA use-after-free vulnerability was found in DCCP socket code affecting\nthe Linux kernel since 2.6.16. The dccp_disconnect function in\nnet/dccp/proto.c allows local users to gain privileges or cause a\ndenial of service via an AF_UNSPEC connect system call during the\nDCCP_LISTEN state.\n\nImpact\n======\n\nA local unprivileged attacker is able to escalate privileges, crash the\nsystem, read memory from arbitrary addresses including from the kernel\nand all other processes running on the system or obtain sensitive\ninformation by sniffing an nlmon interface for all Netlink activity on\nthe system.\n\nReferences\n==========\n\nhttps://bugs.archlinux.org/task/56832\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=1454\nhttp://www.openwall.com/lists/oss-security/2017/12/21/2\nhttps://git.kernel.org/linus/95a762e2c8c942780948091f8f2a4f32fce1ac6f\nhttps://git.kernel.org/linus/0c17d1d2c61936401f4702e1846e2c19b200f958\nhttps://git.kernel.org/linus/93c647643b48f0131f02e45da3bd367d80443291\nhttps://github.com/google/syzkaller/blob/master/docs/linux/found_bugs_usb.md\nhttps://git.kernel.org/linus/48a4ff1c7bb5a32d2e396b03132d20d552c0eca7\nhttp://openwall.com/lists/oss-security/2017/12/12/7\nhttps://git.kernel.org/linus/8f659a03a0ba9289b9aeb9b4470e6fb263d6f483\nhttps://git.kernel.org/linus/ecaaab5649781c5a0effdaf298a925063020500e\nhttps://git.kernel.org/linus/af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1\nhttps://git.kernel.org/linus/468f6eafa6c44cb2c5d8aad35e12f06c240a812a\nhttps://git.kernel.org/linus/4374f256ce8182019353c0c639bb8d0695b4c941\nhttps://git.kernel.org/linus/bb7f0f989ca7de1153bd128a40a71709e339fa03\nhttps://git.kernel.org/linus/179d1c5602997fef5a940c6ddcf31212cbfebd14\nhttps://git.kernel.org/linus/a5ec6ae161d72f01411169a938fa5f8baea16e8f\nhttps://git.kernel.org/linus/ea25f914dc164c8d56b36147ecc86bc65f83c469\nhttps://git.kernel.org/linus/c131187db2d3fa2f8bf32fdf4e9a4ef805168467\nhttps://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=d75d3ee237cee9068022117e059b64bbab617f3d\nhttps://git.kernel.org/linus/de31796c052e47c99b1bb342bc70aa826733e862\nhttps://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=37435f7e80ef9adc32a69013c18f135e3f434244\nhttps://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html\nhttps://meltdownattack.com\nhttps://xenbits.xen.org/xsa/advisory-254.html\nhttp://blog.cyberus-technology.de/posts/2018-01-03-meltdown.html\nhttps://git.kernel.org/linus/5aa90a84589282b87666f92b6c3c917c8080a9bf\nhttps://git.kernel.org/linus/00a5ae218d57741088068799b810416ac249a9ce\nhttps://git.kernel.org/linus/69c64866ce072dea1d1e59a0d61e0f66c0dffb76\nhttps://security.archlinux.org/CVE-2017-16995\nhttps://security.archlinux.org/CVE-2017-16996\nhttps://security.archlinux.org/CVE-2017-17449\nhttps://security.archlinux.org/CVE-2017-17558\nhttps://security.archlinux.org/CVE-2017-17712\nhttps://security.archlinux.org/CVE-2017-17805\nhttps://security.archlinux.org/CVE-2017-17806\nhttps://security.archlinux.org/CVE-2017-17852\nhttps://security.archlinux.org/CVE-2017-17853\nhttps://security.archlinux.org/CVE-2017-17854\nhttps://security.archlinux.org/CVE-2017-17855\nhttps://security.archlinux.org/CVE-2017-17856\nhttps://security.archlinux.org/CVE-2017-17857\nhttps://security.archlinux.org/CVE-2017-17862\nhttps://security.archlinux.org/CVE-2017-17863\nhttps://security.archlinux.org/CVE-2017-17864\nhttps://security.archlinux.org/CVE-2017-5754\nhttps://security.archlinux.org/CVE-2017-8824", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-05T00:00:00", "type": "archlinux", "title": "[ASA-201801-1] linux: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16995", "CVE-2017-16996", "CVE-2017-17449", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17805", "CVE-2017-17806", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17856", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-5754", "CVE-2017-8824"], "modified": "2018-01-05T00:00:00", "id": "ASA-201801-1", "href": "https://security.archlinux.org/ASA-201801-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:34:05", "description": "Arch Linux Security Advisory ASA-201801-3\n=========================================\n\nSeverity: High\nDate : 2018-01-05\nCVE-ID : CVE-2017-16995 CVE-2017-16996 CVE-2017-17449 CVE-2017-17558\nCVE-2017-17712 CVE-2017-17805 CVE-2017-17806 CVE-2017-17852\nCVE-2017-17853 CVE-2017-17854 CVE-2017-17855 CVE-2017-17856\nCVE-2017-17857 CVE-2017-17862 CVE-2017-17863 CVE-2017-17864\nCVE-2017-5754 CVE-2017-8824\nPackage : linux-zen\nType : multiple issues\nRemote : No\nLink : https://security.archlinux.org/AVG-571\n\nSummary\n=======\n\nThe package linux-zen before version 4.14.11-1 is vulnerable to\nmultiple issues including access restriction bypass, denial of service,\nprivilege escalation and information disclosure.\n\nResolution\n==========\n\nUpgrade to 4.14.11-1.\n\n# pacman -Syu \"linux-zen>=4.14.11-1\"\n\nThe problems have been fixed upstream in version 4.14.11.\n\nWorkaround\n==========\n\nBPF related issues can be circumvented by disabling unprivileged BPF:\n\n sysctl -w kernel.unprivileged_bpf_disabled=1\n\nOn systems that do not already have the dccp module loaded,\nCVE-2017-8824 can be mitigated by disabling it:\n\n echo >> /etc/modprobe.d/disable-dccp.conf install dccp false\n\nDescription\n===========\n\n- CVE-2017-16995 (privilege escalation)\n\nAn arbitrary memory r/w access issue was found in the Linux kernel\nbefore 4.14.9, 4.9.72 compiled with the eBPF bpf(2) system call\n(CONFIG_BPF_SYSCALL) support. The issue could occur due to calculation\nerrors in the eBPF verifier module, triggered by user supplied\nmalicious BPF program. An unprivileged user could use this flaw to\nescalate their privileges on a system. Setting parameter\n\"kernel.unprivileged_bpf_disabled=1\" prevents such privilege escalation\nby restricting access to bpf(2) call.\n\n- CVE-2017-16996 (privilege escalation)\n\nAn arbitrary memory r/w access issue was found in the Linux kernel\nbefore 4.14.9 compiled with the eBPF bpf(2) system call\n(CONFIG_BPF_SYSCALL) support. The issue could occur due to calculation\nerrors in the eBPF verifier module, triggered by user supplied\nmalicious BPF program. An unprivileged user could use this flaw to\nescalate their privileges on a system. Setting parameter\n\"kernel.unprivileged_bpf_disabled=1\" prevents such privilege escalation\nby restricting access to bpf(2) call.\n\n- CVE-2017-17449 (information disclosure)\n\nThe __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in\nthe Linux kernel before 4.14.11, 4.9.74, 4.4.109, 3.18.91 and 3.16.52\nwhen CONFIG_NLMON is enabled, does not restrict observations of Netlink\nmessages to a single net namespace, which allows local users to obtain\nsensitive information by leveraging the CAP_NET_ADMIN capability to\nsniff an nlmon interface for all Netlink activity on the system.\n\n- CVE-2017-17558 (denial of service)\n\nThe usb_destroy_configuration function in drivers/usb/core/config.c in\nthe USB core subsystem in the Linux kernel before 4.14.8, 4.9.71,\n4.4.107, 3.18.89, 3.16.52 and 3.2.97 does not consider the maximum\nnumber of configurations and interfaces before attempting to release\nresources, which allows local users to cause a denial of service (out-\nof-bounds write access) or possibly have unspecified other impact via a\ncrafted USB device.\n\n- CVE-2017-17712 (privilege escalation)\n\nA flaw was found in the Linux kernel's implementation of raw_sendmsg\nbefore 4.14.11, 4.4.109 and 4.9.74 allowing a local attacker to panic\nthe kernel or possibly leak kernel addresses. A local attacker, with\nthe privilege of creating raw sockets, can abuse a possible race\ncondition when setting the socket option to allow the kernel to\nautomatically create ip header values and thus potentially escalate\ntheir privileges.\n\n- CVE-2017-17805 (denial of service)\n\nThe Salsa20 encryption algorithm in the Linux kernel before 4.14.8,\n4.9.71, 4.4.107, 3.18.89, 3.16.52 and 3.2.97 does not correctly handle\nzero-length inputs, allowing a local attacker able to use the AF_ALG-\nbased skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a\ndenial of service (uninitialized-memory free and kernel crash) or have\nunspecified other impact by executing a crafted sequence of system\ncalls that use the blkcipher_walk API. Both the generic implementation\n(crypto/salsa20_generic.c) and x86 implementation\n(arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable.\n\n- CVE-2017-17806 (denial of service)\n\nThe HMAC implementation (crypto/hmac.c) in the Linux kernel before\n4.14.8, 4.9.71, 4.4.107, 3.18.89, 3.16.52 and 3.2.97 does not validate\nthat the underlying cryptographic hash algorithm is unkeyed, allowing a\nlocal attacker able to use the AF_ALG-based hash interface\n(CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm\n(CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by\nexecuting a crafted sequence of system calls that encounter a missing\nSHA-3 initialization.\n\n- CVE-2017-17852 (denial of service)\n\nIt has been discovered that kernel/bpf/verifier.c in the Linux kernel\nbefore 4.14.9 allows local users to cause a denial of service (memory\ncorruption) or possibly have unspecified other impact by leveraging\nmishandling of 32-bit ALU ops.\n\n- CVE-2017-17853 (denial of service)\n\nIt has been discovered kernel/bpf/verifier.c in the Linux kernel before\n4.14.9 allows local users to cause a denial of service (memory\ncorruption) or possibly have unspecified other impact by leveraging\nincorrect BPF_RSH signed bounds calculations.\n\n- CVE-2017-17854 (denial of service)\n\nIt has been discovered that kernel/bpf/verifier.c in the Linux kernel\nbefore 4.14.9 allows local users to cause a denial of service (integer\noverflow and memory corruption) or possibly have unspecified other\nimpact by leveraging unrestricted integer values for pointer\narithmetic.\n\n- CVE-2017-17855 (denial of service)\n\nIt has been discovered that kernel/bpf/verifier.c in the Linux kernel\nbefore 4.14.9 allows local users to cause a denial of service (memory\ncorruption) or possibly have unspecified other impact by leveraging\nimproper use of pointers in place of scalars.\n\n- CVE-2017-17856 (denial of service)\n\nIt has been discovered that kernel/bpf/verifier.c in the Linux kernel\nbefore 4.14.9 allows local users to cause a denial of service (memory\ncorruption) or possibly have unspecified other impact by leveraging the\nlack of stack-pointer alignment enforcement.\n\n- CVE-2017-17857 (denial of service)\n\nThe check_stack_boundary function in kernel/bpf/verifier.c in the Linux\nkernel before 4.14.9 allows local users to cause a denial of service\n(memory corruption) or possibly have unspecified other impact by\nleveraging mishandling of invalid variable stack read operations.\n\n- CVE-2017-17862 (denial of service)\n\nIt has been discovered that kernel/bpf/verifier.c in the Linux kernel\nbefore 4.14.9 and 4.9.72 ignore unreachable code, even though it would\nstill be processed by JIT compilers. This behavior, also considered an\nimproper branch-pruning logic issue, could possibly be used by local\nusers for denial of service.\n\n- CVE-2017-17863 (denial of service)\n\nIt has been discovered that kernel/bpf/verifier.c in the Linux kernel\nbefore 4.14.9 and 4.9.72 does not check the relationship between\npointer values and the BPF stack, which allows local users to cause a\ndenial of service (integer overflow or invalid memory access) or\npossibly have unspecified other impact.\n\n- CVE-2017-17864 (information disclosure)\n\nIt has been discovered that kernel/bpf/verifier.c in the Linux kernel\nbefore 4.14.9 and 4.9.73 mishandles states_equal comparisons between\nthe pointer data type and the UNKNOWN_VALUE data type, which allows\nlocal users to obtain potentially sensitive address information, aka a\n\"pointer leak.\"\n\n- CVE-2017-5754 (access restriction bypass)\n\nAn industry-wide issue was found in the way many modern microprocessor\ndesigns have implemented speculative execution of instructions (a\ncommonly used performance optimization).\nThis variant (\"Rogue Data Load\") relies on the fact that, on impacted\nmicroprocessors, during speculative execution of instruction permission\nfaults, exception generation triggered by a faulting access is\nsuppressed until the retirement of the whole instruction block. In a\ncombination with the fact that memory accesses may populate the cache\neven when the block is being dropped and never committed (executed), an\nunprivileged local attacker could use this flaw to read memory from\narbitrary addresses, including privileged (kernel space) and all other\nprocesses running on the system by conducting targeted cache side-\nchannel attacks.\n\n- CVE-2017-8824 (privilege escalation)\n\nA use-after-free vulnerability was found in DCCP socket code affecting\nthe Linux kernel since 2.6.16. The dccp_disconnect function in\nnet/dccp/proto.c allows local users to gain privileges or cause a\ndenial of service via an AF_UNSPEC connect system call during the\nDCCP_LISTEN state.\n\nImpact\n======\n\nA local unprivileged attacker is able to escalate privileges, crash the\nsystem, read memory from arbitrary addresses including from the kernel\nand all other processes running on the system or obtain sensitive\ninformation by sniffing an nlmon interface for all Netlink activity on\nthe system.\n\nReferences\n==========\n\nhttps://bugs.archlinux.org/task/56832\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=1454\nhttp://www.openwall.com/lists/oss-security/2017/12/21/2\nhttps://git.kernel.org/linus/95a762e2c8c942780948091f8f2a4f32fce1ac6f\nhttps://git.kernel.org/linus/0c17d1d2c61936401f4702e1846e2c19b200f958\nhttps://git.kernel.org/linus/93c647643b48f0131f02e45da3bd367d80443291\nhttps://github.com/google/syzkaller/blob/master/docs/linux/found_bugs_usb.md\nhttps://git.kernel.org/linus/48a4ff1c7bb5a32d2e396b03132d20d552c0eca7\nhttp://openwall.com/lists/oss-security/2017/12/12/7\nhttps://git.kernel.org/linus/8f659a03a0ba9289b9aeb9b4470e6fb263d6f483\nhttps://git.kernel.org/linus/ecaaab5649781c5a0effdaf298a925063020500e\nhttps://git.kernel.org/linus/af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1\nhttps://git.kernel.org/linus/468f6eafa6c44cb2c5d8aad35e12f06c240a812a\nhttps://git.kernel.org/linus/4374f256ce8182019353c0c639bb8d0695b4c941\nhttps://git.kernel.org/linus/bb7f0f989ca7de1153bd128a40a71709e339fa03\nhttps://git.kernel.org/linus/179d1c5602997fef5a940c6ddcf31212cbfebd14\nhttps://git.kernel.org/linus/a5ec6ae161d72f01411169a938fa5f8baea16e8f\nhttps://git.kernel.org/linus/ea25f914dc164c8d56b36147ecc86bc65f83c469\nhttps://git.kernel.org/linus/c131187db2d3fa2f8bf32fdf4e9a4ef805168467\nhttps://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=d75d3ee237cee9068022117e059b64bbab617f3d\nhttps://git.kernel.org/linus/de31796c052e47c99b1bb342bc70aa826733e862\nhttps://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=37435f7e80ef9adc32a69013c18f135e3f434244\nhttps://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html\nhttps://meltdownattack.com\nhttps://xenbits.xen.org/xsa/advisory-254.html\nhttp://blog.cyberus-technology.de/posts/2018-01-03-meltdown.html\nhttps://git.kernel.org/linus/5aa90a84589282b87666f92b6c3c917c8080a9bf\nhttps://git.kernel.org/linus/00a5ae218d57741088068799b810416ac249a9ce\nhttps://git.kernel.org/linus/69c64866ce072dea1d1e59a0d61e0f66c0dffb76\nhttps://security.archlinux.org/CVE-2017-16995\nhttps://security.archlinux.org/CVE-2017-16996\nhttps://security.archlinux.org/CVE-2017-17449\nhttps://security.archlinux.org/CVE-2017-17558\nhttps://security.archlinux.org/CVE-2017-17712\nhttps://security.archlinux.org/CVE-2017-17805\nhttps://security.archlinux.org/CVE-2017-17806\nhttps://security.archlinux.org/CVE-2017-17852\nhttps://security.archlinux.org/CVE-2017-17853\nhttps://security.archlinux.org/CVE-2017-17854\nhttps://security.archlinux.org/CVE-2017-17855\nhttps://security.archlinux.org/CVE-2017-17856\nhttps://security.archlinux.org/CVE-2017-17857\nhttps://security.archlinux.org/CVE-2017-17862\nhttps://security.archlinux.org/CVE-2017-17863\nhttps://security.archlinux.org/CVE-2017-17864\nhttps://security.archlinux.org/CVE-2017-5754\nhttps://security.archlinux.org/CVE-2017-8824", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-05T00:00:00", "type": "archlinux", "title": "[ASA-201801-3] linux-zen: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16995", "CVE-2017-16996", "CVE-2017-17449", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17805", "CVE-2017-17806", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17856", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-5754", "CVE-2017-8824"], "modified": "2018-01-05T00:00:00", "id": "ASA-201801-3", "href": "https://security.archlinux.org/ASA-201801-3", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:34:05", "description": "Arch Linux Security Advisory ASA-201801-4\n=========================================\n\nSeverity: High\nDate : 2018-01-05\nCVE-ID : CVE-2017-16995 CVE-2017-16996 CVE-2017-17448 CVE-2017-17449\nCVE-2017-17450 CVE-2017-17558 CVE-2017-17712 CVE-2017-17741\nCVE-2017-17805 CVE-2017-17806 CVE-2017-17852 CVE-2017-17853\nCVE-2017-17854 CVE-2017-17855 CVE-2017-17856 CVE-2017-17857\nCVE-2017-17862 CVE-2017-17863 CVE-2017-17864 CVE-2017-5754\nCVE-2017-8824\nPackage : linux-hardened\nType : multiple issues\nRemote : No\nLink : https://security.archlinux.org/AVG-574\n\nSummary\n=======\n\nThe package linux-hardened before version 4.14.11.a-1 is vulnerable to\nmultiple issues including access restriction bypass, denial of service,\nprivilege escalation and information disclosure.\n\nResolution\n==========\n\nUpgrade to 4.14.11.a-1.\n\n# pacman -Syu \"linux-hardened>=4.14.11.a-1\"\n\nThe problems have been fixed upstream in version 4.14.11.a.\n\nWorkaround\n==========\n\nBPF related issues can be circumvented by disabling unprivileged BPF:\n\n sysctl -w kernel.unprivileged_bpf_disabled=1\n\nOn systems that do not already have the dccp module loaded,\nCVE-2017-8824 can be mitigated by disabling it:\n\n echo >> /etc/modprobe.d/disable-dccp.conf install dccp false\n\nDescription\n===========\n\n- CVE-2017-16995 (privilege escalation)\n\nAn arbitrary memory r/w access issue was found in the Linux kernel\nbefore 4.14.9, 4.9.72 compiled with the eBPF bpf(2) system call\n(CONFIG_BPF_SYSCALL) support. The issue could occur due to calculation\nerrors in the eBPF verifier module, triggered by user supplied\nmalicious BPF program. An unprivileged user could use this flaw to\nescalate their privileges on a system. Setting parameter\n\"kernel.unprivileged_bpf_disabled=1\" prevents such privilege escalation\nby restricting access to bpf(2) call.\n\n- CVE-2017-16996 (privilege escalation)\n\nAn arbitrary memory r/w access issue was found in the Linux kernel\nbefore 4.14.9 compiled with the eBPF bpf(2) system call\n(CONFIG_BPF_SYSCALL) support. The issue could occur due to calculation\nerrors in the eBPF verifier module, triggered by user supplied\nmalicious BPF program. An unprivileged user could use this flaw to\nescalate their privileges on a system. Setting parameter\n\"kernel.unprivileged_bpf_disabled=1\" prevents such privilege escalation\nby restricting access to bpf(2) call.\n\n- CVE-2017-17448 (access restriction bypass)\n\nIt has been discovered that net/netfilter/nfnetlink_cthelper.c in the\nLinux kernel through 4.14.4 does not require the CAP_NET_ADMIN\ncapability for new, get, and del operations, which allows local users\nto bypass intended access restrictions because the nfnl_cthelper_list\ndata structure is shared across all net namespaces.\n\n- CVE-2017-17449 (information disclosure)\n\nThe __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in\nthe Linux kernel before 4.14.11, 4.9.74, 4.4.109, 3.18.91 and 3.16.52\nwhen CONFIG_NLMON is enabled, does not restrict observations of Netlink\nmessages to a single net namespace, which allows local users to obtain\nsensitive information by leveraging the CAP_NET_ADMIN capability to\nsniff an nlmon interface for all Netlink activity on the system.\n\n- CVE-2017-17450 (access restriction bypass)\n\nIt has been discovered that net/netfilter/xt_osf.c in the Linux kernel\nthrough 4.14.4 does not require the CAP_NET_ADMIN capability for\nadd_callback and remove_callback operations, which allows local users\nto bypass intended access restrictions because the xt_osf_fingers data\nstructure is shared across all net namespaces.\n\n- CVE-2017-17558 (denial of service)\n\nThe usb_destroy_configuration function in drivers/usb/core/config.c in\nthe USB core subsystem in the Linux kernel before 4.14.8, 4.9.71,\n4.4.107, 3.18.89, 3.16.52 and 3.2.97 does not consider the maximum\nnumber of configurations and interfaces before attempting to release\nresources, which allows local users to cause a denial of service (out-\nof-bounds write access) or possibly have unspecified other impact via a\ncrafted USB device.\n\n- CVE-2017-17712 (privilege escalation)\n\nA flaw was found in the Linux kernel's implementation of raw_sendmsg\nbefore 4.14.11, 4.4.109 and 4.9.74 allowing a local attacker to panic\nthe kernel or possibly leak kernel addresses. A local attacker, with\nthe privilege of creating raw sockets, can abuse a possible race\ncondition when setting the socket option to allow the kernel to\nautomatically create ip header values and thus potentially escalate\ntheir privileges.\n\n- CVE-2017-17741 (information disclosure)\n\nThe KVM implementation in the Linux kernel through 4.14.7 allows\nattackers to obtain potentially sensitive information from kernel\nmemory, aka a write_mmio stack-based out-of-bounds read, related to\narch/x86/kvm/x86.c and include/trace/events/kvm.h.\n\n- CVE-2017-17805 (denial of service)\n\nThe Salsa20 encryption algorithm in the Linux kernel before 4.14.8,\n4.9.71, 4.4.107, 3.18.89, 3.16.52 and 3.2.97 does not correctly handle\nzero-length inputs, allowing a local attacker able to use the AF_ALG-\nbased skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a\ndenial of service (uninitialized-memory free and kernel crash) or have\nunspecified other impact by executing a crafted sequence of system\ncalls that use the blkcipher_walk API. Both the generic implementation\n(crypto/salsa20_generic.c) and x86 implementation\n(arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable.\n\n- CVE-2017-17806 (denial of service)\n\nThe HMAC implementation (crypto/hmac.c) in the Linux kernel before\n4.14.8, 4.9.71, 4.4.107, 3.18.89, 3.16.52 and 3.2.97 does not validate\nthat the underlying cryptographic hash algorithm is unkeyed, allowing a\nlocal attacker able to use the AF_ALG-based hash interface\n(CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm\n(CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by\nexecuting a crafted sequence of system calls that encounter a missing\nSHA-3 initialization.\n\n- CVE-2017-17852 (denial of service)\n\nIt has been discovered that kernel/bpf/verifier.c in the Linux kernel\nbefore 4.14.9 allows local users to cause a denial of service (memory\ncorruption) or possibly have unspecified other impact by leveraging\nmishandling of 32-bit ALU ops.\n\n- CVE-2017-17853 (denial of service)\n\nIt has been discovered kernel/bpf/verifier.c in the Linux kernel before\n4.14.9 allows local users to cause a denial of service (memory\ncorruption) or possibly have unspecified other impact by leveraging\nincorrect BPF_RSH signed bounds calculations.\n\n- CVE-2017-17854 (denial of service)\n\nIt has been discovered that kernel/bpf/verifier.c in the Linux kernel\nbefore 4.14.9 allows local users to cause a denial of service (integer\noverflow and memory corruption) or possibly have unspecified other\nimpact by leveraging unrestricted integer values for pointer\narithmetic.\n\n- CVE-2017-17855 (denial of service)\n\nIt has been discovered that kernel/bpf/verifier.c in the Linux kernel\nbefore 4.14.9 allows local users to cause a denial of service (memory\ncorruption) or possibly have unspecified other impact by leveraging\nimproper use of pointers in place of scalars.\n\n- CVE-2017-17856 (denial of service)\n\nIt has been discovered that kernel/bpf/verifier.c in the Linux kernel\nbefore 4.14.9 allows local users to cause a denial of service (memory\ncorruption) or possibly have unspecified other impact by leveraging the\nlack of stack-pointer alignment enforcement.\n\n- CVE-2017-17857 (denial of service)\n\nThe check_stack_boundary function in kernel/bpf/verifier.c in the Linux\nkernel before 4.14.9 allows local users to cause a denial of service\n(memory corruption) or possibly have unspecified other impact by\nleveraging mishandling of invalid variable stack read operations.\n\n- CVE-2017-17862 (denial of service)\n\nIt has been discovered that kernel/bpf/verifier.c in the Linux kernel\nbefore 4.14.9 and 4.9.72 ignore unreachable code, even though it would\nstill be processed by JIT compilers. This behavior, also considered an\nimproper branch-pruning logic issue, could possibly be used by local\nusers for denial of service.\n\n- CVE-2017-17863 (denial of service)\n\nIt has been discovered that kernel/bpf/verifier.c in the Linux kernel\nbefore 4.14.9 and 4.9.72 does not check the relationship between\npointer values and the BPF stack, which allows local users to cause a\ndenial of service (integer overflow or invalid memory access) or\npossibly have unspecified other impact.\n\n- CVE-2017-17864 (information disclosure)\n\nIt has been discovered that kernel/bpf/verifier.c in the Linux kernel\nbefore 4.14.9 and 4.9.73 mishandles states_equal comparisons between\nthe pointer data type and the UNKNOWN_VALUE data type, which allows\nlocal users to obtain potentially sensitive address information, aka a\n\"pointer leak.\"\n\n- CVE-2017-5754 (access restriction bypass)\n\nAn industry-wide issue was found in the way many modern microprocessor\ndesigns have implemented speculative execution of instructions (a\ncommonly used performance optimization).\nThis variant (\"Rogue Data Load\") relies on the fact that, on impacted\nmicroprocessors, during speculative execution of instruction permission\nfaults, exception generation triggered by a faulting access is\nsuppressed until the retirement of the whole instruction block. In a\ncombination with the fact that memory accesses may populate the cache\neven when the block is being dropped and never committed (executed), an\nunprivileged local attacker could use this flaw to read memory from\narbitrary addresses, including privileged (kernel space) and all other\nprocesses running on the system by conducting targeted cache side-\nchannel attacks.\n\n- CVE-2017-8824 (privilege escalation)\n\nA use-after-free vulnerability was found in DCCP socket code affecting\nthe Linux kernel since 2.6.16. The dccp_disconnect function in\nnet/dccp/proto.c allows local users to gain privileges or cause a\ndenial of service via an AF_UNSPEC connect system call during the\nDCCP_LISTEN state.\n\nImpact\n======\n\nA local unprivileged attacker is able to escalate privileges, crash the\nsystem, read memory from arbitrary addresses including from the kernel\nand all other processes running on the system or obtain sensitive\ninformation by sniffing an nlmon interface for all Netlink activity on\nthe system.\n\nReferences\n==========\n\nhttps://bugs.archlinux.org/task/56832\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=1454\nhttp://www.openwall.com/lists/oss-security/2017/12/21/2\nhttps://git.kernel.org/linus/95a762e2c8c942780948091f8f2a4f32fce1ac6f\nhttps://git.kernel.org/linus/0c17d1d2c61936401f4702e1846e2c19b200f958\nhttps://git.kernel.org/linus/4b380c42f7d00a395feede754f0bc2292eebe6e5\nhttps://git.kernel.org/linus/93c647643b48f0131f02e45da3bd367d80443291\nhttps://git.kernel.org/linus/916a27901de01446bcf57ecca4783f6cff493309\nhttps://github.com/google/syzkaller/blob/master/docs/linux/found_bugs_usb.md\nhttps://git.kernel.org/linus/48a4ff1c7bb5a32d2e396b03132d20d552c0eca7\nhttp://openwall.com/lists/oss-security/2017/12/12/7\nhttps://git.kernel.org/linus/8f659a03a0ba9289b9aeb9b4470e6fb263d6f483\nhttps://git.kernel.org/linus/e39d200fa5bf5b94a0948db0dae44c1b73b84a56\nhttps://git.kernel.org/linus/ecaaab5649781c5a0effdaf298a925063020500e\nhttps://git.kernel.org/linus/af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1\nhttps://git.kernel.org/linus/468f6eafa6c44cb2c5d8aad35e12f06c240a812a\nhttps://git.kernel.org/linus/4374f256ce8182019353c0c639bb8d0695b4c941\nhttps://git.kernel.org/linus/bb7f0f989ca7de1153bd128a40a71709e339fa03\nhttps://git.kernel.org/linus/179d1c5602997fef5a940c6ddcf31212cbfebd14\nhttps://git.kernel.org/linus/a5ec6ae161d72f01411169a938fa5f8baea16e8f\nhttps://git.kernel.org/linus/ea25f914dc164c8d56b36147ecc86bc65f83c469\nhttps://git.kernel.org/linus/c131187db2d3fa2f8bf32fdf4e9a4ef805168467\nhttps://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=d75d3ee237cee9068022117e059b64bbab617f3d\nhttps://git.kernel.org/linus/de31796c052e47c99b1bb342bc70aa826733e862\nhttps://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=37435f7e80ef9adc32a69013c18f135e3f434244\nhttps://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html\nhttps://meltdownattack.com\nhttps://xenbits.xen.org/xsa/advisory-254.html\nhttp://blog.cyberus-technology.de/posts/2018-01-03-meltdown.html\nhttps://git.kernel.org/linus/5aa90a84589282b87666f92b6c3c917c8080a9bf\nhttps://git.kernel.org/linus/00a5ae218d57741088068799b810416ac249a9ce\nhttps://git.kernel.org/linus/69c64866ce072dea1d1e59a0d61e0f66c0dffb76\nhttps://security.archlinux.org/CVE-2017-16995\nhttps://security.archlinux.org/CVE-2017-16996\nhttps://security.archlinux.org/CVE-2017-17448\nhttps://security.archlinux.org/CVE-2017-17449\nhttps://security.archlinux.org/CVE-2017-17450\nhttps://security.archlinux.org/CVE-2017-17558\nhttps://security.archlinux.org/CVE-2017-17712\nhttps://security.archlinux.org/CVE-2017-17741\nhttps://security.archlinux.org/CVE-2017-17805\nhttps://security.archlinux.org/CVE-2017-17806\nhttps://security.archlinux.org/CVE-2017-17852\nhttps://security.archlinux.org/CVE-2017-17853\nhttps://security.archlinux.org/CVE-2017-17854\nhttps://security.archlinux.org/CVE-2017-17855\nhttps://security.archlinux.org/CVE-2017-17856\nhttps://security.archlinux.org/CVE-2017-17857\nhttps://security.archlinux.org/CVE-2017-17862\nhttps://security.archlinux.org/CVE-2017-17863\nhttps://security.archlinux.org/CVE-2017-17864\nhttps://security.archlinux.org/CVE-2017-5754\nhttps://security.archlinux.org/CVE-2017-8824", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-05T00:00:00", "type": "archlinux", "title": "[ASA-201801-4] linux-hardened: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16995", "CVE-2017-16996", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17805", "CVE-2017-17806", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17856", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-5754", "CVE-2017-8824"], "modified": "2018-01-05T00:00:00", "id": "ASA-201801-4", "href": "https://security.archlinux.org/ASA-201801-4", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "This kernel-linus update provides an upgrade to the 4.14 longterm branch, currently based on 4.14.10. It also fixes at least the following security issues: An elevation of privilege vulnerability in the Broadcom wi-fi driver (CVE-2017-0786). Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors (CVE-2017-0861). Linux kernel built with the Kernel-based Virtual Machine(CONFIG_KVM) support is vulnerable to an incorrect debug exception(#DB) error. It could occur while emulating a syscall instruction. A user/process inside guest could use this flaw to potentially escalate their privileges inside guest. Linux guests are not affected.(CVE-2017-7518). arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service (incorrect index during page walking, and host OS crash), aka an \"MMU potential stack buffer overrun\" (CVE-2017-12188). The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition (CVE-2017-12190). The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.13.11 mishandles node splitting, which allows local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations (CVE-2017-12193). Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (CVE-2017-13080). The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls (CVE-2017-15115). Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c (CVE-2017-15265) The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call (CVE-2017-15299). The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (CVE-2017-16939). The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call (CVE-2017-16994). The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect sign extension (CVE-2017-16995). kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging register truncation mishandling (CVE-2017-16996). kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of 32-bit ALU ops (CVE-2017-17852). kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect BPF_RSH signed bounds calculations (CVE-2017-17853). kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (integer overflow and memory corruption) or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic (CVE-2017-17854). kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging improper use of pointers in place of scalars (CVE-2017-17855). kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the lack of stack-pointer alignment enforcement (CVE-2017-17856). The check_stack_boundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of invalid variable stack read operations (CVE-2017-17857). kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service (CVE-2017-17862). kernel/bpf/verifier.c in the Linux kernel 4.9.x through 4.9.71 does not check the relationship between pointer values and the BPF stack, which allows local users to cause a denial of service (integer overflow or invalid memory access) or possibly have unspecified other impact (CVE-2017-17863). kernel/bpf/verifier.c in the Linux kernel before 4.14 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentially sensitive address information, aka a \"pointer leak\" (CVE-2017-17864). The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE)(CVE-2017-18344). The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic (CVE-2017-1000407). For other changes in this update, read the referenced changelogs. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-01-06T00:53:31", "type": "mageia", "title": "kernel-linus update provides 4.14 series and fixes security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0786", "CVE-2017-0861", "CVE-2017-1000407", "CVE-2017-12188", "CVE-2017-12190", "CVE-2017-12193", "CVE-2017-13080", "CVE-2017-15115", "CVE-2017-15265", "CVE-2017-15299", "CVE-2017-16939", "CVE-2017-16994", "CVE-2017-16995", "CVE-2017-16996", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17856", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18344", "CVE-2017-7518"], "modified": "2018-01-06T00:53:31", "id": "MGASA-2018-0064", "href": "https://advisories.mageia.org/MGASA-2018-0064.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-18T11:19:34", "description": "This kernel-tmb update provides an upgrade to the 4.14 longterm branch, currently based on 4.14.10. It also fixes at least the following security issues: An elevation of privilege vulnerability in the Broadcom wi-fi driver (CVE-2017-0786). Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors (CVE-2017-0861). Linux kernel built with the Kernel-based Virtual Machine(CONFIG_KVM) support is vulnerable to an incorrect debug exception(#DB) error. It could occur while emulating a syscall instruction. A user/process inside guest could use this flaw to potentially escalate their privileges inside guest. Linux guests are not affected.(CVE-2017-7518). arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service (incorrect index during page walking, and host OS crash), aka an \"MMU potential stack buffer overrun\" (CVE-2017-12188). The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition (CVE-2017-12190). The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.13.11 mishandles node splitting, which allows local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations (CVE-2017-12193). Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (CVE-2017-13080). The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls (CVE-2017-15115). Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c (CVE-2017-15265) The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call (CVE-2017-15299). The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (CVE-2017-16939). The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call (CVE-2017-16994). The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect sign extension (CVE-2017-16995). kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging register truncation mishandling (CVE-2017-16996). The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h (CVE-2017-17741). kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of 32-bit ALU ops (CVE-2017-17852). kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect BPF_RSH signed bounds calculations (CVE-2017-17853). kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (integer overflow and memory corruption) or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic (CVE-2017-17854). kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging improper use of pointers in place of scalars (CVE-2017-17855). kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the lack of stack-pointer alignment enforcement (CVE-2017-17856). The check_stack_boundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of invalid variable stack read operations (CVE-2017-17857). kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service (CVE-2017-17862). kernel/bpf/verifier.c in the Linux kernel 4.9.x through 4.9.71 does not check the relationship between pointer values and the BPF stack, which allows local users to cause a denial of service (integer overflow or invalid memory access) or possibly have unspecified other impact (CVE-2017-17863). kernel/bpf/verifier.c in the Linux kernel before 4.14 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentially sensitive address information, aka a \"pointer leak\" (CVE-2017-17864). The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE)(CVE-2017-18344). The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic (CVE-2017-1000407). This update also adds support for WireGuard VPN. For other changes in this update, read the referenced changelogs. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-01-06T00:53:31", "type": "mageia", "title": "kernel-tmb update provides 4.14 series and fixes security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0786", "CVE-2017-0861", "CVE-2017-1000407", "CVE-2017-12188", "CVE-2017-12190", "CVE-2017-12193", "CVE-2017-13080", "CVE-2017-15115", "CVE-2017-15265", "CVE-2017-15299", "CVE-2017-16939", "CVE-2017-16994", "CVE-2017-16995", "CVE-2017-16996", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17856", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18344", "CVE-2017-7518"], "modified": "2018-01-06T00:53:31", "id": "MGASA-2018-0063", "href": "https://advisories.mageia.org/MGASA-2018-0063.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-18T11:19:34", "description": "This kernel update provides an upgrade to the 4.14 longterm branch, currently based on 4.14.10. It also fixes at least the following security issues: An elevation of privilege vulnerability in the Broadcom wi-fi driver (CVE-2017-0786). Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors (CVE-2017-0861). Linux kernel built with the Kernel-based Virtual Machine(CONFIG_KVM) support is vulnerable to an incorrect debug exception(#DB) error. It could occur while emulating a syscall instruction. A user/process inside guest could use this flaw to potentially escalate their privileges inside guest. Linux guests are not affected.(CVE-2017-7518). arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service (incorrect index during page walking, and host OS crash), aka an \"MMU potential stack buffer overrun\" (CVE-2017-12188). The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition (CVE-2017-12190). The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.13.11 mishandles node splitting, which allows local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations (CVE-2017-12193). Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (CVE-2017-13080). The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls (CVE-2017-15115). Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c (CVE-2017-15265) The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call (CVE-2017-15299). The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (CVE-2017-16939). The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call (CVE-2017-16994). The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect sign extension (CVE-2017-16995). kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging register truncation mishandling (CVE-2017-16996). The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h (CVE-2017-17741). kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of 32-bit ALU ops (CVE-2017-17852). kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect BPF_RSH signed bounds calculations (CVE-2017-17853). kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (integer overflow and memory corruption) or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic (CVE-2017-17854). kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging improper use of pointers in place of scalars (CVE-2017-17855). kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the lack of stack-pointer alignment enforcement (CVE-2017-17856). The check_stack_boundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of invalid variable stack read operations (CVE-2017-17857). kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service (CVE-2017-17862). kernel/bpf/verifier.c in the Linux kernel 4.9.x through 4.9.71 does not check the relationship between pointer values and the BPF stack, which allows local users to cause a denial of service (integer overflow or invalid memory access) or possibly have unspecified other impact (CVE-2017-17863). kernel/bpf/verifier.c in the Linux kernel before 4.14 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentially sensitive address information, aka a \"pointer leak\" (CVE-2017-17864). The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE)(CVE-2017-18344). The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic (CVE-2017-1000407). This update also adds support for WireGuard VPN. For other changes in this update, read the referenced changelogs. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-01-06T00:53:31", "type": "mageia", "title": "kernel update provides 4.14 series and fixes security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0786", "CVE-2017-0861", "CVE-2017-1000407", "CVE-2017-12188", "CVE-2017-12190", "CVE-2017-12193", "CVE-2017-13080", "CVE-2017-15115", "CVE-2017-15265", "CVE-2017-15299", "CVE-2017-16939", "CVE-2017-16994", "CVE-2017-16995", "CVE-2017-16996", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17856", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18344", "CVE-2017-7518"], "modified": "2018-01-06T00:53:31", "id": "MGASA-2018-0062", "href": "https://advisories.mageia.org/MGASA-2018-0062.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}