DATABASE RESOURCES PRICING ABOUT US

{"id": "FEDORA:49E0B60427EC", "vendorId": null, "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 28 Update: kernel-tools-5.0.6-100.fc28", "description": "This package contains the tools/ directory from the kernel source and the supporting documentation. ", "published": "2019-04-09T01:14:29", "modified": "2019-04-09T01:14:29", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/NXLZ2V2ES37A3J7DMK4MZYIWV2LEZFLM/", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2019-3882", "CVE-2019-9857"], "immutableFields": [], "lastseen": "2021-07-28T14:46:50", "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2019-1214", "ALAS2-2019-1214"]}, {"type": "centos", "idList": ["CESA-2019:2029"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:02669B806A06D41B24DA398CE2D4EEFD", "CFOUNDRY:87EED6F38C9114A077795F94CEE1CCD3"]}, {"type": "cve", "idList": ["CVE-2019-3882", "CVE-2019-9857"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1799-1:F9D71", "DEBIAN:DLA-1799-2:074DF", "DEBIAN:DLA-1885-1:84558", "DEBIAN:DSA-4497-1:7E46B", "DEBIAN:DSA-4497-1:F2AF4"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-3882", "DEBIANCVE:CVE-2019-9857"]}, {"type": "fedora", "idList": ["FEDORA:01C936061569", "FEDORA:041196190421", "FEDORA:04868606351B", "FEDORA:1CAC0608E6F2", "FEDORA:229FE60419B9", "FEDORA:2836F613193B", "FEDORA:2E40E608A4A7", "FEDORA:3266960F0E44", "FEDORA:3C394606D98F", "FEDORA:4CEF5610D7CA", "FEDORA:4CF35608BFEA", "FEDORA:506B2608A4A8", "FEDORA:511986124F82", "FEDORA:511A7608E6E1", "FEDORA:5A4D662AE22C", "FEDORA:690DE6022BA8", "FEDORA:6B6B360567FC", "FEDORA:6DBD2608A4A4", "FEDORA:6E67663233DB", "FEDORA:79EAC605FC25", "FEDORA:85FBF6076011", "FEDORA:89C9C6051B3A", "FEDORA:98E8F6079A11", "FEDORA:B87B460876BA", "FEDORA:BBFE360460D0", "FEDORA:C4D496071279", "FEDORA:C6AF860C4240", "FEDORA:D33DD608BFFE", "FEDORA:E37FD60924F1"]}, {"type": "ibm", "idList": ["4BB2759DF5CBB6BF54A7D60BF1046942C755D661255DAAC4EF3C0614D1A3AF9A", "50C920019EA35B3C7B3BDE4B077C4837CC00CEC4BA86B844DA559CD59AF45627"]}, {"type": "nessus", "idList": ["AL2_ALAS-2019-1214.NASL", "ALA_ALAS-2019-1214.NASL", "CENTOS8_RHSA-2019-3517.NASL", "CENTOS_RHSA-2019-2029.NASL", "DEBIAN_DLA-1799.NASL", "DEBIAN_DLA-1885.NASL", "DEBIAN_DSA-4497.NASL", "EULEROS_SA-2019-1535.NASL", "EULEROS_SA-2019-1636.NASL", "EULEROS_SA-2019-2274.NASL", "EULEROS_SA-2019-2353.NASL", "EULEROS_SA-2020-1186.NASL", "EULEROS_SA-2020-1269.NASL", "FEDORA_2019-65C6D11EBA.NASL", "FEDORA_2019-961CDA41F0.NASL", "FEDORA_2019-BE9ADD5B77.NASL", "NEWSTART_CGSL_NS-SA-2019-0180_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0183_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0247_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0253_KERNEL-RT.NASL", "OPENSUSE-2019-1404.NASL", "OPENSUSE-2019-1407.NASL", "OPENSUSE-2019-1479.NASL", "PHOTONOS_PHSA-2019-3_0-0015_LINUX.NASL", "REDHAT-RHSA-2019-2029.NASL", "REDHAT-RHSA-2019-2043.NASL", "REDHAT-RHSA-2019-3309.NASL", "REDHAT-RHSA-2019-3517.NASL", "SLACKWARE_SSA_2019-169-01.NASL", "SL_20190806_KERNEL_ON_SL7_X.NASL", "SUSE_SU-2019-1242-1.NASL", "SUSE_SU-2019-1287-1.NASL", "SUSE_SU-2019-1289-1.NASL", "SUSE_SU-2019-1550-1.NASL", "SUSE_SU-2019-2430-1.NASL", "UBUNTU_USN-3979-1.NASL", "UBUNTU_USN-3980-1.NASL", "UBUNTU_USN-3980-2.NASL", "UBUNTU_USN-3981-1.NASL", "UBUNTU_USN-3981-2.NASL", "UBUNTU_USN-3982-1.NASL", "UBUNTU_USN-3982-2.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704497", "OPENVAS:1361412562310844004", "OPENVAS:1361412562310844006", "OPENVAS:1361412562310844008", "OPENVAS:1361412562310844009", "OPENVAS:1361412562310844010", "OPENVAS:1361412562310844012", "OPENVAS:1361412562310852503", "OPENVAS:1361412562310852506", "OPENVAS:1361412562310852870", "OPENVAS:1361412562310875558", "OPENVAS:1361412562310875559", "OPENVAS:1361412562310875560", "OPENVAS:1361412562310875566", "OPENVAS:1361412562310875577", "OPENVAS:1361412562310875629", "OPENVAS:1361412562310875681", "OPENVAS:1361412562310875786", "OPENVAS:1361412562310876038", "OPENVAS:1361412562310876049", "OPENVAS:1361412562310876089", "OPENVAS:1361412562310876322", "OPENVAS:1361412562310876361", "OPENVAS:1361412562310876377", "OPENVAS:1361412562310876423", "OPENVAS:1361412562310876445", "OPENVAS:1361412562310876479", "OPENVAS:1361412562310876510", "OPENVAS:1361412562310876555", "OPENVAS:1361412562310876586", "OPENVAS:1361412562310876621", "OPENVAS:1361412562310876666", "OPENVAS:1361412562310876750", "OPENVAS:1361412562310876869", "OPENVAS:1361412562310876943", "OPENVAS:1361412562310876995", "OPENVAS:1361412562310891799", "OPENVAS:1361412562310891885", "OPENVAS:1361412562311220191535", "OPENVAS:1361412562311220191636", "OPENVAS:1361412562311220192274", "OPENVAS:1361412562311220192353", "OPENVAS:1361412562311220201186", "OPENVAS:1361412562311220201269"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-2029", "ELSA-2019-3517"]}, {"type": "photon", "idList": ["PHSA-2019-0015", "PHSA-2019-0160", "PHSA-2019-0236", "PHSA-2019-1.0-0236", "PHSA-2019-3.0-0015"]}, {"type": "redhat", "idList": ["RHSA-2019:2029", "RHSA-2019:2043", "RHSA-2019:3309", "RHSA-2019:3517"]}, {"type": "slackware", "idList": ["SSA-2019-169-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1404-1", "OPENSUSE-SU-2019:1407-1", "OPENSUSE-SU-2019:1479-1"]}, {"type": "ubuntu", "idList": ["USN-3979-1", "USN-3980-1", "USN-3980-2", "USN-3981-1", "USN-3981-2", "USN-3982-1", "USN-3982-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-3882", "UB:CVE-2019-9857"]}], "rev": 4}, "score": {"value": 6.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2019-1214"]}, {"type": "centos", "idList": ["CESA-2019:2029"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:02669B806A06D41B24DA398CE2D4EEFD", "CFOUNDRY:87EED6F38C9114A077795F94CEE1CCD3"]}, {"type": "cve", "idList": ["CVE-2019-3882", "CVE-2019-9857"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1799-1:F9D71", "DEBIAN:DLA-1799-2:074DF", "DEBIAN:DLA-1885-1:84558", "DEBIAN:DSA-4497-1:7E46B"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-3882", "DEBIANCVE:CVE-2019-9857"]}, {"type": "fedora", "idList": ["FEDORA:01C936061569", "FEDORA:229FE60419B9", "FEDORA:2E40E608A4A7", "FEDORA:3266960F0E44", "FEDORA:4CF35608BFEA", "FEDORA:506B2608A4A8", "FEDORA:6B6B360567FC", "FEDORA:6DBD2608A4A4", "FEDORA:BBFE360460D0", "FEDORA:D33DD608BFFE"]}, {"type": "ibm", "idList": ["50C920019EA35B3C7B3BDE4B077C4837CC00CEC4BA86B844DA559CD59AF45627"]}, {"type": "nessus", "idList": ["AL2_ALAS-2019-1214.NASL", "ALA_ALAS-2019-1214.NASL", "CENTOS_RHSA-2019-2029.NASL", "DEBIAN_DLA-1799.NASL", "DEBIAN_DLA-1885.NASL", "DEBIAN_DSA-4497.NASL", "EULEROS_SA-2019-1636.NASL", "FEDORA_2019-65C6D11EBA.NASL", "FEDORA_2019-961CDA41F0.NASL", "FEDORA_2019-BE9ADD5B77.NASL", "PHOTONOS_PHSA-2019-3_0-0015_LINUX.NASL", "SLACKWARE_SSA_2019-169-01.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310844004", "OPENVAS:1361412562310844006", "OPENVAS:1361412562310844008", "OPENVAS:1361412562310844009", "OPENVAS:1361412562310844010", "OPENVAS:1361412562310844012", "OPENVAS:1361412562310852503", "OPENVAS:1361412562310852506", "OPENVAS:1361412562310875558", "OPENVAS:1361412562310875559", "OPENVAS:1361412562310875560", "OPENVAS:1361412562310875566", "OPENVAS:1361412562310875577", "OPENVAS:1361412562310875629", "OPENVAS:1361412562310875681", "OPENVAS:1361412562310875786", "OPENVAS:1361412562310876038", "OPENVAS:1361412562310876049", "OPENVAS:1361412562310876089", "OPENVAS:1361412562310876322", "OPENVAS:1361412562310876361", "OPENVAS:1361412562310876377", "OPENVAS:1361412562310876423", "OPENVAS:1361412562310876445", "OPENVAS:1361412562310876479", "OPENVAS:1361412562310876510", "OPENVAS:1361412562310876621", "OPENVAS:1361412562310876666", "OPENVAS:1361412562310876750", "OPENVAS:1361412562310876869", "OPENVAS:1361412562310891799", "OPENVAS:1361412562310891885"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-2029"]}, {"type": "photon", "idList": ["PHSA-2019-1.0-0236", "PHSA-2019-3.0-0015"]}, {"type": "redhat", "idList": ["RHSA-2019:2029"]}, {"type": "slackware", "idList": ["SSA-2019-169-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1404-1", "OPENSUSE-SU-2019:1407-1", "OPENSUSE-SU-2019:1479-1"]}, {"type": "ubuntu", "idList": ["USN-3979-1", "USN-3980-1", "USN-3980-2", "USN-3981-1", "USN-3981-2", "USN-3982-1", "USN-3982-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-3882", "UB:CVE-2019-9857"]}]}, "exploitation": null, "vulnersScore": 6.1}, "_state": {"dependencies": 0, "score": 0}, "_internal": {}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "28", "arch": "any", "packageVersion": "5.0.6", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "kernel-tools"}]}

{"openvas": [{"lastseen": "2019-05-29T18:32:15", "description": "The remote host is missing an update for the\n ", "cvss3": {}, "published": "2019-04-09T00:00:00", "type": "openvas", "title": "Fedora Update for kernel-tools FEDORA-2019-65c6d11eba", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-9857", "CVE-2019-3882"], "modified": "2019-04-12T00:00:00", "id": "OPENVAS:1361412562310875558", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875558", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875558\");\n script_version(\"2019-04-12T12:30:40+0000\");\n script_cve_id(\"CVE-2019-9857\", \"CVE-2019-3882\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-04-12 12:30:40 +0000 (Fri, 12 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-04-09 02:08:19 +0000 (Tue, 09 Apr 2019)\");\n script_name(\"Fedora Update for kernel-tools FEDORA-2019-65c6d11eba\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2019-65c6d11eba\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXLZ2V2ES37A3J7DMK4MZYIWV2LEZFLM\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the\n 'kernel-tools' package(s) announced via the FEDORA-2019-65c6d11eba advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This package contains the tools/ directory\n from the kernel source and the supporting documentation.\");\n\n script_tag(name:\"affected\", value:\"'kernel-tools' package(s) on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC28\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~5.0.6~100.fc28\", rls:\"FC28\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:32:14", "description": "The remote host is missing an update for the\n ", "cvss3": {}, "published": "2019-04-09T00:00:00", "type": "openvas", "title": "Fedora Update for kernel-headers FEDORA-2019-65c6d11eba", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-9857", "CVE-2019-3882"], "modified": "2019-04-12T00:00:00", "id": "OPENVAS:1361412562310875560", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875560", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875560\");\n script_version(\"2019-04-12T12:30:40+0000\");\n script_cve_id(\"CVE-2019-9857\", \"CVE-2019-3882\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-04-12 12:30:40 +0000 (Fri, 12 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-04-09 02:09:01 +0000 (Tue, 09 Apr 2019)\");\n script_name(\"Fedora Update for kernel-headers FEDORA-2019-65c6d11eba\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2019-65c6d11eba\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FAK7AKF6QBGKN6S2KHUOS7GZZLOVKKP2\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the\n 'kernel-headers' package(s) announced via the FEDORA-2019-65c6d11eba advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Kernel-headers includes the C header files\n that specify the interface between the Linux kernel and userspace libraries\n and programs. The header files define structures and constants that are needed\n for building most standard programs and are also needed for rebuilding the glibc\n package.\");\n\n script_tag(name:\"affected\", value:\"'kernel-headers' package(s) on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC28\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~5.0.6~100.fc28\", rls:\"FC28\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:32:15", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-07T00:00:00", "type": "openvas", "title": "Fedora Update for kernel-headers FEDORA-2019-be9add5b77", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-9857", "CVE-2019-3882"], "modified": "2019-05-14T00:00:00", "id": "OPENVAS:1361412562310876038", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876038", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876038\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2019-9857\", \"CVE-2019-3882\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:32:44 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for kernel-headers FEDORA-2019-be9add5b77\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-be9add5b77\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/632LFCVZD7RJ6Q43JTVI2IHKU6UAS7C6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel-headers'\n package(s) announced via the FEDORA-2019-be9add5b77 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Kernel-headers includes the C header files that specify the interface\nbetween the Linux kernel and userspace libraries and programs. The\nheader files define structures and constants that are needed for\nbuilding most standard programs and are also needed for rebuilding the\nglibc package.\");\n\n script_tag(name:\"affected\", value:\"'kernel-headers' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~5.0.6~200.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:32:15", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-07T00:00:00", "type": "openvas", "title": "Fedora Update for kernel-tools FEDORA-2019-be9add5b77", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-9857", "CVE-2019-3882"], "modified": "2019-05-14T00:00:00", "id": "OPENVAS:1361412562310876089", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876089", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876089\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2019-9857\", \"CVE-2019-3882\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:34:11 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for kernel-tools FEDORA-2019-be9add5b77\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-be9add5b77\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ICJJH2OLMEBCTH43K53BMARSFHMMZNJY\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel-tools'\n package(s) announced via the FEDORA-2019-be9add5b77 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This package contains the tools/ directory from the kernel source\nand the supporting documentation.\");\n\n script_tag(name:\"affected\", value:\"'kernel-tools' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~5.0.6~200.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:32:17", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-07T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2019-be9add5b77", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7222", "CVE-2019-3460", "CVE-2018-19824", "CVE-2019-8980", "CVE-2019-9857", "CVE-2019-8912", "CVE-2018-16862", "CVE-2018-18710", "CVE-2019-7221", "CVE-2019-3701", "CVE-2019-6974", "CVE-2019-3459", "CVE-2018-19407", "CVE-2018-16880", "CVE-2019-3882"], "modified": "2019-05-14T00:00:00", "id": "OPENVAS:1361412562310875629", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875629", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875629\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2019-3882\", \"CVE-2019-9857\", \"CVE-2019-8980\", \"CVE-2019-8912\", \"CVE-2019-7221\", \"CVE-2019-6974\", \"CVE-2019-7222\", \"CVE-2018-16880\", \"CVE-2019-3459\", \"CVE-2019-3460\", \"CVE-2019-3701\", \"CVE-2018-19824\", \"CVE-2018-16862\", \"CVE-2018-19407\", \"CVE-2018-18710\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:13:29 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for kernel FEDORA-2019-be9add5b77\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-be9add5b77\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PPH3B7FJOMWD5JWUPZKB6T44KNT4PX2L\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the FEDORA-2019-be9add5b77 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The kernel meta package\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~5.0.6~200.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-02-03T17:17:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-07T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2019-1e8a4c6958", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7222", "CVE-2019-3460", "CVE-2018-19824", "CVE-2019-8980", "CVE-2019-9857", "CVE-2019-8912", "CVE-2018-16862", "CVE-2019-9500", "CVE-2018-18710", "CVE-2019-7221", "CVE-2019-3701", "CVE-2019-6974", "CVE-2019-3459", "CVE-2018-19407", "CVE-2018-16880", "CVE-2019-3882"], "modified": "2020-02-03T00:00:00", "id": "OPENVAS:1361412562310875786", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875786", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875786\");\n script_version(\"2020-02-03T08:05:42+0000\");\n script_cve_id(\"CVE-2019-9500\", \"CVE-2019-3882\", \"CVE-2019-9857\", \"CVE-2019-8980\", \"CVE-2019-8912\", \"CVE-2019-7221\", \"CVE-2019-6974\", \"CVE-2019-7222\", \"CVE-2018-16880\", \"CVE-2019-3459\", \"CVE-2019-3460\", \"CVE-2019-3701\", \"CVE-2018-19824\", \"CVE-2018-16862\", \"CVE-2018-19407\", \"CVE-2018-18710\");\n script_tag(name:\"cvss_base\", value:\"7.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-03 08:05:42 +0000 (Mon, 03 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:20:26 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for kernel FEDORA-2019-1e8a4c6958\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-1e8a4c6958\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AC6QXA5HZRQZCSKQ3DAXVTOUZ7LVWIR7\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the FEDORA-2019-1e8a4c6958 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The kernel meta package\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~5.0.9~200.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:14", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-07T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2019-94dc902948", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7222", "CVE-2019-3460", "CVE-2019-3887", "CVE-2018-19824", "CVE-2019-8980", "CVE-2019-9857", "CVE-2019-8912", "CVE-2018-16862", "CVE-2018-18710", "CVE-2019-7221", "CVE-2019-3701", "CVE-2019-6974", "CVE-2019-3459", "CVE-2018-19407", "CVE-2018-16880", "CVE-2019-3882"], "modified": "2019-05-14T00:00:00", "id": "OPENVAS:1361412562310876049", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876049", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876049\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2019-3882\", \"CVE-2019-9857\", \"CVE-2019-8980\", \"CVE-2019-8912\", \"CVE-2019-7221\", \"CVE-2019-6974\", \"CVE-2019-7222\", \"CVE-2018-16880\", \"CVE-2019-3459\", \"CVE-2019-3460\", \"CVE-2019-3701\", \"CVE-2018-19824\", \"CVE-2018-16862\", \"CVE-2018-19407\", \"CVE-2018-18710\", \"CVE-2019-3887\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:33:00 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for kernel FEDORA-2019-94dc902948\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-94dc902948\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYMWIULFVLIZLQSTPB3O7SQ7GG5E2V2G\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the FEDORA-2019-94dc902948 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The kernel meta package\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~5.0.7~200.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:32:24", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-15T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-3982-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-3874", "CVE-2019-11091", "CVE-2019-3882", "CVE-2018-12130"], "modified": "2019-05-17T00:00:00", "id": "OPENVAS:1361412562310844008", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844008", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844008\");\n script_version(\"2019-05-17T10:04:07+0000\");\n script_cve_id(\"CVE-2018-12130\", \"CVE-2018-12127\", \"CVE-2018-12126\", \"CVE-2019-11091\",\n \"CVE-2019-3874\", \"CVE-2019-3882\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:04:07 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-15 02:03:00 +0000 (Wed, 15 May 2019)\");\n script_name(\"Ubuntu Update for linux USN-3982-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n script_xref(name:\"USN\", value:\"3982-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3982-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the USN-3982-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan\nHorea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa\nMilburn, Sebastian sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos,\nCristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss\ndiscovered that memory previously stored in microarchitectural fill buffers\nof an Intel CPU core may be exposed to a malicious process that is\nexecuting on the same CPU core. A local attacker could use this to expose\nsensitive information. (CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan\nvan Schaik, Alyssa Milburn, Sebastian sterlund, Pietro Frigo, Kaveh\nRazavi, Herbert Bos, and Cristiano Giuffrida discovered that memory\npreviously stored in microarchitectural load ports of an Intel CPU core may\nbe exposed to a malicious process that is executing on the same CPU core. A\nlocal attacker could use this to expose sensitive information.\n(CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel\nMoghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel\nGruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory\npreviously stored in microarchitectural store buffers of an Intel CPU core\nmay be exposed to a malicious process that is executing on the same CPU\ncore. A local attacker could use this to expose sensitive information.\n(CVE-2018-12126)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur,\nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa\nMilburn, Sebastian sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and\nCristiano Giuffrida discovered that uncacheable memory previously stored in\nmicroarchitectural buffers of an Intel CPU core may be exposed to a\nmalicious process that is executing on the same CPU core. A local attacker\ncould use this to expose sensitive information. (CVE-2019-11091)\n\nMatteo Croce, Natale Vinto, and Andrea Spagnolo discovered that the cgroups\nsubsystem of the Linux kernel did not properly account for SCTP socket\nbuffers. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2019-3874)\n\nAlex Williamson discovered that the vfio subsystem of the Linux kernel did\nnot properly limit DMA mappings. A local attacker could use this to cause a\ndenial of service (memory exhaustion). (CVE-2019-3882)\");\n\n script_tag(name:\"affected\", value:\"'linux' package(s) on Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.4.0-1046-kvm\", ver:\"4.4.0-1046.52\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.4.0-1083-aws\", ver:\"4.4.0-1083.93\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.4.0-1109-raspi2\", ver:\"4.4.0-1109.117\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.4.0-1113-snapdragon\", ver:\"4.4.0-1113.118\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.4.0-148-generic\", ver:\"4.4.0-148.174\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.4.0-148-generic-lpae\", ver:\"4.4.0-148.174\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.4.0-148-lowlatency\", ver:\"4.4.0-148.174\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.4.0-148-powerpc-e500mc\", ver:\"4.4.0-148.174\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.4.0-148-powerpc-smp\", ver:\"4.4.0-148.174\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.4.0-148-powerpc64-emb\", ver:\"4.4.0-148.174\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.4.0-148-powerpc64-smp\", ver:\"4.4.0-148.174\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"4.4.0.1083.86\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.4.0.148.156\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.4.0.148.156\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-kvm\", ver:\"4.4.0.1046.46\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.4.0.148.156\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"4.4.0.148.156\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"4.4.0.148.156\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"4.4.0.148.156\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"4.4.0.148.156\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.4.0.1109.109\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-snapdragon\", ver:\"4.4.0.1113.105\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-virtual\", ver:\"4.4.0.148.156\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-02-03T17:15:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-07T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2019-8219efa9f6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7222", "CVE-2019-3900", "CVE-2019-3460", "CVE-2018-19824", "CVE-2019-8980", "CVE-2019-9857", "CVE-2019-8912", "CVE-2018-16862", "CVE-2019-9500", "CVE-2018-18710", "CVE-2019-9503", "CVE-2019-7221", "CVE-2019-3701", "CVE-2019-6974", "CVE-2019-3459", "CVE-2018-19407", "CVE-2018-16880", "CVE-2019-3882"], "modified": "2020-02-03T00:00:00", "id": "OPENVAS:1361412562310875681", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875681", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875681\");\n script_version(\"2020-02-03T08:05:42+0000\");\n script_cve_id(\"CVE-2019-3900\", \"CVE-2019-9503\", \"CVE-2019-9500\", \"CVE-2019-3882\", \"CVE-2019-9857\", \"CVE-2019-8980\", \"CVE-2019-8912\", \"CVE-2019-7221\", \"CVE-2019-6974\", \"CVE-2019-7222\", \"CVE-2018-16880\", \"CVE-2019-3459\", \"CVE-2019-3460\", \"CVE-2019-3701\", \"CVE-2018-19824\", \"CVE-2018-16862\", \"CVE-2018-19407\", \"CVE-2018-18710\");\n script_tag(name:\"cvss_base\", value:\"7.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-03 08:05:42 +0000 (Mon, 03 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:15:39 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for kernel FEDORA-2019-8219efa9f6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-8219efa9f6\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYTZH6QCNITK7353S6RCRT2PQHZSDPXD\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the FEDORA-2019-8219efa9f6 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The kernel meta package\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~5.0.10~200.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-03T17:08:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-16T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2019-e6bf55e821", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7222", "CVE-2018-12126", "CVE-2019-3900", "CVE-2019-3460", "CVE-2018-19824", "CVE-2019-8980", "CVE-2019-9857", "CVE-2019-8912", "CVE-2018-12127", "CVE-2018-16862", "CVE-2019-11884", "CVE-2019-9500", "CVE-2018-18710", "CVE-2019-9503", "CVE-2019-7221", "CVE-2019-3701", "CVE-2019-6974", "CVE-2019-3459", "CVE-2018-19407", "CVE-2018-16880", "CVE-2019-11091", "CVE-2019-3882", "CVE-2018-12130"], "modified": "2020-02-03T00:00:00", "id": "OPENVAS:1361412562310876361", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876361", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876361\");\n script_version(\"2020-02-03T08:05:42+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\", \"CVE-2019-11884\", \"CVE-2019-3900\", \"CVE-2019-9503\", \"CVE-2019-9500\", \"CVE-2019-3882\", \"CVE-2019-9857\", \"CVE-2019-8980\", \"CVE-2019-8912\", \"CVE-2019-7221\", \"CVE-2019-6974\", \"CVE-2019-7222\", \"CVE-2018-16880\", \"CVE-2019-3459\", \"CVE-2019-3460\", \"CVE-2019-3701\", \"CVE-2018-19824\", \"CVE-2018-16862\", \"CVE-2018-19407\", \"CVE-2018-18710\");\n script_tag(name:\"cvss_base\", value:\"7.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-03 08:05:42 +0000 (Mon, 03 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-16 02:13:21 +0000 (Thu, 16 May 2019)\");\n script_name(\"Fedora Update for kernel FEDORA-2019-e6bf55e821\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-e6bf55e821\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JLGUIVEF7FAI4UBRC535PO4MX7AGAYRU\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the FEDORA-2019-e6bf55e821 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The kernel meta package\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~5.0.16~200.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-03T17:24:17", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-15T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-3981-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-3874", "CVE-2019-9500", "CVE-2019-9503", "CVE-2018-16884", "CVE-2019-11091", "CVE-2019-3882", "CVE-2018-12130"], "modified": "2020-02-03T00:00:00", "id": "OPENVAS:1361412562310844009", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844009", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844009\");\n script_version(\"2020-02-03T08:05:42+0000\");\n script_cve_id(\"CVE-2018-12130\", \"CVE-2018-12127\", \"CVE-2018-12126\", \"CVE-2018-16884\",\n \"CVE-2019-11091\", \"CVE-2019-3874\", \"CVE-2019-3882\", \"CVE-2019-9500\",\n \"CVE-2019-9503\");\n script_tag(name:\"cvss_base\", value:\"7.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-03 08:05:42 +0000 (Mon, 03 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-15 02:03:04 +0000 (Wed, 15 May 2019)\");\n script_name(\"Ubuntu Update for linux USN-3981-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU18\\.04 LTS\");\n\n script_xref(name:\"USN\", value:\"3981-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3981-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the USN-3981-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan\nHorea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa\nMilburn, Sebastian sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos,\nCristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss\ndiscovered that memory previously stored in microarchitectural fill buffers\nof an Intel CPU core may be exposed to a malicious process that is\nexecuting on the same CPU core. A local attacker could use this to expose\nsensitive information. (CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan\nvan Schaik, Alyssa Milburn, Sebastian sterlund, Pietro Frigo, Kaveh\nRazavi, Herbert Bos, and Cristiano Giuffrida discovered that memory\npreviously stored in microarchitectural load ports of an Intel CPU core may\nbe exposed to a malicious process that is executing on the same CPU core. A\nlocal attacker could use this to expose sensitive information.\n(CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel\nMoghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel\nGruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory\npreviously stored in microarchitectural store buffers of an Intel CPU core\nmay be exposed to a malicious process that is executing on the same CPU\ncore. A local attacker could use this to expose sensitive information.\n(CVE-2018-12126)\n\nVasily Averin and Evgenii Shatokhin discovered that a use-after-free\nvulnerability existed in the NFS41+ subsystem when multiple network\nnamespaces are in use. A local attacker in a container could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2018-16884)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur,\nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa\nMilburn, Sebastian sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and\nCristiano Giuffrida discovered that uncacheable memory previously stored in\nmicroarchitectural buffers of an Intel CPU core may be exposed to a\nmalicious process that is executing on the same CPU core. A local attacker\ncould use this to expose sensitive information. (CVE-2019-11091)\n\nMatteo Croce, Natale Vinto, and Andrea Spagnolo discovered that the cgroups\nsubsystem of the Linux kernel did not properly account for SCTP socket\nbuffers. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2019-3874)\n\nAlex Williamson discovered that the vfio subsystem of the Linux kernel did\nnot properly limit DMA mappings. A local attacker co ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'linux' package(s) on Ubuntu 18.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1013-oracle\", ver:\"4.15.0-1013.15\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1032-gcp\", ver:\"4.15.0-1032.34\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1034-kvm\", ver:\"4.15.0-1034.34\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1036-raspi2\", ver:\"4.15.0-1036.38\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1038-oem\", ver:\"4.15.0-1038.43\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1039-aws\", ver:\"4.15.0-1039.41\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1053-snapdragon\", ver:\"4.15.0-1053.57\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-50-generic\", ver:\"4.15.0-50.54\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-50-generic-lpae\", ver:\"4.15.0-50.54\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-50-lowlatency\", ver:\"4.15.0-50.54\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-50-snapdragon\", ver:\"4.15.0-50.54\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"4.15.0.1039.38\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-gcp\", ver:\"4.15.0.1032.34\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.15.0.50.52\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.15.0.50.52\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-kvm\", ver:\"4.15.0.1034.34\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.15.0.50.52\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-oem\", ver:\"4.15.0.1038.43\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-oracle\", ver:\"4.15.0.1013.16\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"4.15.0.50.52\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"4.15.0.50.52\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"4.15.0.50.52\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"4.15.0.50.52\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.15.0.1036.34\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-snapdragon\", ver:\"4.15.0.1053.56\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-virtual\", ver:\"4.15.0.50.52\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-03T17:24:28", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-16T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-azure USN-3981-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2019-3874", "CVE-2019-9500", "CVE-2019-9503", "CVE-2018-16884", "CVE-2019-11091", "CVE-2019-3882", "CVE-2018-12130"], "modified": "2020-02-03T00:00:00", "id": "OPENVAS:1361412562310844012", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844012", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844012\");\n script_version(\"2020-02-03T08:05:42+0000\");\n script_cve_id(\"CVE-2018-12130\", \"CVE-2018-12127\", \"CVE-2018-12126\", \"CVE-2018-16884\",\n \"CVE-2019-11091\", \"CVE-2019-3874\", \"CVE-2019-3882\", \"CVE-2019-9500\",\n \"CVE-2019-9503\");\n script_tag(name:\"cvss_base\", value:\"7.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-03 08:05:42 +0000 (Mon, 03 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-16 02:01:13 +0000 (Thu, 16 May 2019)\");\n script_name(\"Ubuntu Update for linux-azure USN-3981-2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n script_xref(name:\"USN\", value:\"3981-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3981-2/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-azure'\n package(s) announced via the USN-3981-2 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"USN-3981-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu\n16.04 LTS and for the Linux Azure kernel for Ubuntu 14.04 LTS.\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan\nHorea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa\nMilburn, Sebastian sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos,\nCristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss\ndiscovered that memory previously stored in microarchitectural fill buffers\nof an Intel CPU core may be exposed to a malicious process that is\nexecuting on the same CPU core. A local attacker could use this to expose\nsensitive information. (CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan\nvan Schaik, Alyssa Milburn, Sebastian sterlund, Pietro Frigo, Kaveh\nRazavi, Herbert Bos, and Cristiano Giuffrida discovered that memory\npreviously stored in microarchitectural load ports of an Intel CPU core may\nbe exposed to a malicious process that is executing on the same CPU core. A\nlocal attacker could use this to expose sensitive information.\n(CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel\nMoghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel\nGruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory\npreviously stored in microarchitectural store buffers of an Intel CPU core\nmay be exposed to a malicious process that is executing on the same CPU\ncore. A local attacker could use this to expose sensitive information.\n(CVE-2018-12126)\n\nVasily Averin and Evgenii Shatokhin discovered that a use-after-free\nvulnerability existed in the NFS41+ subsystem when multiple network\nnamespaces are in use. A local attacker in a container could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2018-16884)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur,\nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa\nMilburn, Sebastian sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and\nCristiano Giuffrida discovered that uncacheable memory previously stored in\nmicroarchitectural buffers of an Intel CPU core may be exposed to a\nmalicious process that is executing on the same CPU core. A local attacker\ncould use this to expose sensitive information. (CVE-2019-11091)\n\nMatteo Croce, Natale Vinto, and Andrea Spagnolo discovered that the cgroups\nsubsystem of the Linux kernel ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'linux-azure' package(s) on Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1013-oracle\", ver:\"4.15.0-1013.15~16.04.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1032-gcp\", ver:\"4.15.0-1032.34~16.04.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1045-azure\", ver:\"4.15.0-1045.49\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-50-generic\", ver:\"4.15.0-50.54~16.04.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-50-generic-lpae\", ver:\"4.15.0-50.54~16.04.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-50-lowlatency\", ver:\"4.15.0-50.54~16.04.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-azure\", ver:\"4.15.0.1045.49\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-gcp\", ver:\"4.15.0.1032.46\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic-hwe-16.04\", ver:\"4.15.0.50.71\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic-lpae-hwe-16.04\", ver:\"4.15.0.50.71\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-gke\", ver:\"4.15.0.1032.46\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-lowlatency-hwe-16.04\", ver:\"4.15.0.50.71\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-oem\", ver:\"4.15.0.50.71\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-oracle\", ver:\"4.15.0.1013.7\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-virtual-hwe-16.04\", ver:\"4.15.0.50.71\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-03T17:18:55", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-26T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2019-8169b57f28", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7222", "CVE-2018-12126", "CVE-2019-3900", "CVE-2019-3460", "CVE-2018-19824", "CVE-2019-8980", "CVE-2019-9857", "CVE-2019-8912", "CVE-2018-12127", "CVE-2018-16862", "CVE-2019-11884", "CVE-2019-9500", "CVE-2018-18710", "CVE-2019-9503", "CVE-2019-7221", "CVE-2019-3701", "CVE-2019-10142", "CVE-2019-6974", "CVE-2019-3459", "CVE-2018-19407", "CVE-2018-16880", "CVE-2019-11091", "CVE-2019-3882", "CVE-2018-12130"], "modified": "2020-02-03T00:00:00", "id": "OPENVAS:1361412562310876423", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876423", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876423\");\n script_version(\"2020-02-03T08:05:42+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\", \"CVE-2019-11884\", \"CVE-2019-3900\", \"CVE-2019-9503\", \"CVE-2019-9500\", \"CVE-2019-3882\", \"CVE-2019-9857\", \"CVE-2019-8980\", \"CVE-2019-8912\", \"CVE-2019-7221\", \"CVE-2019-6974\", \"CVE-2019-7222\", \"CVE-2018-16880\", \"CVE-2019-3459\", \"CVE-2019-3460\", \"CVE-2019-3701\", \"CVE-2018-19824\", \"CVE-2018-16862\", \"CVE-2018-19407\", \"CVE-2018-18710\", \"CVE-2019-10142\");\n script_tag(name:\"cvss_base\", value:\"7.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-03 08:05:42 +0000 (Mon, 03 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-26 02:12:30 +0000 (Sun, 26 May 2019)\");\n script_name(\"Fedora Update for kernel FEDORA-2019-8169b57f28\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-8169b57f28\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXS5UYMDASRNQ4TNWENSHWB2UHCWLH5E\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the FEDORA-2019-8169b57f28 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The kernel meta package\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~5.0.17~200.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-03T17:09:13", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-06-05T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2019-48b34fc991", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7222", "CVE-2018-12126", "CVE-2019-3900", "CVE-2019-3460", "CVE-2018-19824", "CVE-2019-8980", "CVE-2019-9857", "CVE-2019-8912", "CVE-2018-12127", "CVE-2018-16862", "CVE-2019-11884", "CVE-2019-9500", "CVE-2018-18710", "CVE-2019-11833", "CVE-2019-9503", "CVE-2019-7221", "CVE-2019-3701", "CVE-2019-6974", "CVE-2019-3459", "CVE-2018-19407", "CVE-2018-16880", "CVE-2019-11091", "CVE-2019-3882", "CVE-2018-12130"], "modified": "2020-02-03T00:00:00", "id": "OPENVAS:1361412562310876445", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876445", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876445\");\n script_version(\"2020-02-03T08:05:42+0000\");\n script_cve_id(\"CVE-2019-11833\", \"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\", \"CVE-2019-11884\", \"CVE-2019-3900\", \"CVE-2019-9503\", \"CVE-2019-9500\", \"CVE-2019-3882\", \"CVE-2019-9857\", \"CVE-2019-8980\", \"CVE-2019-8912\", \"CVE-2019-7221\", \"CVE-2019-6974\", \"CVE-2019-7222\", \"CVE-2018-16880\", \"CVE-2019-3459\", \"CVE-2019-3460\", \"CVE-2019-3701\", \"CVE-2018-19824\", \"CVE-2018-16862\", \"CVE-2018-19407\", \"CVE-2018-18710\");\n script_tag(name:\"cvss_base\", value:\"7.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-03 08:05:42 +0000 (Mon, 03 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-06-05 02:17:23 +0000 (Wed, 05 Jun 2019)\");\n script_name(\"Fedora Update for kernel FEDORA-2019-48b34fc991\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-48b34fc991\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DTCIC2APGWYXPGC5D3KITFOWDQWOCBNG\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the FEDORA-2019-48b34fc991 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The kernel meta package\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~5.0.19~200.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-03T17:22:39", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-15T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-3980-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12126", "CVE-2019-3887", "CVE-2018-12127", "CVE-2019-3874", "CVE-2019-9500", "CVE-2019-9503", "CVE-2018-16884", "CVE-2019-11091", "CVE-2019-3882", "CVE-2018-12130"], "modified": "2020-02-03T00:00:00", "id": "OPENVAS:1361412562310844010", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844010", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844010\");\n script_version(\"2020-02-03T08:05:42+0000\");\n script_cve_id(\"CVE-2018-12130\", \"CVE-2018-12127\", \"CVE-2018-12126\", \"CVE-2018-16884\",\n \"CVE-2019-11091\", \"CVE-2019-3874\", \"CVE-2019-3882\", \"CVE-2019-3887\",\n \"CVE-2019-9500\", \"CVE-2019-9503\");\n script_tag(name:\"cvss_base\", value:\"7.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-03 08:05:42 +0000 (Mon, 03 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-15 02:03:11 +0000 (Wed, 15 May 2019)\");\n script_name(\"Ubuntu Update for linux USN-3980-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU18\\.10\");\n\n script_xref(name:\"USN\", value:\"3980-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3980-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the USN-3980-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan\nHorea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa\nMilburn, Sebastian sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos,\nCristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss\ndiscovered that memory previously stored in microarchitectural fill buffers\nof an Intel CPU core may be exposed to a malicious process that is\nexecuting on the same CPU core. A local attacker could use this to expose\nsensitive information. (CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan\nvan Schaik, Alyssa Milburn, Sebastian sterlund, Pietro Frigo, Kaveh\nRazavi, Herbert Bos, and Cristiano Giuffrida discovered that memory\npreviously stored in microarchitectural load ports of an Intel CPU core may\nbe exposed to a malicious process that is executing on the same CPU core. A\nlocal attacker could use this to expose sensitive information.\n(CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel\nMoghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel\nGruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory\npreviously stored in microarchitectural store buffers of an Intel CPU core\nmay be exposed to a malicious process that is executing on the same CPU\ncore. A local attacker could use this to expose sensitive information.\n(CVE-2018-12126)\n\nVasily Averin and Evgenii Shatokhin discovered that a use-after-free\nvulnerability existed in the NFS41+ subsystem when multiple network\nnamespaces are in use. A local attacker in a container could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2018-16884)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur,\nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa\nMilburn, Sebastian sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and\nCristiano Giuffrida discovered that uncacheable memory previously stored in\nmicroarchitectural buffers of an Intel CPU core may be exposed to a\nmalicious process that is executing on the same CPU core. A local attacker\ncould use this to expose sensitive information. (CVE-2019-11091)\n\nMatteo Croce, Natale Vinto, and Andrea Spagnolo discovered that the cgroups\nsubsystem of the Linux kernel did not properly account for SCTP socket\nbuffers. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2019-3874)\n\nAlex Williamson discovered that the vfio subsystem of the Linux kernel did\nnot properly limit DMA mappings. A local attacker could ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'linux' package(s) on Ubuntu 18.10.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.10\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.18.0-1011-gcp\", ver:\"4.18.0-1011.12\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.18.0-1012-kvm\", ver:\"4.18.0-1012.12\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.18.0-1014-raspi2\", ver:\"4.18.0-1014.16\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.18.0-1016-aws\", ver:\"4.18.0-1016.18\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.18.0-1018-azure\", ver:\"4.18.0-1018.18\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.18.0-20-generic\", ver:\"4.18.0-20.21\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.18.0-20-generic-lpae\", ver:\"4.18.0-20.21\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.18.0-20-lowlatency\", ver:\"4.18.0-20.21\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.18.0-20-snapdragon\", ver:\"4.18.0-20.21\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"4.18.0.1016.16\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-azure\", ver:\"4.18.0.1018.19\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-gcp\", ver:\"4.18.0.1011.11\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.18.0.20.21\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.18.0.20.21\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-gke\", ver:\"4.18.0.1011.11\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-kvm\", ver:\"4.18.0.1012.12\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.18.0.20.21\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"4.18.0.20.21\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"4.18.0.20.21\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"4.18.0.20.21\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"4.18.0.20.21\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.18.0.1014.11\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-snapdragon\", ver:\"4.18.0.20.21\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-virtual\", ver:\"4.18.0.20.21\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-03T17:23:30", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-15T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-azure USN-3980-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12126", "CVE-2019-3887", "CVE-2018-12127", "CVE-2019-3874", "CVE-2019-9500", "CVE-2019-9503", "CVE-2018-16884", "CVE-2019-11091", "CVE-2019-3882", "CVE-2018-12130"], "modified": "2020-02-03T00:00:00", "id": "OPENVAS:1361412562310844006", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844006", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844006\");\n script_version(\"2020-02-03T08:05:42+0000\");\n script_cve_id(\"CVE-2018-12130\", \"CVE-2018-12127\", \"CVE-2018-12126\", \"CVE-2018-16884\",\n \"CVE-2019-11091\", \"CVE-2019-3874\", \"CVE-2019-3882\", \"CVE-2019-3887\",\n \"CVE-2019-9500\", \"CVE-2019-9503\");\n script_tag(name:\"cvss_base\", value:\"7.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-03 08:05:42 +0000 (Mon, 03 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-15 02:02:48 +0000 (Wed, 15 May 2019)\");\n script_name(\"Ubuntu Update for linux-azure USN-3980-2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU18\\.04 LTS\");\n\n script_xref(name:\"USN\", value:\"3980-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3980-2/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-azure'\n package(s) announced via the USN-3980-2 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"USN-3980-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.10.\nThis update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 18.10 for Ubuntu\n18.04 LTS.\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan\nHorea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa\nMilburn, Sebastian sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos,\nCristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss\ndiscovered that memory previously stored in microarchitectural fill buffers\nof an Intel CPU core may be exposed to a malicious process that is\nexecuting on the same CPU core. A local attacker could use this to expose\nsensitive information. (CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan\nvan Schaik, Alyssa Milburn, Sebastian sterlund, Pietro Frigo, Kaveh\nRazavi, Herbert Bos, and Cristiano Giuffrida discovered that memory\npreviously stored in microarchitectural load ports of an Intel CPU core may\nbe exposed to a malicious process that is executing on the same CPU core. A\nlocal attacker could use this to expose sensitive information.\n(CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel\nMoghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel\nGruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory\npreviously stored in microarchitectural store buffers of an Intel CPU core\nmay be exposed to a malicious process that is executing on the same CPU\ncore. A local attacker could use this to expose sensitive information.\n(CVE-2018-12126)\n\nVasily Averin and Evgenii Shatokhin discovered that a use-after-free\nvulnerability existed in the NFS41+ subsystem when multiple network\nnamespaces are in use. A local attacker in a container could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2018-16884)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur,\nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa\nMilburn, Sebastian sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and\nCristiano Giuffrida discovered that uncacheable memory previously stored in\nmicroarchitectural buffers of an Intel CPU core may be exposed to a\nmalicious process that is executing on the same CPU core. A local attacker\ncould use this to expose sensitive information. (CVE-2019-11091)\n\nMatteo Croce, Natale Vinto, and Andrea Spagnolo discovered that the cgroups\nsubsystem of the Linux kernel did not properly account for SCTP socket\nbuffers. A local a ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'linux-azure' package(s) on Ubuntu 18.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.18.0-1018-azure\", ver:\"4.18.0-1018.18~18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.18.0-20-generic\", ver:\"4.18.0-20.21~18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.18.0-20-generic-lpae\", ver:\"4.18.0-20.21~18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.18.0-20-lowlatency\", ver:\"4.18.0-20.21~18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.18.0-20-snapdragon\", ver:\"4.18.0-20.21~18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-azure\", ver:\"4.18.0.1018.17\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic-hwe-18.04\", ver:\"4.18.0.20.70\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic-lpae-hwe-18.04\", ver:\"4.18.0.20.70\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-lowlatency-hwe-18.04\", ver:\"4.18.0.20.70\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-snapdragon-hwe-18.04\", ver:\"4.18.0.20.70\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-virtual-hwe-18.04\", ver:\"4.18.0.20.70\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-15T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-3979-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12126", "CVE-2019-3887", "CVE-2019-11683", "CVE-2019-1999", "CVE-2018-12127", "CVE-2019-3874", "CVE-2019-9500", "CVE-2019-9503", "CVE-2019-11091", "CVE-2019-3882", "CVE-2018-12130"], "modified": "2019-05-17T00:00:00", "id": "OPENVAS:1361412562310844004", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844004", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844004\");\n script_version(\"2019-05-17T10:04:07+0000\");\n script_cve_id(\"CVE-2018-12130\", \"CVE-2018-12127\", \"CVE-2018-12126\", \"CVE-2019-11091\",\n \"CVE-2019-11683\", \"CVE-2019-1999\", \"CVE-2019-3874\", \"CVE-2019-3882\",\n \"CVE-2019-3887\", \"CVE-2019-9500\", \"CVE-2019-9503\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:04:07 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-15 02:02:39 +0000 (Wed, 15 May 2019)\");\n script_name(\"Ubuntu Update for linux USN-3979-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU19\\.04\");\n\n script_xref(name:\"USN\", value:\"3979-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3979-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the USN-3979-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan\nHorea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa\nMilburn, Sebastian sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos,\nCristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss\ndiscovered that memory previously stored in microarchitectural fill buffers\nof an Intel CPU core may be exposed to a malicious process that is\nexecuting on the same CPU core. A local attacker could use this to expose\nsensitive information. (CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan\nvan Schaik, Alyssa Milburn, Sebastian sterlund, Pietro Frigo, Kaveh\nRazavi, Herbert Bos, and Cristiano Giuffrida discovered that memory\npreviously stored in microarchitectural load ports of an Intel CPU core may\nbe exposed to a malicious process that is executing on the same CPU core. A\nlocal attacker could use this to expose sensitive information.\n(CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel\nMoghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel\nGruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory\npreviously stored in microarchitectural store buffers of an Intel CPU core\nmay be exposed to a malicious process that is executing on the same CPU\ncore. A local attacker could use this to expose sensitive information.\n(CVE-2018-12126)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur,\nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa\nMilburn, Sebastian sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and\nCristiano Giuffrida discovered that uncacheable memory previously stored in\nmicroarchitectural buffers of an Intel CPU core may be exposed to a\nmalicious process that is executing on the same CPU core. A local attacker\ncould use this to expose sensitive information. (CVE-2019-11091)\n\nIt was discovered that the IPv4 generic receive offload (GRO) for UDP\nimplementation in the Linux kernel did not properly handle padded packets.\nA remote attacker could use this to cause a denial of service (system\ncrash). (CVE-2019-11683)\n\nIt was discovered that a race condition existed in the Binder IPC driver\nfor the Linux kernel. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code. (CVE-2019-1999)\n\nMatteo Croce, Natale Vinto, and Andrea Spagnolo discovered that the cgroups\nsubsystem of the Linux kernel did not properly account for SCTP socket\nbuffers. A local attacker could use this to cause a denial of service\n(sys ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'linux' package(s) on Ubuntu 19.04.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU19.04\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.0.0-1006-aws\", ver:\"5.0.0-1006.6\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.0.0-1006-azure\", ver:\"5.0.0-1006.6\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.0.0-1006-gcp\", ver:\"5.0.0-1006.6\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.0.0-1006-kvm\", ver:\"5.0.0-1006.6\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.0.0-1008-raspi2\", ver:\"5.0.0-1008.8\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.0.0-15-generic\", ver:\"5.0.0-15.16\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.0.0-15-generic-lpae\", ver:\"5.0.0-15.16\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.0.0-15-lowlatency\", ver:\"5.0.0-15.16\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"5.0.0.1006.6\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-azure\", ver:\"5.0.0.1006.6\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-gcp\", ver:\"5.0.0.1006.6\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"5.0.0.15.16\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"5.0.0.15.16\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-gke\", ver:\"5.0.0.1006.6\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-kvm\", ver:\"5.0.0.1006.6\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"5.0.0.15.16\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"5.0.0.1008.5\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-virtual\", ver:\"5.0.0.15.16\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T16:47:54", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-17T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for the Linux Kernel (openSUSE-SU-2019:1404-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12126", "CVE-2019-9003", "CVE-2018-12127", "CVE-2019-11884", "CVE-2019-9500", "CVE-2019-9503", "CVE-2019-11486", "CVE-2019-11815", "CVE-2018-16880", "CVE-2019-11091", "CVE-2019-3882", "CVE-2018-12130"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852503", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852503", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852503\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2018-16880\",\n \"CVE-2019-11091\", \"CVE-2019-11486\", \"CVE-2019-11815\", \"CVE-2019-11884\",\n \"CVE-2019-3882\", \"CVE-2019-9003\", \"CVE-2019-9500\", \"CVE-2019-9503\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-17 02:00:49 +0000 (Fri, 17 May 2019)\");\n script_name(\"openSUSE: Security Advisory for the Linux Kernel (openSUSE-SU-2019:1404-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1404-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Linux Kernel'\n package(s) announced via the openSUSE-SU-2019:1404-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The openSUSE Leap 15.0 kernel was updated to receive various security and\n bugfixes.\n\n Four new speculative execution information leak issues have been\n identified in Intel CPUs. (bsc#1111331)\n\n - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)\n\n - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)\n\n - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS)\n\n - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory\n (MDSUM)\n\n This kernel update contains software mitigations for these issues, which\n also utilize CPU microcode updates shipped in parallel.\n\n The following security bugs were fixed:\n\n - CVE-2018-16880: A flaw was found in handle_rx() function in the\n vhost_net driver. A malicious virtual guest, under specific conditions,\n can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host\n which may lead to a kernel memory corruption and a system panic. Due to\n the nature of the flaw, privilege escalation cannot be fully ruled out.\n (bnc#1122767).\n\n - CVE-2019-11486: The Siemens R3964 line discipline driver in\n drivers/tty/n_r3964.c had multiple race conditions (bnc#1133188). It has\n been disabled.\n\n - CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in\n net/rds/tcp.c. There is a race condition leading to a use-after-free,\n related to net namespace cleanup (bnc#1134537).\n\n - CVE-2019-11884: The do_hidp_sock_ioctl function in\n net/bluetooth/hidp/sock.c allowed a local user to obtain potentially\n sensitive information from kernel stack memory via a HIDPCONNADD\n command, because a name field may not end with a '\\0' character\n (bnc#1134848).\n\n - CVE-2019-3882: A flaw was found in vfio interface implementation that\n permits violation of the user's locked memory limit. If a device is\n bound to a vfio driver, such as vfio-pci, and the local attacker is\n administratively granted ownership of the device, it may cause a system\n memory exhaustion and thus a denial of service (DoS). (bnc#1131416\n bnc#1131427).\n\n - CVE-2019-9003: Attackers can trigger a\n drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging\n for certain simultaneous execution of the code, as demonstrated by a\n 'service ipmievd restart' loop (bnc#1126704).\n\n - CVE-2019-9500: A brcmfmac heap buffer overflow in brcmf_wowl_nd_results\n was fixed (bnc#1132681).\n\n - CVE-2019-9503: Multiple brcmfmac frame validation ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'the' package(s) on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.12.14~lp150.12.61.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~4.12.14~lp150.12.61.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-html\", rpm:\"kernel-docs-html~4.12.14~lp150.12.61.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~4.12.14~lp150.12.61.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~4.12.14~lp150.12.61.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~4.12.14~lp150.12.61.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~4.12.14~lp150.12.61.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~4.12.14~lp150.12.61.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~4.12.14~lp150.12.61.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~4.12.14~lp150.12.61.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~4.12.14~lp150.12.61.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~4.12.14~lp150.12.61.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~4.12.14~lp150.12.61.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~4.12.14~lp150.12.61.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~4.12.14~lp150.12.61.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~4.12.14~lp150.12.61.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~4.12.14~lp150.12.61.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~4.12.14~lp150.12.61.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~4.12.14~lp150.12.61.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel-debuginfo\", rpm:\"kernel-default-devel-debuginfo~4.12.14~lp150.12.61.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-kvmsmall\", rpm:\"kernel-kvmsmall~4.12.14~lp150.12.61.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-kvmsmall-base\", rpm:\"kernel-kvmsmall-base~4.12.14~lp150.12.61.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-kvmsmall-base-debuginfo\", rpm:\"kernel-kvmsmall-base-debuginfo~4.12.14~lp150.12.61.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-kvmsmall-debuginfo\", rpm:\"kernel-kvmsmall-debuginfo~4.12.14~lp150.12.61.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-kvmsmall-debugsource\", rpm:\"kernel-kvmsmall-debugsource~4.12.14~lp150.12.61.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-kvmsmall-devel\", rpm:\"kernel-kvmsmall-devel~4.12.14~lp150.12.61.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-kvmsmall-devel-debuginfo\", rpm:\"kernel-kvmsmall-devel-debuginfo~4.12.14~lp150.12.61.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build\", rpm:\"kernel-obs-build~4.12.14~lp150.12.61.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build-debugsource\", rpm:\"kernel-obs-build-debugsource~4.12.14~lp150.12.61.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa\", rpm:\"kernel-obs-qa~4.12.14~lp150.12.61.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~4.12.14~lp150.12.61.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~4.12.14~lp150.12.61.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base\", rpm:\"kernel-vanilla-base~4.12.14~lp150.12.61.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base-debuginfo\", rpm:\"kernel-vanilla-base-debuginfo~4.12.14~lp150.12.61.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~4.12.14~lp150.12.61.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~4.12.14~lp150.12.61.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~4.12.14~lp150.12.61.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel-debuginfo\", rpm:\"kernel-vanilla-devel-debuginfo~4.12.14~lp150.12.61.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-05-12T15:12:33", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-01-09T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for the Linux Kernel (openSUSE-SU-2019:1479-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11085", "CVE-2018-7191", "CVE-2019-11884", "CVE-2019-9500", "CVE-2019-11833", "CVE-2019-9503", "CVE-2019-11486", "CVE-2019-11811", "CVE-2019-11815", "CVE-2019-5489", "CVE-2013-4343", "CVE-2019-3882"], "modified": "2020-05-11T00:00:00", "id": "OPENVAS:1361412562310852870", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852870", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852870\");\n script_version(\"2020-05-11T07:05:27+0000\");\n script_cve_id(\"CVE-2018-7191\", \"CVE-2019-11085\", \"CVE-2019-11486\", \"CVE-2019-11811\",\n \"CVE-2019-11815\", \"CVE-2019-11833\", \"CVE-2019-11884\", \"CVE-2019-3882\",\n \"CVE-2019-5489\", \"CVE-2019-9500\", \"CVE-2019-9503\", \"CVE-2013-4343\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-05-11 07:05:27 +0000 (Mon, 11 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 09:39:22 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"openSUSE: Security Advisory for the Linux Kernel (openSUSE-SU-2019:1479-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1479-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Linux Kernel'\n package(s) announced via the openSUSE-SU-2019:1479-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The openSUSE Leap 15.1 kernel was updated to receive various security and\n bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2018-7191: In the tun subsystem dev_get_valid_name xwas not called\n before register_netdevice. This allowed local users to cause a denial of\n service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF)\n call with a dev name containing a / character. This is similar to\n CVE-2013-4343 (bnc#1135603).\n\n - CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in\n Intel(R) i915 Graphics for Linux may have allowed an authenticated user\n to potentially enable escalation of privilege via local access\n (bnc#1135278).\n\n - CVE-2019-11486: The Siemens R3964 line discipline driver in\n drivers/tty/n_r3964.c in the Linux kernel had multiple race conditions\n (bnc#1133188). It was disabled by default.\n\n - CVE-2019-11811: There is a use-after-free upon attempted read access to\n /proc/ioports after the ipmi_si module is removed, related to\n drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c,\n and drivers/char/ipmi/ipmi_si_port_io.c (bnc#1134397).\n\n - CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in\n net/rds/tcp.c kernel. There is a race condition leading to a\n use-after-free, related to net namespace cleanup (bnc#1134537).\n\n - CVE-2019-11833: fs/ext4/extents.c did not zero out the unused memory\n region in the extent tree block, which might allow local users to obtain\n sensitive information by reading uninitialized data in the filesystem\n (bnc#1135281).\n\n - CVE-2019-11884: The do_hidp_sock_ioctl function in\n net/bluetooth/hidp/sock.c allowed a local user to obtain potentially\n sensitive information from kernel stack memory via a HIDPCONNADD\n command, because a name field may not end with a '\\0' character\n (bnc#1134848).\n\n - CVE-2019-3882: A flaw was found in the vfio interface implementation\n that permits violation of the user's locked memory limit. If a device is\n bound to a vfio driver, such as vfio-pci, and the local attacker is\n administratively granted ownership of the device, it may cause a system\n memory exhaustion and thus a denial of service (DoS). (bnc#1131416\n bnc#1131427).\n\n - CVE-2019-5489: The mincore() implementation in mm/mincore.c allowed\n local attackers to observe page cache access patterns of other processes\n on the same system, potentially allowing sniffing of secret information.\n (Fixing this affects the output of the fincore program.) Limited remote\n exploitation may be possible, as demonstrated by latency differences in\n accessing public files from an Apache HTTP Server.\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'the' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-html\", rpm:\"kernel-docs-html~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel-debuginfo\", rpm:\"kernel-default-devel-debuginfo~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-kvmsmall\", rpm:\"kernel-kvmsmall~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-kvmsmall-base\", rpm:\"kernel-kvmsmall-base~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-kvmsmall-base-debuginfo\", rpm:\"kernel-kvmsmall-base-debuginfo~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-kvmsmall-debuginfo\", rpm:\"kernel-kvmsmall-debuginfo~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-kvmsmall-debugsource\", rpm:\"kernel-kvmsmall-debugsource~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-kvmsmall-devel\", rpm:\"kernel-kvmsmall-devel~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-kvmsmall-devel-debuginfo\", rpm:\"kernel-kvmsmall-devel-debuginfo~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build\", rpm:\"kernel-obs-build~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build-debugsource\", rpm:\"kernel-obs-build-debugsource~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa\", rpm:\"kernel-obs-qa~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base\", rpm:\"kernel-vanilla-base~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base-debuginfo\", rpm:\"kernel-vanilla-base-debuginfo~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel-debuginfo\", rpm:\"kernel-vanilla-devel-debuginfo~4.12.14~lp151.28.4.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-06-14T12:42:33", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-06-13T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2019-83858fc57b", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7222", "CVE-2018-12126", "CVE-2019-3900", "CVE-2019-3460", "CVE-2018-19824", "CVE-2019-8980", "CVE-2019-12378", "CVE-2019-9857", "CVE-2019-12380", "CVE-2019-8912", "CVE-2019-12455", "CVE-2018-12127", "CVE-2018-16862", "CVE-2019-11884", "CVE-2019-12381", "CVE-2019-9500", "CVE-2019-12379", "CVE-2019-11833", "CVE-2019-9503", "CVE-2019-12456", "CVE-2019-7221", "CVE-2019-12614", "CVE-2019-3701", "CVE-2019-6974", "CVE-2019-3459", "CVE-2018-19407", "CVE-2019-12454", "CVE-2019-12382", "CVE-2018-16880", "CVE-2019-3846", "CVE-2019-11091", "CVE-2019-3882", "CVE-2018-12130"], "modified": "2019-06-13T00:00:00", "id": "OPENVAS:1361412562310876479", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876479", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876479\");\n script_version(\"2019-06-13T11:51:34+0000\");\n script_cve_id(\"CVE-2019-12614\", \"CVE-2019-12456\", \"CVE-2019-12455\", \"CVE-2019-12454\", \"CVE-2019-12378\", \"CVE-2019-3846\", \"CVE-2019-12380\", \"CVE-2019-12381\", \"CVE-2019-12382\", \"CVE-2019-12379\", \"CVE-2019-11833\", \"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\", \"CVE-2019-11884\", \"CVE-2019-3900\", \"CVE-2019-9503\", \"CVE-2019-9500\", \"CVE-2019-3882\", \"CVE-2019-9857\", \"CVE-2019-8980\", \"CVE-2019-8912\", \"CVE-2019-7221\", \"CVE-2019-6974\", \"CVE-2019-7222\", \"CVE-2018-16880\", \"CVE-2019-3459\", \"CVE-2019-3460\", \"CVE-2019-3701\", \"CVE-2018-19824\", \"CVE-2018-16862\", \"CVE-2018-19407\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-06-13 11:51:34 +0000 (Thu, 13 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-06-13 02:12:41 +0000 (Thu, 13 Jun 2019)\");\n script_name(\"Fedora Update for kernel FEDORA-2019-83858fc57b\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-83858fc57b\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3EAFK7XXRLGTEHFOCLGPE6P7MFDZ7KMF\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the FEDORA-2019-83858fc57b advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The kernel meta package\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~5.1.8~200.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:34:04", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1636)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-3837", "CVE-2019-3900", "CVE-2019-3460", "CVE-2018-19406", "CVE-2019-8956", "CVE-2019-3901", "CVE-2019-3459", "CVE-2019-9213", "CVE-2019-11815", "CVE-2018-16880", "CVE-2019-3819", "CVE-2013-7470", "CVE-2019-3882", "CVE-2018-19985"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191636", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191636", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1636\");\n script_version(\"2020-01-23T14:23:06+0000\");\n script_cve_id(\"CVE-2013-7470\", \"CVE-2018-16880\", \"CVE-2018-19406\", \"CVE-2018-19985\", \"CVE-2019-11815\", \"CVE-2019-3459\", \"CVE-2019-3460\", \"CVE-2019-3819\", \"CVE-2019-3837\", \"CVE-2019-3882\", \"CVE-2019-3900\", \"CVE-2019-3901\", \"CVE-2019-8956\", \"CVE-2019-9213\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 14:23:06 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:18:09 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1636)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.2\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1636\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1636\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1636 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.(CVE-2019-11815)\n\nA flaw was found in the Linux kernel's handle_rx() function in the vhost_net driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.(CVE-2018-16880)\n\nA NULL pointer dereference security flaw was found in the Linux kernel in kvm_pv_send_ipi() in arch/x86/kvm/lapic.c. This allows local users with certain privileges to cause a denial of service via a crafted system call to the KVM subsystem.(CVE-2018-19406)\n\nThe function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space.(CVE-2018-19985)\n\nA heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.(CVE-2019-3459)\n\nA heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.(CVE-2019-3460)\n\nA flaw was found in the Linux kernel in the function hid_debug_events_read() in the drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ('root') can cause a system lock up and a denial of service.(CVE-2019-3819)\n\nIn the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task.(CVE-2019-9213)\n\nA flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.(CVE-2019-3882)\n\nAn inf ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.2.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.2.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.19.36~1.2.159\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.19.36~1.2.159\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~4.19.36~1.2.159\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~4.19.36~1.2.159\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~4.19.36~1.2.159\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~4.19.36~1.2.159\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~4.19.36~1.2.159\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~4.19.36~1.2.159\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-29T19:24:39", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-08-15T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for linux-4.9 (DLA-1885-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-3900", "CVE-2019-14284", "CVE-2019-10639", "CVE-2019-13648", "CVE-2018-5995", "CVE-2019-13631", "CVE-2019-10207", "CVE-2019-10638", "CVE-2018-20856", "CVE-2017-18509", "CVE-2019-3882", "CVE-2019-1125", "CVE-2018-20836", "CVE-2019-14283"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891885", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891885", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891885\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-18509\", \"CVE-2018-20836\", \"CVE-2018-20856\", \"CVE-2018-5995\", \"CVE-2019-10207\", \"CVE-2019-10638\", \"CVE-2019-10639\", \"CVE-2019-1125\", \"CVE-2019-13631\", \"CVE-2019-13648\", \"CVE-2019-14283\", \"CVE-2019-14284\", \"CVE-2019-3882\", \"CVE-2019-3900\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-08-15 02:00:08 +0000 (Thu, 15 Aug 2019)\");\n script_name(\"Debian LTS: Security Advisory for linux-4.9 (DLA-1885-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-1885-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-4.9'\n package(s) announced via the DLA-1885-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2017-18509\n\nDenis Andzakovic reported a missing type check in the IPv4 multicast\nrouting implementation. A user with the CAP_NET_ADMIN capability (in\nany user namespace) could use this for denial-of-service (memory\ncorruption or crash) or possibly for privilege escalation.\n\nCVE-2018-5995\n\nADLab of VenusTech discovered that the kernel logged the virtual\naddresses assigned to per-CPU data, which could make it easier to\nexploit other vulnerabilities.\n\nCVE-2018-20836\n\nchenxiang reported a race condition in libsas, the kernel\nsubsystem supporting Serial Attached SCSI (SAS) devices, which\ncould lead to a use-after-free. It is not clear how this might be\nexploited.\n\nCVE-2018-20856\n\nXiao Jin reported a potential double-free in the block subsystem,\nin case an error occurs while initialising the I/O scheduler for a\nblock device. It is not clear how this might be exploited.\n\nCVE-2019-1125\n\nIt was discovered that most x86 processors could speculatively\nskip a conditional SWAPGS instruction used when entering the\nkernel from user mode, and/or could speculatively execute it when\nit should be skipped. This is a subtype of Spectre variant 1,\nwhich could allow local users to obtain sensitive information from\nthe kernel or other processes. It has been mitigated by using\nmemory barriers to limit speculative execution. Systems using an\ni386 kernel are not affected as the kernel does not use SWAPGS.\n\nCVE-2019-3882\n\nIt was found that the vfio implementation did not limit the number\nof DMA mappings to device memory. A local user granted ownership\nof a vfio device could use this to cause a denial of service\n(out-of-memory condition).\n\nCVE-2019-3900\n\nIt was discovered that vhost drivers did not properly control the\namount of work done to service requests from guest VMs. A\nmalicious guest could use this to cause a denial-of-service\n(unbounded CPU usage) on the host.\n\nCVE-2019-10207\n\nThe syzkaller tool found a potential null dereference in various\ndrivers for UART-attached Bluetooth adapters. A local user with\naccess to a pty device or other suitable tty device could use this\nfor denial-of-service (BUG/oops).\n\nCVE-2019-10638\n\nAmit Klein and Benny Pinkas discovered that the generation of IP\npacket IDs used a weak hash function, 'jhash'. This could enable\ntracking individual computers as they communicate with different\nremote servers and from different networks. The 'siphash'\nfunction is now used instead.\n\nCVE-2019-10639\n\nAmit Klein and Benny Pinkas discovered that the generation of IP\npacket ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'linux-4.9' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n4.9.168-1+deb9u5~deb8u1.\n\nWe recommend that you upgrade your linux-4.9 packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.9-arm\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-doc-4.9\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-686\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-686-pae\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-all\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-all-amd64\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-all-armel\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-all-armhf\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-all-i386\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-amd64\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-armmp\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-armmp-lpae\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-common\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-common-rt\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-marvell\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-rt-686-pae\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-rt-amd64\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-686\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-686-pae\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-all\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-all-amd64\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-all-armel\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-all-armhf\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-all-i386\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-amd64\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-armmp\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-armmp-lpae\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-common\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-common-rt\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-marvell\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-rt-686-pae\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-rt-amd64\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.9-686\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.9-686-pae\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.9-all\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.9-all-amd64\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.9-all-armel\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.9-all-armhf\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.9-all-i386\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.9-amd64\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.9-armmp\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.9-armmp-lpae\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.9-common\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.9-common-rt\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.9-marvell\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.9-rt-686-pae\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.9-rt-amd64\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-686\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-686-pae\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-686-pae-dbg\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-amd64\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-amd64-dbg\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-armmp\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-armmp-lpae\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-marvell\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-rt-686-pae\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-rt-amd64\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-rt-amd64-dbg\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-686\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-686-pae\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-686-pae-dbg\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-amd64\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-amd64-dbg\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-armmp\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-armmp-lpae\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-marvell\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-rt-686-pae\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-rt-686-pae-dbg\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-rt-amd64\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-rt-amd64-dbg\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.9-686\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.9-686-pae\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.9-686-pae-dbg\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.9-amd64\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.9-amd64-dbg\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.9-armmp\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.9-armmp-lpae\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.9-marvell\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.9-rt-686-pae\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.9-rt-686-pae-dbg\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.9-rt-amd64\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.9-rt-amd64-dbg\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-kbuild-4.9\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-manual-4.9\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-perf-4.9\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-source-4.9\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-4.9.0-0.bpo.7\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-4.9.0-0.bpo.8\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-4.9.0-0.bpo.9\", ver:\"4.9.168-1+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T16:53:04", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-21T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for the Linux Kernel (openSUSE-SU-2019:1407-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12126", "CVE-2018-10853", "CVE-2018-12127", "CVE-2019-11884", "CVE-2018-15594", "CVE-2018-5814", "CVE-2019-9503", "CVE-2018-1000204", "CVE-2018-17972", "CVE-2019-11486", "CVE-2019-11815", "CVE-2019-11091", "CVE-2019-3882", "CVE-2018-12130"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852506", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852506", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852506\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2018-1000204\", \"CVE-2018-10853\", \"CVE-2018-12126\", \"CVE-2018-12127\",\n \"CVE-2018-12130\", \"CVE-2018-15594\", \"CVE-2018-17972\", \"CVE-2018-5814\",\n \"CVE-2019-11091\", \"CVE-2019-11486\", \"CVE-2019-11815\", \"CVE-2019-11884\",\n \"CVE-2019-3882\", \"CVE-2019-9503\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-21 02:00:50 +0000 (Tue, 21 May 2019)\");\n script_name(\"openSUSE: Security Advisory for the Linux Kernel (openSUSE-SU-2019:1407-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1407-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Linux Kernel'\n package(s) announced via the openSUSE-SU-2019:1407-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The openSUSE Leap 42.3 kernel was updated to 4.4.179 to receive various\n security and bugfixes.\n\n Four new speculative execution information leak issues have been\n identified in Intel CPUs. (bsc#1111331)\n\n - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)\n\n - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)\n\n - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS)\n\n - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory\n (MDSUM)\n\n This kernel update contains software mitigations for these issues, which\n also utilize CPU microcode updates shipped in parallel.\n\n The following security bugs were fixed:\n\n - CVE-2018-5814: Multiple race condition errors when handling probe,\n disconnect, and rebind operations can be exploited to trigger a\n use-after-free condition or a NULL pointer dereference by sending\n multiple USB over IP packets (bnc#1096480).\n\n - CVE-2018-10853: A flaw was found in the way Linux kernel KVM hypervisor\n emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check\n current privilege(CPL) level while emulating unprivileged instructions.\n An unprivileged guest user/process could use this flaw to potentially\n escalate privileges inside guest (bnc#1097104).\n\n - CVE-2018-15594: arch/x86/kernel/paravirt.c in the Linux kernel\n mishandled certain indirect calls, which made it easier for attackers to\n conduct Spectre-v2 attacks against paravirtual guests (bnc#1105348\n 1119974).\n\n - CVE-2018-17972: An issue was discovered in the proc_pid_stack function\n in fs/proc/base.c that did not ensure that only root may inspect the\n kernel stack of an arbitrary task, allowing a local attacker to exploit\n racy stack unwinding and leak kernel task stack contents (bnc#1110785).\n\n - CVE-2018-1000204: Prevent infoleak caused by incorrect handling of the\n SG_IO ioctl (bsc#1096728)\n\n - CVE-2019-11486: The Siemens R3964 line discipline driver in\n drivers/tty/n_r3964.c had multiple race conditions (bnc#1133188). It has\n been disabled.\n\n - CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in\n net/rds/tcp.c, a race condition leading to a use-after-free was fixed,\n related to net namespace cleanup (bnc#1134537).\n\n - CVE-2019-11884: The do_hidp_sock_ioctl function in\n net/bluetooth/hidp/sock.c allowed a local user to obtain potentially\n sensitive information from kernel stack memory via a HIDPCONNADD\n ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'the' package(s) on openSUSE Leap 42.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.4.179~99.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~4.4.179~99.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-html\", rpm:\"kernel-docs-html~4.4.179~99.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-pdf\", rpm:\"kernel-docs-pdf~4.4.179~99.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~4.4.179~99.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~4.4.179~99.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~4.4.179~99.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~4.4.179~99.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~4.4.179~99.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~4.4.179~99.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~4.4.179~99.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~4.4.179~99.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~4.4.179~99.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~4.4.179~99.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~4.4.179~99.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~4.4.179~99.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~4.4.179~99.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~4.4.179~99.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~4.4.179~99.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~4.4.179~99.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build\", rpm:\"kernel-obs-build~4.4.179~99.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build-debugsource\", rpm:\"kernel-obs-build-debugsource~4.4.179~99.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa\", rpm:\"kernel-obs-qa~4.4.179~99.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~4.4.179~99.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~4.4.179~99.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base\", rpm:\"kernel-vanilla-base~4.4.179~99.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base-debuginfo\", rpm:\"kernel-vanilla-base-debuginfo~4.4.179~99.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~4.4.179~99.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~4.4.179~99.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~4.4.179~99.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-06-21T12:42:36", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-06-19T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2019-914542e05c", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7222", "CVE-2018-12126", "CVE-2019-3900", "CVE-2019-3460", "CVE-2018-19824", "CVE-2019-11478", "CVE-2019-8980", "CVE-2019-12378", "CVE-2019-9857", "CVE-2019-12380", "CVE-2019-8912", "CVE-2019-12455", "CVE-2018-12127", "CVE-2018-16862", "CVE-2019-11884", "CVE-2019-12381", "CVE-2019-9500", "CVE-2019-12379", "CVE-2019-11833", "CVE-2019-9503", "CVE-2019-12456", "CVE-2019-11477", "CVE-2019-7221", "CVE-2019-12614", "CVE-2019-3701", "CVE-2019-6974", "CVE-2019-3459", "CVE-2018-19407", "CVE-2019-12454", "CVE-2019-12382", "CVE-2018-16880", "CVE-2019-3846", "CVE-2019-10126", "CVE-2019-11479", "CVE-2019-11091", "CVE-2019-3882", "CVE-2018-12130"], "modified": "2019-06-20T00:00:00", "id": "OPENVAS:1361412562310876510", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876510", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876510\");\n script_version(\"2019-06-20T06:01:12+0000\");\n script_cve_id(\"CVE-2019-11477\", \"CVE-2019-11479\", \"CVE-2019-11478\", \"CVE-2019-10126\", \"CVE-2019-12614\", \"CVE-2019-12456\", \"CVE-2019-12455\", \"CVE-2019-12454\", \"CVE-2019-12378\", \"CVE-2019-3846\", \"CVE-2019-12380\", \"CVE-2019-12381\", \"CVE-2019-12382\", \"CVE-2019-12379\", \"CVE-2019-11833\", \"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\", \"CVE-2019-11884\", \"CVE-2019-3900\", \"CVE-2019-9503\", \"CVE-2019-9500\", \"CVE-2019-3882\", \"CVE-2019-9857\", \"CVE-2019-8980\", \"CVE-2019-8912\", \"CVE-2019-7221\", \"CVE-2019-6974\", \"CVE-2019-7222\", \"CVE-2018-16880\", \"CVE-2019-3459\", \"CVE-2019-3460\", \"CVE-2019-3701\", \"CVE-2018-19824\", \"CVE-2018-16862\", \"CVE-2018-19407\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-06-20 06:01:12 +0000 (Thu, 20 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-06-19 02:13:53 +0000 (Wed, 19 Jun 2019)\");\n script_name(\"Fedora Update for kernel FEDORA-2019-914542e05c\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-914542e05c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRWLZV3MP4PZKCRKPI3VCYBUHCUU75IT\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the FEDORA-2019-914542e05c advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The kernel meta package\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~5.1.11~200.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-03T17:30:57", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-06-01T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for linux (DLA-1799-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12126", "CVE-2019-3460", "CVE-2019-11190", "CVE-2019-6133", "CVE-2018-5995", "CVE-2018-12127", "CVE-2019-9503", "CVE-2019-11599", "CVE-2019-3901", "CVE-2019-3459", "CVE-2019-11486", "CVE-2019-2024", "CVE-2019-11091", "CVE-2019-3882", "CVE-2018-12130"], "modified": "2020-02-03T00:00:00", "id": "OPENVAS:1361412562310891799", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891799", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891799\");\n script_version(\"2020-02-03T08:05:42+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2018-5995\", \"CVE-2019-11091\", \"CVE-2019-11190\", \"CVE-2019-11486\", \"CVE-2019-11599\", \"CVE-2019-2024\", \"CVE-2019-3459\", \"CVE-2019-3460\", \"CVE-2019-3882\", \"CVE-2019-3901\", \"CVE-2019-6133\", \"CVE-2019-9503\");\n script_tag(name:\"cvss_base\", value:\"7.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-03 08:05:42 +0000 (Mon, 03 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-06-01 09:22:29 +0000 (Sat, 01 Jun 2019)\");\n script_name(\"Debian LTS: Security Advisory for linux (DLA-1799-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-1799-1\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/927781\");\n script_xref(name:\"URL\", value:\"https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the DLA-1799-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2018-5995\n\nADLab of VenusTech discovered that the kernel logged the virtual\naddresses assigned to per-CPU data, which could make it easier to\nexploit other vulnerabilities.\n\nCVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091\n\nMultiple researchers have discovered vulnerabilities in the way\nthat Intel processor designs implement speculative forwarding of\ndata filled into temporary microarchitectural structures\n(buffers). This flaw could allow an attacker controlling an\nunprivileged process to read sensitive information, including from\nthe kernel and all other processes running on the system, or\nacross guest/host boundaries to read host memory.\n\nSee the references for more details.\n\nTo fully resolve these vulnerabilities it is also necessary to\ninstall updated CPU microcode. An updated intel-microcode package\n(only available in Debian non-free) was provided via DLA-1789-1.\nThe updated CPU microcode may also be available as part of a\nsystem firmware ('BIOS') update.\n\nCVE-2019-2024\n\nA use-after-free bug was discovered in the em28xx video capture\ndriver. Local users might be able to use this for denial of\nservice (memory corruption or crash) or possibly for privilege\nescalation.\n\nCVE-2019-3459, CVE-2019-3460\n\nShlomi Oberman, Yuli Shapiro, and Karamba Security Ltd. research\nteam discovered missing range checks in the Bluetooth L2CAP\nimplementation. If Bluetooth is enabled, a nearby attacker\ncould use these to read sensitive information from the kernel.\n\nCVE-2019-3882\n\nIt was found that the vfio implementation did not limit the number\nof DMA mappings to device memory. A local user granted ownership\nof a vfio device could use this to cause a denial of service\n(out-of-memory condition).\n\nCVE-2019-3901\n\nJann Horn of Google reported a race condition that would allow a\nlocal user to read performance events from a task after it\nexecutes a setuid program. This could leak sensitive information\nprocessed by setuid programs. Debian's kernel configuration does\nnot allow unprivileged users to access performance events by\ndefault, which fully mitigates this issue.\n\nCVE-2019-6133\n\nJann Horn of Google found that Policykit's authentication check\ncould be bypassed by a local user creating a process with the same\nstart time and process ID as an older authenticated process.\nPolicyKit was already updated to fix this in DLA-1644-1. The\nkernel has additionally been updated to avoid a delay between\nassigning start time and process ID, which should make the attack\nimpractical.\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'linux' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n3.16.68-1. This version also includes a fix for Debian bug #927781,\nand other fixes included in upstream stable updates.\n\nWe recommend that you upgrade your linux packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-arm\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-x86\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.9-x86\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-doc-3.16\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-586\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-686-pae\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-amd64\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armel\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armhf\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-i386\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-amd64\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp-lpae\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-common\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-ixp4xx\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-kirkwood\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-orion5x\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-versatile\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-586\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-686-pae\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all-amd64\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all-armel\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all-armhf\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all-i386\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-amd64\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-armmp\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-armmp-lpae\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-common\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-ixp4xx\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-kirkwood\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-orion5x\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-versatile\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-586\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-686-pae\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-all\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-all-amd64\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-all-armel\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-all-armhf\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-all-i386\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-amd64\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-armmp\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-armmp-lpae\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-common\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-ixp4xx\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-kirkwood\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-orion5x\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-versatile\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-7-586\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-7-686-pae\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-7-all\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-7-all-amd64\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-7-all-armel\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-7-all-armhf\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-7-all-i386\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-7-amd64\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-7-armmp\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-7-armmp-lpae\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-7-common\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-7-ixp4xx\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-7-kirkwood\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-7-orion5x\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-7-versatile\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-8-586\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-8-686-pae\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-8-all\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-8-all-amd64\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-8-all-armel\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-8-all-armhf\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-8-all-i386\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-8-amd64\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-8-armmp\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-8-armmp-lpae\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-8-common\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-8-ixp4xx\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-8-kirkwood\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-8-orion5x\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-8-versatile\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-9-586\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-9-686-pae\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-9-all\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-9-all-amd64\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-9-all-armel\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-9-all-armhf\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-9-all-i386\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-9-amd64\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-9-armmp\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-9-armmp-lpae\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-9-common\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-9-ixp4xx\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-9-kirkwood\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-9-orion5x\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-9-versatile\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-586\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae-dbg\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64-dbg\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp-lpae\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-ixp4xx\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-kirkwood\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-orion5x\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-versatile\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-586\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-686-pae\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-686-pae-dbg\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-amd64\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-amd64-dbg\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-armmp\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-armmp-lpae\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-ixp4xx\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-kirkwood\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-orion5x\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-versatile\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-586\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-686-pae\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-686-pae-dbg\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-amd64\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-amd64-dbg\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-armmp\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-armmp-lpae\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-ixp4xx\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-kirkwood\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-orion5x\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-versatile\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-7-586\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-7-686-pae\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-7-686-pae-dbg\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-7-amd64\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-7-amd64-dbg\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-7-armmp\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-7-armmp-lpae\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-7-ixp4xx\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-7-kirkwood\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-7-orion5x\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-7-versatile\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-8-586\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-8-686-pae\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-8-686-pae-dbg\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-8-amd64\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-8-amd64-dbg\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-8-armmp\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-8-armmp-lpae\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-8-ixp4xx\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-8-kirkwood\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-8-orion5x\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-8-versatile\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-9-586\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-9-686-pae\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-9-686-pae-dbg\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-9-amd64\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-9-amd64-dbg\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-9-armmp\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-9-armmp-lpae\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-9-ixp4xx\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-9-kirkwood\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-9-orion5x\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-9-versatile\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-manual-3.16\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-source-3.16\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-3.16.0-4\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-3.16.0-6\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-3.16.0-7\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-3.16.0-8\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-3.16.0-9\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-4-amd64\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-5-amd64\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-6-amd64\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-7-amd64\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-8-amd64\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-9-amd64\", ver:\"3.16.68-1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-26T11:49:19", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-07-20T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2019-a95015e60f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7222", "CVE-2018-12126", "CVE-2019-3900", "CVE-2019-3460", "CVE-2018-19824", "CVE-2019-11478", "CVE-2019-8980", "CVE-2019-12378", "CVE-2019-9857", "CVE-2019-12380", "CVE-2019-13272", "CVE-2019-8912", "CVE-2019-12455", "CVE-2018-12127", "CVE-2018-16862", "CVE-2019-11884", "CVE-2019-12381", "CVE-2019-9500", "CVE-2019-12379", "CVE-2019-11833", "CVE-2019-9503", "CVE-2019-12456", "CVE-2019-11477", "CVE-2019-12817", "CVE-2019-7221", "CVE-2019-12614", "CVE-2019-3701", "CVE-2019-6974", "CVE-2019-3459", "CVE-2018-19407", "CVE-2019-12454", "CVE-2019-12382", "CVE-2018-16880", "CVE-2019-3846", "CVE-2019-10126", "CVE-2019-11479", "CVE-2019-11091", "CVE-2019-3882", "CVE-2018-12130"], "modified": "2019-07-25T00:00:00", "id": "OPENVAS:1361412562310876586", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876586", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876586\");\n script_version(\"2019-07-25T11:54:35+0000\");\n script_cve_id(\"CVE-2019-12817\", \"CVE-2019-11477\", \"CVE-2019-11479\", \"CVE-2019-11478\", \"CVE-2019-10126\", \"CVE-2019-12614\", \"CVE-2019-12456\", \"CVE-2019-12455\", \"CVE-2019-12454\", \"CVE-2019-12378\", \"CVE-2019-3846\", \"CVE-2019-12380\", \"CVE-2019-12381\", \"CVE-2019-12382\", \"CVE-2019-12379\", \"CVE-2019-11833\", \"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\", \"CVE-2019-11884\", \"CVE-2019-3900\", \"CVE-2019-9503\", \"CVE-2019-9500\", \"CVE-2019-3882\", \"CVE-2019-9857\", \"CVE-2019-8980\", \"CVE-2019-8912\", \"CVE-2019-7221\", \"CVE-2019-6974\", \"CVE-2019-7222\", \"CVE-2018-16880\", \"CVE-2019-3459\", \"CVE-2019-3460\", \"CVE-2019-3701\", \"CVE-2018-19824\", \"CVE-2018-16862\", \"CVE-2018-19407\", \"CVE-2019-13272\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-25 11:54:35 +0000 (Thu, 25 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-07-20 02:14:42 +0000 (Sat, 20 Jul 2019)\");\n script_name(\"Fedora Update for kernel FEDORA-2019-a95015e60f\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-a95015e60f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGRK5LYWBJ4E4SRI4DKX367NHYSI3VOH\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the FEDORA-2019-a95015e60f advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The kernel meta package\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~5.1.18~200.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-09T12:37:26", "description": "The remote host is missing an update for the\n ", "cvss3": {}, "published": "2019-07-31T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2019-3dbfaeac73", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7222", "CVE-2018-12126", "CVE-2019-3900", "CVE-2019-3460", "CVE-2018-19824", "CVE-2019-11478", "CVE-2019-8980", "CVE-2019-12378", "CVE-2019-9857", "CVE-2019-12380", "CVE-2019-8912", "CVE-2019-12455", "CVE-2018-12127", "CVE-2019-13631", "CVE-2018-16862", "CVE-2019-11884", "CVE-2019-12381", "CVE-2019-9500", "CVE-2019-12379", "CVE-2019-11833", "CVE-2019-9503", "CVE-2019-12456", "CVE-2019-11477", "CVE-2019-12817", "CVE-2019-7221", "CVE-2019-12614", "CVE-2019-3701", "CVE-2019-6974", "CVE-2019-3459", "CVE-2018-19407", "CVE-2019-12454", "CVE-2019-12382", "CVE-2018-16880", "CVE-2019-3846", "CVE-2019-10126", "CVE-2019-11479", "CVE-2019-11091", "CVE-2019-3882", "CVE-2018-12130"], "modified": "2019-08-08T00:00:00", "id": "OPENVAS:1361412562310876621", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876621", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876621\");\n script_version(\"2019-08-08T09:10:13+0000\");\n script_cve_id(\"CVE-2019-13631\", \"CVE-2019-12817\", \"CVE-2019-11477\", \"CVE-2019-11479\",\n \"CVE-2019-11478\", \"CVE-2019-10126\", \"CVE-2019-12614\", \"CVE-2019-12456\",\n \"CVE-2019-12455\", \"CVE-2019-12454\", \"CVE-2019-12378\", \"CVE-2019-3846\",\n \"CVE-2019-12380\", \"CVE-2019-12381\", \"CVE-2019-12382\", \"CVE-2019-12379\",\n \"CVE-2019-11833\", \"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\",\n \"CVE-2019-11091\", \"CVE-2019-11884\", \"CVE-2019-3900\", \"CVE-2019-9503\",\n \"CVE-2019-9500\", \"CVE-2019-3882\", \"CVE-2019-9857\", \"CVE-2019-8980\",\n \"CVE-2019-8912\", \"CVE-2019-7221\", \"CVE-2019-6974\", \"CVE-2019-7222\",\n \"CVE-2018-16880\", \"CVE-2019-3459\", \"CVE-2019-3460\", \"CVE-2019-3701\",\n \"CVE-2018-19824\", \"CVE-2018-16862\", \"CVE-2018-19407\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-08-08 09:10:13 +0000 (Thu, 08 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-07-31 02:21:55 +0000 (Wed, 31 Jul 2019)\");\n script_name(\"Fedora Update for kernel FEDORA-2019-3dbfaeac73\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-3dbfaeac73\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQ5BQKTI24DPSVKPOIMMGDTFKCF6ASXT\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the\n 'kernel' package(s) announced via the FEDORA-2019-3dbfaeac73 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The kernel meta package\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~5.1.20~200.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-05T18:44:52", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-07-04T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2019-69c132b061", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7222", "CVE-2018-12126", "CVE-2019-3900", "CVE-2019-3460", "CVE-2018-19824", "CVE-2019-11478", "CVE-2019-8980", "CVE-2019-12378", "CVE-2019-9857", "CVE-2019-12380", "CVE-2019-8912", "CVE-2019-12455", "CVE-2018-12127", "CVE-2018-16862", "CVE-2019-11884", "CVE-2019-12381", "CVE-2019-9500", "CVE-2019-12379", "CVE-2019-11833", "CVE-2019-9503", "CVE-2019-12456", "CVE-2019-11477", "CVE-2019-12817", "CVE-2019-7221", "CVE-2019-12614", "CVE-2019-3701", "CVE-2019-6974", "CVE-2019-3459", "CVE-2018-19407", "CVE-2019-12454", "CVE-2019-12382", "CVE-2018-16880", "CVE-2019-3846", "CVE-2019-10126", "CVE-2019-11479", "CVE-2019-11091", "CVE-2019-3882", "CVE-2018-12130"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310876555", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876555", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876555\");\n script_version(\"2019-07-04T09:58:18+0000\");\n script_cve_id(\"CVE-2019-12817\", \"CVE-2019-11477\", \"CVE-2019-11479\", \"CVE-2019-11478\", \"CVE-2019-10126\", \"CVE-2019-12614\", \"CVE-2019-12456\", \"CVE-2019-12455\", \"CVE-2019-12454\", \"CVE-2019-12378\", \"CVE-2019-3846\", \"CVE-2019-12380\", \"CVE-2019-12381\", \"CVE-2019-12382\", \"CVE-2019-12379\", \"CVE-2019-11833\", \"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\", \"CVE-2019-11884\", \"CVE-2019-3900\", \"CVE-2019-9503\", \"CVE-2019-9500\", \"CVE-2019-3882\", \"CVE-2019-9857\", \"CVE-2019-8980\", \"CVE-2019-8912\", \"CVE-2019-7221\", \"CVE-2019-6974\", \"CVE-2019-7222\", \"CVE-2018-16880\", \"CVE-2019-3459\", \"CVE-2019-3460\", \"CVE-2019-3701\", \"CVE-2018-19824\", \"CVE-2018-16862\", \"CVE-2018-19407\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:58:18 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-07-04 02:12:47 +0000 (Thu, 04 Jul 2019)\");\n script_name(\"Fedora Update for kernel FEDORA-2019-69c132b061\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-69c132b061\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OTLN3KQYEEWWAJYA4BUYYDMWWXCJQNV2\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the FEDORA-2019-69c132b061 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The kernel meta package\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~5.1.15~200.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-16T14:45:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-08-14T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4497-1 (linux - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8553", "CVE-2019-3900", "CVE-2019-14284", "CVE-2019-10639", "CVE-2019-13648", "CVE-2018-5995", "CVE-2019-13631", "CVE-2019-10207", "CVE-2019-10638", "CVE-2018-20856", "CVE-2017-18509", "CVE-2015-2150", "CVE-2019-3882", "CVE-2019-1125", "CVE-2018-20836", "CVE-2019-14283"], "modified": "2019-08-16T00:00:00", "id": "OPENVAS:1361412562310704497", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704497", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704497\");\n script_version(\"2019-08-16T08:19:10+0000\");\n script_cve_id(\"CVE-2015-2150\", \"CVE-2015-8553\", \"CVE-2017-18509\", \"CVE-2018-20836\", \"CVE-2018-20856\", \"CVE-2018-5995\", \"CVE-2019-10207\", \"CVE-2019-10638\", \"CVE-2019-10639\", \"CVE-2019-1125\", \"CVE-2019-13631\", \"CVE-2019-13648\", \"CVE-2019-14283\", \"CVE-2019-14284\", \"CVE-2019-3882\", \"CVE-2019-3900\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-08-16 08:19:10 +0000 (Fri, 16 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-08-14 02:01:31 +0000 (Wed, 14 Aug 2019)\");\n script_name(\"Debian Security Advisory DSA 4497-1 (linux - security update)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2019/dsa-4497.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DSA-4497-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the DSA-4497-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2015-8553Jan Beulich discovered that CVE-2015-2150\nwas not completely\naddressed. If a PCI physical function is passed through to a\nXen guest, the guest is able to access its memory and I/O\nregions before enabling decoding of those regions. This could\nresult in a denial-of-service (unexpected NMI) on the host.\n\nThe fix for this is incompatible with qemu versions before 2.5.\n\nCVE-2017-18509\nDenis Andzakovic reported a missing type check in the IPv4 multicast\nrouting implementation. A user with the CAP_NET_ADMIN capability (in\nany user namespace) could use this for denial-of-service (memory\ncorruption or crash) or possibly for privilege escalation.\n\nCVE-2018-5995\nADLab of VenusTech discovered that the kernel logged the virtual\naddresses assigned to per-CPU data, which could make it easier to\nexploit other vulnerabilities.\n\nCVE-2018-20836\nchenxiang reported a race condition in libsas, the kernel\nsubsystem supporting Serial Attached SCSI (SAS) devices, which\ncould lead to a use-after-free. It is not clear how this might be\nexploited.\n\nCVE-2018-20856\nXiao Jin reported a potential double-free in the block subsystem,\nin case an error occurs while initialising the I/O scheduler for a\nblock device. It is not clear how this might be exploited.\n\nCVE-2019-1125\nIt was discovered that most x86 processors could speculatively\nskip a conditional SWAPGS instruction used when entering the\nkernel from user mode, and/or could speculatively execute it when\nit should be skipped. This is a subtype of Spectre variant 1,\nwhich could allow local users to obtain sensitive information from\nthe kernel or other processes. It has been mitigated by using\nmemory barriers to limit speculative execution. Systems using an\ni386 kernel are not affected as the kernel does not use SWAPGS.\n\nCVE-2019-3882\nIt was found that the vfio implementation did not limit the number\nof DMA mappings to device memory. A local user granted ownership\nof a vfio device could use this to cause a denial of service\n(out-of-memory condition).\n\nCVE-2019-3900\nIt was discovered that vhost drivers did not properly control the\namount of work done to service requests from guest VMs. A\nmalicious guest could use this to cause a denial-of-service\n(unbounded CPU usage) on the host.\n\nCVE-2019-10207\nThe syzkaller tool found a potential null dereference in various\ndrivers for UART-attached Bluetooth adapters. A local user with\naccess to a pty device or other suitable tty device could use this\nfor denial-of-service (BUG/oops).\n\nCVE-20 ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'linux' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For the oldstable distribution (stretch), these problems have been fixed\nin version 4.9.168-1+deb9u5.\n\nFor the stable distribution (buster), these problems were mostly fixed\nin version 4.19.37-5+deb10u2 or earlier.\n\nWe recommend that you upgrade your linux packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"hyperv-daemons\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcpupower-dev\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcpupower1\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libusbip-dev\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-compiler-gcc-6-arm\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-compiler-gcc-6-s390\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-compiler-gcc-6-x86\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-cpupower\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-doc-4.9\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-4kc-malta\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-5kc-malta\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-686\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-686-pae\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-amd64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-arm64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-armel\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-armhf\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-i386\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-mips\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-mips64el\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-mipsel\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-ppc64el\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-s390x\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-amd64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-arm64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-armmp\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-armmp-lpae\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-common\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-common-rt\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-loongson-3\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-marvell\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-octeon\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-powerpc64le\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-rt-686-pae\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-rt-amd64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-s390x\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-4kc-malta\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-5kc-malta\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-686\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-686-pae\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-amd64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-arm64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-armel\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-armhf\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-i386\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-mips\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-mips64el\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-mipsel\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-ppc64el\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-s390x\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-amd64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-arm64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-armmp\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-armmp-lpae\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-common\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-common-rt\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-loongson-3\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-marvell\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-octeon\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-powerpc64le\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-rt-686-pae\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-rt-amd64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-s390x\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-4kc-malta\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-5kc-malta\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-686\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-686-pae\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-amd64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-arm64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-armel\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-armhf\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-i386\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-mips\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-mips64el\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-mipsel\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-ppc64el\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-s390x\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-amd64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-arm64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-armmp\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-armmp-lpae\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-common\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-common-rt\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-loongson-3\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-marvell\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-octeon\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-powerpc64le\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-rt-686-pae\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-rt-amd64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-s390x\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-4kc-malta\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-5kc-malta\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-686\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-686-pae\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-all\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-all-amd64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-all-arm64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-all-armel\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-all-armhf\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-all-i386\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-all-mips\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-all-mips64el\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-all-mipsel\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-all-ppc64el\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-all-s390x\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-amd64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-arm64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-armmp\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-armmp-lpae\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-common\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-common-rt\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-loongson-3\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-marvell\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-octeon\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-powerpc64le\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-rt-686-pae\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-rt-amd64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-s390x\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-4kc-malta\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-5kc-malta\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-686\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-686-pae\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-all\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-all-amd64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-all-arm64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-all-armel\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-all-armhf\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-all-i386\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-all-mips\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-all-mips64el\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-all-mipsel\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-all-ppc64el\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-all-s390x\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-amd64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-arm64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-armmp\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-armmp-lpae\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-common\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-common-rt\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-loongson-3\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-marvell\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-octeon\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-powerpc64le\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-rt-686-pae\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-rt-amd64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-s390x\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-4kc-malta\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-5kc-malta\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-686\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-686-pae\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-all\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-all-amd64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-all-arm64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-all-armel\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-all-armhf\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-all-i386\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-all-mips\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-all-mips64el\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-all-mipsel\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-all-ppc64el\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-all-s390x\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-amd64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-arm64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-armmp\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-armmp-lpae\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-common\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-common-rt\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-loongson-3\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-marvell\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-octeon\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-powerpc64le\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-rt-686-pae\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-rt-amd64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-s390x\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-4kc-malta\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-5kc-malta\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-686\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-686-pae\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-all\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-all-amd64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-all-arm64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-all-armel\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-all-armhf\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-all-i386\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-all-mips\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-all-mips64el\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-all-mipsel\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-all-ppc64el\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-all-s390x\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-amd64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-arm64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-armmp\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-armmp-lpae\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-common\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-common-rt\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-loongson-3\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-marvell\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-octeon\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-powerpc64le\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-rt-686-pae\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-rt-amd64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-9-s390x\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-4kc-malta\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-4kc-malta-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-5kc-malta\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-5kc-malta-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-686\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-686-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-686-pae\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-686-pae-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-amd64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-amd64-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-arm64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-arm64-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-armmp\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-armmp-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-armmp-lpae\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-armmp-lpae-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-loongson-3\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-loongson-3-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-marvell\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-marvell-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-octeon\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-octeon-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-powerpc64le\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-powerpc64le-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-rt-686-pae\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-rt-686-pae-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-rt-amd64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-rt-amd64-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-s390x\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-s390x-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-4kc-malta\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-4kc-malta-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-5kc-malta\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-5kc-malta-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-686\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-686-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-686-pae\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-686-pae-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-amd64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-amd64-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-arm64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-arm64-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-armmp\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-armmp-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-armmp-lpae\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-armmp-lpae-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-loongson-3\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-loongson-3-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-marvell\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-marvell-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-octeon\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-octeon-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-powerpc64le\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-powerpc64le-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-rt-686-pae\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-rt-686-pae-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-rt-amd64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-rt-amd64-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-s390x\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-s390x-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-4kc-malta\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-4kc-malta-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-5kc-malta\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-5kc-malta-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-686\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-686-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-686-pae\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-686-pae-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-amd64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-amd64-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-arm64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-arm64-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-armmp\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-armmp-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-armmp-lpae\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-armmp-lpae-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-loongson-3\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-loongson-3-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-marvell\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-marvell-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-octeon\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-octeon-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-powerpc64le\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-powerpc64le-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-rt-686-pae\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-rt-686-pae-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-rt-amd64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-rt-amd64-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-s390x\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-s390x-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-4kc-malta\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-4kc-malta-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-5kc-malta\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-5kc-malta-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-686\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-686-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-686-pae\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-686-pae-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-amd64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-amd64-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-arm64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-arm64-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-armmp\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-armmp-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-armmp-lpae\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-armmp-lpae-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-loongson-3\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-loongson-3-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-marvell\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-marvell-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-octeon\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-octeon-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-powerpc64le\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-powerpc64le-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-rt-686-pae\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-rt-686-pae-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-rt-amd64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-rt-amd64-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-s390x\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-s390x-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-4kc-malta\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-4kc-malta-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-5kc-malta\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-5kc-malta-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-686\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-686-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-686-pae\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-686-pae-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-amd64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-amd64-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-arm64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-arm64-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-armmp\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-armmp-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-armmp-lpae\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-armmp-lpae-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-loongson-3\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-loongson-3-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-marvell\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-marvell-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-octeon\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-octeon-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-powerpc64le\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-powerpc64le-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-rt-686-pae\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-rt-686-pae-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-rt-amd64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-rt-amd64-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-s390x\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-s390x-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-4kc-malta\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-4kc-malta-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-5kc-malta\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-5kc-malta-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-686\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-686-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-686-pae\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-686-pae-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-amd64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-amd64-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-arm64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-arm64-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-armmp\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-armmp-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-armmp-lpae\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-armmp-lpae-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-loongson-3\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-loongson-3-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-marvell\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-marvell-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-octeon\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-octeon-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-powerpc64le\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-powerpc64le-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-rt-686-pae\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-rt-686-pae-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-rt-amd64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-rt-amd64-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-s390x\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-s390x-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-4kc-malta\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-4kc-malta-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-5kc-malta\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-5kc-malta-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-686\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-686-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-686-pae\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-686-pae-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-amd64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-amd64-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-arm64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-arm64-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-armmp\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-armmp-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-armmp-lpae\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-armmp-lpae-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-loongson-3\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-loongson-3-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-marvell\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-marvell-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-octeon\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-octeon-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-powerpc64le\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-powerpc64le-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-rt-686-pae\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-rt-686-pae-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-rt-amd64\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-rt-amd64-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-s390x\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-9-s390x-dbg\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-kbuild-4.9\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-manual-4.9\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-perf-4.9\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-source-4.9\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-4.9.0-3\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-4.9.0-4\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-4.9.0-5\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-4.9.0-6\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-4.9.0-7\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-4.9.0-8\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-4.9.0-9\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"usbip\", ver:\"4.9.168-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-23T14:52:41", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-03-19T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2020-1269)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-15538", "CVE-2019-15807", "CVE-2019-12378", "CVE-2019-19062", "CVE-2018-7191", "CVE-2019-15921", "CVE-2018-16871", "CVE-2019-12381", "CVE-2019-18805", "CVE-2018-16884", "CVE-2018-20856", "CVE-2018-20976", "CVE-2019-14821", "CVE-2019-16994", "CVE-2013-4343", "CVE-2017-5897", "CVE-2019-3882"], "modified": "2020-03-19T00:00:00", "id": "OPENVAS:1361412562311220201269", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201269", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1269\");\n script_version(\"2020-03-19T13:43:06+0000\");\n script_cve_id(\"CVE-2017-5897\", \"CVE-2018-16871\", \"CVE-2018-16884\", \"CVE-2018-20856\", \"CVE-2018-20976\", \"CVE-2018-7191\", \"CVE-2019-12378\", \"CVE-2019-12381\", \"CVE-2019-14821\", \"CVE-2019-15538\", \"CVE-2019-15807\", \"CVE-2019-15921\", \"CVE-2019-16994\", \"CVE-2019-18805\", \"CVE-2019-19062\", \"CVE-2019-3882\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-03-19 13:43:06 +0000 (Thu, 19 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-19 13:43:06 +0000 (Thu, 19 Mar 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2020-1269)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.2\\.2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1269\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1269\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2020-1269 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343.(CVE-2018-7191)\n\nA memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042.(CVE-2019-19062)\n\nAn issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.(CVE-2019-18805)\n\nIn the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn-fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a.(CVE-2019-16994)\n\nAn issue was discovered in the Linux kernel before 5.0.6. There is a memory leak issue when idr_alloc() fails in genl_register_family() in net/netlink/genetlink.c.(CVE-2019-15921)\n\nIn the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service.(CVE-2019-15807)\n\nAn issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS.(CVE-2019-15538)\n\nAn out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring-first' and 'ring-last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.(CVE-2019-14821)\n\n** DISPUTED ** An issue was discovered in ip_ra_control in net/ipv4 ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization 3.0.2.2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.2.2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~862.14.1.6_72\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~862.14.1.6_72\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~862.14.1.6_72\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~862.14.1.6_72\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~862.14.1.6_72\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~862.14.1.6_72\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~862.14.1.6_72\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~862.14.1.6_72\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:32:11", "description": "The remote host is missing an update for the\n ", "cvss3": {}, "published": "2019-04-17T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2019-ce2933b003", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7222", "CVE-2018-13053", "CVE-2018-1108", "CVE-2018-12633", "CVE-2019-3460", "CVE-2019-3887", "CVE-2018-10840", "CVE-2018-13405", "CVE-2018-13095", "CVE-2018-19824", "CVE-2018-12714", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-19406", "CVE-2018-10853", "CVE-2019-8980", "CVE-2019-9857", "CVE-2018-13093", "CVE-2018-17182", "CVE-2019-8912", "CVE-2018-14734", "CVE-2018-16862", "CVE-2018-3646", "CVE-2018-1120", "CVE-2018-5391", "CVE-2018-18710", "CVE-2018-3620", "CVE-2019-7221", "CVE-2018-10322", "CVE-2018-15471", "CVE-2019-3701", "CVE-2018-10323", "CVE-2019-6974", "CVE-2019-3459", "CVE-2018-14678", "CVE-2018-19407", "CVE-2018-14633", "CVE-2018-16880", "CVE-2018-3639", "CVE-2019-3882", "CVE-2018-12896", "CVE-2018-13094"], "modified": "2019-04-19T00:00:00", "id": "OPENVAS:1361412562310875566", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875566", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875566\");\n script_version(\"2019-04-19T05:29:08+0000\");\n script_cve_id(\"CVE-2019-3882\", \"CVE-2019-9857\", \"CVE-2019-8980\", \"CVE-2019-8912\",\n \"CVE-2019-7221\", \"CVE-2019-6974\", \"CVE-2019-7222\", \"CVE-2018-16880\",\n \"CVE-2019-3459\", \"CVE-2019-3460\", \"CVE-2019-3701\", \"CVE-2018-19406\",\n \"CVE-2018-19824\", \"CVE-2018-16862\", \"CVE-2018-19407\", \"CVE-2018-18710\",\n \"CVE-2018-14633\", \"CVE-2018-17182\", \"CVE-2018-5391\", \"CVE-2018-15471\",\n \"CVE-2018-3620\", \"CVE-2018-3646\", \"CVE-2018-14734\", \"CVE-2018-14678\",\n \"CVE-2018-13405\", \"CVE-2018-13053\", \"CVE-2018-12896\", \"CVE-2018-13093\",\n \"CVE-2018-13094\", \"CVE-2018-13095\", \"CVE-2018-12714\", \"CVE-2018-12633\",\n \"CVE-2018-12232\", \"CVE-2018-10853\", \"CVE-2018-11506\", \"CVE-2018-10840\",\n \"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\", \"CVE-2018-10323\",\n \"CVE-2018-1108\", \"CVE-2019-3887\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-04-19 05:29:08 +0000 (Fri, 19 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-04-17 02:11:41 +0000 (Wed, 17 Apr 2019)\");\n script_name(\"Fedora Update for kernel FEDORA-2019-ce2933b003\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2019-ce2933b003\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/URA4E6PUR6HLD2KUVOF5NNDAR7YUTO26\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the\n 'kernel' package(s) announced via the FEDORA-2019-ce2933b003 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The kernel meta package\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC28\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~5.0.7~100.fc28\", rls:\"FC28\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-15T14:36:22", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2019-6bda4c81f4", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7222", "CVE-2018-12126", "CVE-2019-3900", "CVE-2019-3460", "CVE-2018-19824", "CVE-2019-11478", "CVE-2019-8980", "CVE-2019-12378", "CVE-2019-9857", "CVE-2019-12380", "CVE-2019-8912", "CVE-2019-12455", "CVE-2018-12127", "CVE-2019-13631", "CVE-2018-16862", "CVE-2019-11884", "CVE-2019-12381", "CVE-2019-9500", "CVE-2019-12379", "CVE-2019-11833", "CVE-2019-9503", "CVE-2019-12456", "CVE-2019-11477", "CVE-2019-12817", "CVE-2019-7221", "CVE-2019-12614", "CVE-2019-3701", "CVE-2019-6974", "CVE-2019-3459", "CVE-2018-19407", "CVE-2019-12454", "CVE-2019-12382", "CVE-2018-16880", "CVE-2019-3846", "CVE-2019-10126", "CVE-2019-11479", "CVE-2019-11091", "CVE-2019-3882", "CVE-2019-1125", "CVE-2018-12130"], "modified": "2019-08-14T00:00:00", "id": "OPENVAS:1361412562310876666", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876666", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876666\");\n script_version(\"2019-08-14T07:16:43+0000\");\n script_cve_id(\"CVE-2019-13631\", \"CVE-2019-12817\", \"CVE-2019-11477\", \"CVE-2019-11479\", \"CVE-2019-11478\", \"CVE-2019-10126\", \"CVE-2019-12614\", \"CVE-2019-12456\", \"CVE-2019-12455\", \"CVE-2019-12454\", \"CVE-2019-12378\", \"CVE-2019-3846\", \"CVE-2019-12380\", \"CVE-2019-12381\", \"CVE-2019-12382\", \"CVE-2019-12379\", \"CVE-2019-11833\", \"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\", \"CVE-2019-11884\", \"CVE-2019-3900\", \"CVE-2019-9503\", \"CVE-2019-9500\", \"CVE-2019-3882\", \"CVE-2019-9857\", \"CVE-2019-8980\", \"CVE-2019-8912\", \"CVE-2019-7221\", \"CVE-2019-6974\", \"CVE-2019-7222\", \"CVE-2018-16880\", \"CVE-2019-3459\", \"CVE-2019-3460\", \"CVE-2019-3701\", \"CVE-2018-19824\", \"CVE-2018-16862\", \"CVE-2018-19407\", \"CVE-2019-1125\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-08-14 07:16:43 +0000 (Wed, 14 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-08-12 02:26:16 +0000 (Mon, 12 Aug 2019)\");\n script_name(\"Fedora Update for kernel FEDORA-2019-6bda4c81f4\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-6bda4c81f4\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UUM3R7FIE5MZCMLQGAJKYDO652PHZCCU\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the FEDORA-2019-6bda4c81f4 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The kernel meta package\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~5.2.7~100.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:17", "description": "The remote host is missing an update for the\n ", "cvss3": {}, "published": "2019-04-09T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2019-65c6d11eba", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7222", "CVE-2018-13053", "CVE-2018-1108", "CVE-2018-12633", "CVE-2019-3460", "CVE-2018-10840", "CVE-2018-13405", "CVE-2018-13095", "CVE-2018-19824", "CVE-2018-12714", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-19406", "CVE-2018-10853", "CVE-2019-8980", "CVE-2019-9857", "CVE-2018-13093", "CVE-2018-17182", "CVE-2019-8912", "CVE-2018-14734", "CVE-2018-16862", "CVE-2018-3646", "CVE-2018-1120", "CVE-2018-5391", "CVE-2018-18710", "CVE-2018-3620", "CVE-2019-7221", "CVE-2018-10322", "CVE-2018-15471", "CVE-2019-3701", "CVE-2018-10323", "CVE-2019-6974", "CVE-2019-3459", "CVE-2018-14678", "CVE-2018-19407", "CVE-2018-14633", "CVE-2018-16880", "CVE-2018-3639", "CVE-2019-3882", "CVE-2018-12896", "CVE-2018-13094"], "modified": "2019-04-12T00:00:00", "id": "OPENVAS:1361412562310875559", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875559", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875559\");\n script_version(\"2019-04-12T12:30:40+0000\");\n script_cve_id(\"CVE-2019-3882\", \"CVE-2019-9857\", \"CVE-2019-8980\", \"CVE-2019-8912\",\n \"CVE-2019-7221\", \"CVE-2019-6974\", \"CVE-2019-7222\", \"CVE-2018-16880\",\n \"CVE-2019-3459\", \"CVE-2019-3460\", \"CVE-2019-3701\", \"CVE-2018-19406\",\n \"CVE-2018-19824\", \"CVE-2018-16862\", \"CVE-2018-19407\", \"CVE-2018-18710\",\n \"CVE-2018-14633\", \"CVE-2018-17182\", \"CVE-2018-5391\", \"CVE-2018-15471\",\n \"CVE-2018-3620\", \"CVE-2018-3646\", \"CVE-2018-14734\", \"CVE-2018-14678\",\n \"CVE-2018-13405\", \"CVE-2018-13053\", \"CVE-2018-12896\", \"CVE-2018-13093\",\n \"CVE-2018-13094\", \"CVE-2018-13095\", \"CVE-2018-12714\", \"CVE-2018-12633\",\n \"CVE-2018-12232\", \"CVE-2018-10853\", \"CVE-2018-11506\", \"CVE-2018-10840\",\n \"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\", \"CVE-2018-10323\",\n \"CVE-2018-1108\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-04-12 12:30:40 +0000 (Fri, 12 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-04-09 02:08:21 +0000 (Tue, 09 Apr 2019)\");\n script_name(\"Fedora Update for kernel FEDORA-2019-65c6d11eba\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2019-65c6d11eba\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L2CCTWJO62IXCZREMJLQCQN55W7UN44B\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the\n 'kernel' package(s) announced via the FEDORA-2019-65c6d11eba advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The kernel meta package\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC28\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~5.0.6~100.fc28\", rls:\"FC28\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:15", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-04-29T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2019-1b986880ea", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7222", "CVE-2018-13053", "CVE-2018-1108", "CVE-2018-12633", "CVE-2019-3460", "CVE-2018-10840", "CVE-2018-13405", "CVE-2018-13095", "CVE-2018-19824", "CVE-2018-12714", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-19406", "CVE-2018-10853", "CVE-2019-8980", "CVE-2019-9857", "CVE-2018-13093", "CVE-2018-17182", "CVE-2019-8912", "CVE-2018-14734", "CVE-2018-16862", "CVE-2018-3646", "CVE-2018-1120", "CVE-2018-5391", "CVE-2019-9500", "CVE-2018-18710", "CVE-2018-3620", "CVE-2019-7221", "CVE-2018-10322", "CVE-2018-15471", "CVE-2019-3701", "CVE-2018-10323", "CVE-2019-6974", "CVE-2019-3459", "CVE-2018-14678", "CVE-2018-19407", "CVE-2018-14633", "CVE-2018-16880", "CVE-2018-3639", "CVE-2019-3882", "CVE-2018-12896", "CVE-2018-13094"], "modified": "2019-04-30T00:00:00", "id": "OPENVAS:1361412562310875577", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875577", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875577\");\n script_version(\"2019-04-30T06:40:08+0000\");\n script_cve_id(\"CVE-2019-9500\", \"CVE-2019-3882\", \"CVE-2019-9857\", \"CVE-2019-8980\", \"CVE-2019-8912\", \"CVE-2019-7221\", \"CVE-2019-6974\", \"CVE-2019-7222\", \"CVE-2018-16880\", \"CVE-2019-3459\", \"CVE-2019-3460\", \"CVE-2019-3701\", \"CVE-2018-19406\", \"CVE-2018-19824\", \"CVE-2018-16862\", \"CVE-2018-19407\", \"CVE-2018-18710\", \"CVE-2018-14633\", \"CVE-2018-17182\", \"CVE-2018-5391\", \"CVE-2018-15471\", \"CVE-2018-3620\", \"CVE-2018-3646\", \"CVE-2018-14734\", \"CVE-2018-14678\", \"CVE-2018-13405\", \"CVE-2018-13053\", \"CVE-2018-12896\", \"CVE-2018-13093\", \"CVE-2018-13094\", \"CVE-2018-13095\", \"CVE-2018-12714\", \"CVE-2018-12633\", \"CVE-2018-12232\", \"CVE-2018-10853\", \"CVE-2018-11506\", \"CVE-2018-10840\", \"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\", \"CVE-2018-10323\", \"CVE-2018-1108\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-04-30 06:40:08 +0000 (Tue, 30 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-04-29 02:12:19 +0000 (Mon, 29 Apr 2019)\");\n script_name(\"Fedora Update for kernel FEDORA-2019-1b986880ea\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2019-1b986880ea\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GZPZFJALW3NA4HGWNR4X2C3CWXDIWG3M\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the FEDORA-2019-1b986880ea advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The kernel meta package\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC28\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~5.0.9~100.fc28\", rls:\"FC28\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-05T16:35:33", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1535)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-4692", "CVE-2015-4177", "CVE-2016-9793", "CVE-2018-5333", "CVE-2014-1737", "CVE-2013-2929", "CVE-2013-7348", "CVE-2014-1738", "CVE-2019-9857", "CVE-2016-1583", "CVE-2013-6382", "CVE-2016-2064", "CVE-2016-5829", "CVE-2017-9986", "CVE-2016-3140", "CVE-2013-7271", "CVE-2016-7912", "CVE-2017-7487", "CVE-2014-8172", "CVE-2015-4167", "CVE-2017-16645"], "modified": "2020-02-05T00:00:00", "id": "OPENVAS:1361412562311220191535", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191535", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1535\");\n script_version(\"2020-02-05T08:56:28+0000\");\n script_cve_id(\"CVE-2013-2929\", \"CVE-2013-6382\", \"CVE-2013-7271\", \"CVE-2013-7348\", \"CVE-2014-1738\", \"CVE-2014-8172\", \"CVE-2015-4167\", \"CVE-2015-4177\", \"CVE-2015-4692\", \"CVE-2016-1583\", \"CVE-2016-2064\", \"CVE-2016-3140\", \"CVE-2016-5829\", \"CVE-2016-7912\", \"CVE-2016-9793\", \"CVE-2017-16645\", \"CVE-2017-7487\", \"CVE-2017-9986\", \"CVE-2018-5333\", \"CVE-2019-9857\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-05 08:56:28 +0000 (Wed, 05 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:07:51 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1535)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1535\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1535\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1535 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel, through 4.13.11, allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16645)\n\nIt was found that due to excessive files_lock locking, a soft lockup could be triggered in the Linux kernel when performing asynchronous I/O operations. A local, unprivileged user could use this flaw to crash the system.(CVE-2014-8172)\n\nA flaw was discovered in the kernel's collect_mounts function. If the kernel's audit subsystem called collect_mounts to audit an unmounted path, it could panic the system. With this flaw, an unprivileged user could call umount(MNT_DETACH) to launch a denial-of-service attack.(CVE-2015-4177)\n\nA flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. (CVE-2014-1737, Important) was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement. (CVE-2014-1738, Low)Note: A local user with write access to /dev/fdX could use these two flaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate their privileges on the system.(CVE-2014-1738)\n\nA reference counter leak in Linux kernel in ipxitf_ioctl function was found which results in a use after free vulnerability that's triggerable from unprivileged userspace when IPX interface is configured.(CVE-2017-7487)\n\nThe x25_recvmsg function in net/x25/af_x25.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.(CVE-2013-7271)\n\nAn inode data validation error was found in Linux kernels built with UDF file system (CONFIG_UDF_FS) support. An attacker able to mount a corrupted/malicious UDF file system image could cause the kernel to crash.(CVE-2015-4167)\n\nDouble free vulnerability in the ioctx_alloc function in fs/aio.c in the Linux kernel before 3.12.4 allows local users to cause a denial of service (system crash) or possibly have unspecified other imp ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:15", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-08T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2019-a6cd583a8d", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7222", "CVE-2018-13053", "CVE-2018-1108", "CVE-2019-3900", "CVE-2018-12633", "CVE-2019-3460", "CVE-2018-10840", "CVE-2018-13405", "CVE-2018-13095", "CVE-2018-19824", "CVE-2018-12714", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-19406", "CVE-2018-10853", "CVE-2019-8980", "CVE-2019-9857", "CVE-2018-13093", "CVE-2018-17182", "CVE-2019-8912", "CVE-2018-14734", "CVE-2018-16862", "CVE-2018-3646", "CVE-2018-1120", "CVE-2018-5391", "CVE-2019-9500", "CVE-2018-18710", "CVE-2019-9503", "CVE-2018-3620", "CVE-2019-7221", "CVE-2018-10322", "CVE-2018-15471", "CVE-2019-3701", "CVE-2018-10323", "CVE-2019-6974", "CVE-2019-3459", "CVE-2018-14678", "CVE-2018-19407", "CVE-2018-14633", "CVE-2018-16880", "CVE-2018-3639", "CVE-2019-3882", "CVE-2018-12896", "CVE-2018-13094"], "modified": "2019-05-17T00:00:00", "id": "OPENVAS:1361412562310876322", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876322", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876322\");\n script_version(\"2019-05-17T10:04:07+0000\");\n script_cve_id(\"CVE-2019-3900\", \"CVE-2019-9503\", \"CVE-2019-9500\", \"CVE-2019-3882\", \"CVE-2019-9857\", \"CVE-2019-8980\", \"CVE-2019-8912\", \"CVE-2019-7221\", \"CVE-2019-6974\", \"CVE-2019-7222\", \"CVE-2018-16880\", \"CVE-2019-3459\", \"CVE-2019-3460\", \"CVE-2019-3701\", \"CVE-2018-19406\", \"CVE-2018-19824\", \"CVE-2018-16862\", \"CVE-2018-19407\", \"CVE-2018-18710\", \"CVE-2018-14633\", \"CVE-2018-17182\", \"CVE-2018-5391\", \"CVE-2018-15471\", \"CVE-2018-3620\", \"CVE-2018-3646\", \"CVE-2018-14734\", \"CVE-2018-14678\", \"CVE-2018-13405\", \"CVE-2018-13053\", \"CVE-2018-12896\", \"CVE-2018-13093\", \"CVE-2018-13094\", \"CVE-2018-13095\", \"CVE-2018-12714\", \"CVE-2018-12633\", \"CVE-2018-12232\", \"CVE-2018-10853\", \"CVE-2018-11506\", \"CVE-2018-10840\", \"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\", \"CVE-2018-10323\", \"CVE-2018-1108\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:04:07 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-08 02:10:09 +0000 (Wed, 08 May 2019)\");\n script_name(\"Fedora Update for kernel FEDORA-2019-a6cd583a8d\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2019-a6cd583a8d\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RI3WXXM5URTZSR3RVEKO6MDXDFIKTZ5R\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the FEDORA-2019-a6cd583a8d advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The kernel meta package\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC28\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~5.0.11~100.fc28\", rls:\"FC28\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-09-06T18:49:52", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-09-05T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2019-97380355ae", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-14815", "CVE-2019-7222", "CVE-2019-14816", "CVE-2018-12126", "CVE-2019-3900", "CVE-2019-15538", "CVE-2019-3460", "CVE-2018-19824", "CVE-2019-11478", "CVE-2019-15505", "CVE-2019-15504", "CVE-2019-8980", "CVE-2019-12378", "CVE-2019-9857", "CVE-2019-12380", "CVE-2019-8912", "CVE-2019-12455", "CVE-2018-12127", "CVE-2019-13631", "CVE-2018-16862", "CVE-2019-11884", "CVE-2019-12381", "CVE-2019-9500", "CVE-2019-12379", "CVE-2019-11833", "CVE-2019-9503", "CVE-2019-12456", "CVE-2019-11477", "CVE-2019-12817", "CVE-2019-7221", "CVE-2019-12614", "CVE-2019-3701", "CVE-2019-6974", "CVE-2019-3459", "CVE-2018-19407", "CVE-2019-12454", "CVE-2019-12382", "CVE-2018-16880", "CVE-2019-3846", "CVE-2019-14814", "CVE-2019-10126", "CVE-2019-11479", "CVE-2019-11091", "CVE-2019-3882", "CVE-2018-12130"], "modified": "2019-09-05T00:00:00", "id": "OPENVAS:1361412562310876750", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876750", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876750\");\n script_version(\"2019-09-05T09:53:24+0000\");\n script_cve_id(\"CVE-2019-15504\", \"CVE-2019-15505\", \"CVE-2019-15538\", \"CVE-2019-14814\", \"CVE-2019-14815\", \"CVE-2019-14816\", \"CVE-2019-13631\", \"CVE-2019-12817\", \"CVE-2019-11477\", \"CVE-2019-11479\", \"CVE-2019-11478\", \"CVE-2019-10126\", \"CVE-2019-12614\", \"CVE-2019-12456\", \"CVE-2019-12455\", \"CVE-2019-12454\", \"CVE-2019-12378\", \"CVE-2019-3846\", \"CVE-2019-12380\", \"CVE-2019-12381\", \"CVE-2019-12382\", \"CVE-2019-12379\", \"CVE-2019-11833\", \"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\", \"CVE-2019-11884\", \"CVE-2019-3900\", \"CVE-2019-9503\", \"CVE-2019-9500\", \"CVE-2019-3882\", \"CVE-2019-9857\", \"CVE-2019-8980\", \"CVE-2019-8912\", \"CVE-2019-7221\", \"CVE-2019-6974\", \"CVE-2019-7222\", \"CVE-2018-16880\", \"CVE-2019-3459\", \"CVE-2019-3460\", \"CVE-2019-3701\", \"CVE-2018-19824\", \"CVE-2018-16862\", \"CVE-2018-19407\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-09-05 09:53:24 +0000 (Thu, 05 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-09-05 02:25:58 +0000 (Thu, 05 Sep 2019)\");\n script_name(\"Fedora Update for kernel FEDORA-2019-97380355ae\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-97380355ae\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KLNV46Z4ACM4EIPHNHFAS4JA7KJTZCU\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the FEDORA-2019-97380355ae advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The kernel meta package\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~5.2.11~100.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-04T18:40:37", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-10-04T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2019-a570a92d5a", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-14815", "CVE-2019-7222", "CVE-2019-14816", "CVE-2018-12126", "CVE-2019-3900", "CVE-2019-15538", "CVE-2019-3460", "CVE-2018-19824", "CVE-2019-11478", "CVE-2019-15505", "CVE-2019-15504", "CVE-2019-8980", "CVE-2019-12378", "CVE-2019-9857", "CVE-2019-12380", "CVE-2019-8912", "CVE-2019-12455", "CVE-2018-12127", "CVE-2019-13631", "CVE-2018-16862", "CVE-2019-11884", "CVE-2019-12381", "CVE-2019-9500", "CVE-2019-12379", "CVE-2019-11833", "CVE-2019-14835", "CVE-2019-9503", "CVE-2019-12456", "CVE-2019-11477", "CVE-2019-12817", "CVE-2019-7221", "CVE-2019-12614", "CVE-2019-3701", "CVE-2019-6974", "CVE-2019-3459", "CVE-2018-19407", "CVE-2019-12454", "CVE-2019-12382", "CVE-2019-14821", "CVE-2018-16880", "CVE-2019-3846", "CVE-2019-14814", "CVE-2019-10126", "CVE-2019-11479", "CVE-2019-11091", "CVE-2019-3882", "CVE-2018-12130"], "modified": "2019-10-04T00:00:00", "id": "OPENVAS:1361412562310876869", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876869", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876869\");\n script_version(\"2019-10-04T07:25:00+0000\");\n script_cve_id(\"CVE-2019-14821\", \"CVE-2019-15504\", \"CVE-2019-15505\", \"CVE-2019-15538\", \"CVE-2019-14814\", \"CVE-2019-14815\", \"CVE-2019-14816\", \"CVE-2019-13631\", \"CVE-2019-12817\", \"CVE-2019-11477\", \"CVE-2019-11479\", \"CVE-2019-11478\", \"CVE-2019-10126\", \"CVE-2019-12614\", \"CVE-2019-12456\", \"CVE-2019-12455\", \"CVE-2019-12454\", \"CVE-2019-12378\", \"CVE-2019-3846\", \"CVE-2019-12380\", \"CVE-2019-12381\", \"CVE-2019-12382\", \"CVE-2019-12379\", \"CVE-2019-11833\", \"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\", \"CVE-2019-11884\", \"CVE-2019-3900\", \"CVE-2019-9503\", \"CVE-2019-9500\", \"CVE-2019-3882\", \"CVE-2019-9857\", \"CVE-2019-8980\", \"CVE-2019-8912\", \"CVE-2019-7221\", \"CVE-2019-6974\", \"CVE-2019-7222\", \"CVE-2018-16880\", \"CVE-2019-3459\", \"CVE-2019-3460\", \"CVE-2019-3701\", \"CVE-2018-19824\", \"CVE-2018-16862\", \"CVE-2018-19407\", \"CVE-2019-14835\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-04 07:25:00 +0000 (Fri, 04 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-10-04 02:28:18 +0000 (Fri, 04 Oct 2019)\");\n script_name(\"Fedora Update for kernel FEDORA-2019-a570a92d5a\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-a570a92d5a\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BBXNWMXIROSEFMQSTSXPJBIYMFZLH2XY\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the FEDORA-2019-a570a92d5a advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The kernel meta package\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~5.2.17~100.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:16", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-17T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2019-c36afa818c", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7222", "CVE-2018-13053", "CVE-2018-1108", "CVE-2018-12126", "CVE-2019-3900", "CVE-2018-12633", "CVE-2019-3460", "CVE-2018-10840", "CVE-2018-13405", "CVE-2018-13095", "CVE-2018-19824", "CVE-2018-12714", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-19406", "CVE-2018-10853", "CVE-2019-8980", "CVE-2019-9857", "CVE-2018-13093", "CVE-2018-17182", "CVE-2019-8912", "CVE-2018-14734", "CVE-2018-12127", "CVE-2018-16862", "CVE-2019-11884", "CVE-2018-3646", "CVE-2018-1120", "CVE-2018-5391", "CVE-2019-9500", "CVE-2018-18710", "CVE-2019-9503", "CVE-2018-3620", "CVE-2019-7221", "CVE-2018-10322", "CVE-2018-15471", "CVE-2019-3701", "CVE-2018-10323", "CVE-2019-6974", "CVE-2019-3459", "CVE-2018-14678", "CVE-2018-19407", "CVE-2018-14633", "CVE-2018-16880", "CVE-2018-3639", "CVE-2019-11091", "CVE-2019-3882", "CVE-2018-12896", "CVE-2018-12130", "CVE-2018-13094"], "modified": "2019-05-17T00:00:00", "id": "OPENVAS:1361412562310876377", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876377", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876377\");\n script_version(\"2019-05-17T10:04:07+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\", \"CVE-2019-11884\", \"CVE-2019-3900\", \"CVE-2019-9503\", \"CVE-2019-9500\", \"CVE-2019-3882\", \"CVE-2019-9857\", \"CVE-2019-8980\", \"CVE-2019-8912\", \"CVE-2019-7221\", \"CVE-2019-6974\", \"CVE-2019-7222\", \"CVE-2018-16880\", \"CVE-2019-3459\", \"CVE-2019-3460\", \"CVE-2019-3701\", \"CVE-2018-19406\", \"CVE-2018-19824\", \"CVE-2018-16862\", \"CVE-2018-19407\", \"CVE-2018-18710\", \"CVE-2018-14633\", \"CVE-2018-17182\", \"CVE-2018-5391\", \"CVE-2018-15471\", \"CVE-2018-3620\", \"CVE-2018-3646\", \"CVE-2018-14734\", \"CVE-2018-14678\", \"CVE-2018-13405\", \"CVE-2018-13053\", \"CVE-2018-12896\", \"CVE-2018-13093\", \"CVE-2018-13094\", \"CVE-2018-13095\", \"CVE-2018-12714\", \"CVE-2018-12633\", \"CVE-2018-12232\", \"CVE-2018-10853\", \"CVE-2018-11506\", \"CVE-2018-10840\", \"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\", \"CVE-2018-10323\", \"CVE-2018-1108\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:04:07 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-17 02:12:30 +0000 (Fri, 17 May 2019)\");\n script_name(\"Fedora Update for kernel FEDORA-2019-c36afa818c\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2019-c36afa818c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPWHQHNM2MSGO3FDJVIQXQNKYVR7TV45\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the FEDORA-2019-c36afa818c advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The kernel meta package\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC28\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~5.0.16~100.fc28\", rls:\"FC28\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-06T12:10:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-10-26T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2019-41e28660ae", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-14815", "CVE-2019-7222", "CVE-2019-14816", "CVE-2018-12126", "CVE-2019-3900", "CVE-2019-15538", "CVE-2019-3460", "CVE-2018-19824", "CVE-2019-11478", "CVE-2019-15505", "CVE-2019-15504", "CVE-2019-8980", "CVE-2019-12378", "CVE-2019-17055", "CVE-2019-9857", "CVE-2019-12380", "CVE-2019-17054", "CVE-2019-8912", "CVE-2019-12455", "CVE-2018-12127", "CVE-2019-13631", "CVE-2018-16862", "CVE-2019-11884", "CVE-2019-12381", "CVE-2019-9500", "CVE-2019-12379", "CVE-2019-11833", "CVE-2019-9503", "CVE-2019-12456", "CVE-2019-11477", "CVE-2019-12817", "CVE-2019-7221", "CVE-2019-12614", "CVE-2019-3701", "CVE-2019-6974", "CVE-2019-3459", "CVE-2019-17052", "CVE-2018-19407", "CVE-2019-12454", "CVE-2019-12382", "CVE-2019-14821", "CVE-2018-16880", "CVE-2019-3846", "CVE-2019-14814", "CVE-2019-10126", "CVE-2019-11479", "CVE-2019-11091", "CVE-2019-3882", "CVE-2019-17053", "CVE-2018-12130", "CVE-2019-17056"], "modified": "2019-10-30T00:00:00", "id": "OPENVAS:1361412562310876943", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876943", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876943\");\n script_version(\"2019-10-30T10:03:24+0000\");\n script_cve_id(\"CVE-2019-17052\", \"CVE-2019-17053\", \"CVE-2019-17054\", \"CVE-2019-17055\", \"CVE-2019-17056\", \"CVE-2019-14821\", \"CVE-2019-15504\", \"CVE-2019-15505\", \"CVE-2019-15538\", \"CVE-2019-14814\", \"CVE-2019-14815\", \"CVE-2019-14816\", \"CVE-2019-13631\", \"CVE-2019-12817\", \"CVE-2019-11477\", \"CVE-2019-11479\", \"CVE-2019-11478\", \"CVE-2019-10126\", \"CVE-2019-12614\", \"CVE-2019-12456\", \"CVE-2019-12455\", \"CVE-2019-12454\", \"CVE-2019-12378\", \"CVE-2019-3846\", \"CVE-2019-12380\", \"CVE-2019-12381\", \"CVE-2019-12382\", \"CVE-2019-12379\", \"CVE-2019-11833\", \"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\", \"CVE-2019-11884\", \"CVE-2019-3900\", \"CVE-2019-9503\", \"CVE-2019-9500\", \"CVE-2019-3882\", \"CVE-2019-9857\", \"CVE-2019-8980\", \"CVE-2019-8912\", \"CVE-2019-7221\", \"CVE-2019-6974\", \"CVE-2019-7222\", \"CVE-2018-16880\", \"CVE-2019-3459\", \"CVE-2019-3460\", \"CVE-2019-3701\", \"CVE-2018-19824\", \"CVE-2018-16862\", \"CVE-2018-19407\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-30 10:03:24 +0000 (Wed, 30 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-10-26 02:27:48 +0000 (Sat, 26 Oct 2019)\");\n script_name(\"Fedora Update for kernel FEDORA-2019-41e28660ae\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-41e28660ae\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OQRYOJ367BYNOXYMBEMNEJQCGGW2EC7\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the FEDORA-2019-41e28660ae advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The kernel meta package\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~5.3.6~100.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-03T17:12:04", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-11-14T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2019-7a3fc17778", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-14815", "CVE-2019-7222", "CVE-2019-14816", "CVE-2018-12126", "CVE-2019-3900", "CVE-2019-0117", "CVE-2019-15538", "CVE-2019-3460", "CVE-2019-17666", "CVE-2018-19824", "CVE-2019-11478", "CVE-2019-15505", "CVE-2019-15504", "CVE-2019-8980", "CVE-2019-12378", "CVE-2019-17055", "CVE-2019-0155", "CVE-2019-9857", "CVE-2019-12380", "CVE-2019-17054", "CVE-2018-12207", "CVE-2019-8912", "CVE-2019-12455", "CVE-2018-12127", "CVE-2019-11135", "CVE-2019-13631", "CVE-2018-16862", "CVE-2019-11884", "CVE-2019-12381", "CVE-2019-9500", "CVE-2019-12379", "CVE-2019-11833", "CVE-2019-9503", "CVE-2019-12456", "CVE-2019-11477", "CVE-2019-12817", "CVE-2019-7221", "CVE-2019-12614", "CVE-2019-3701", "CVE-2019-6974", "CVE-2019-0154", "CVE-2019-3459", "CVE-2019-17052", "CVE-2018-19407", "CVE-2019-12454", "CVE-2019-12382", "CVE-2019-14821", "CVE-2018-16880", "CVE-2019-3846", "CVE-2019-14814", "CVE-2019-10126", "CVE-2019-11479", "CVE-2019-11091", "CVE-2019-3882", "CVE-2019-17053", "CVE-2018-12130", "CVE-2019-17056"], "modified": "2020-02-03T00:00:00", "id": "OPENVAS:1361412562310876995", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876995", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876995\");\n script_version(\"2020-02-03T08:05:42+0000\");\n script_cve_id(\"CVE-2019-11135\", \"CVE-2018-12207\", \"CVE-2019-0154\", \"CVE-2019-0155\", \"CVE-2019-17666\", \"CVE-2019-17052\", \"CVE-2019-17053\", \"CVE-2019-17054\", \"CVE-2019-17055\", \"CVE-2019-17056\", \"CVE-2019-14821\", \"CVE-2019-15504\", \"CVE-2019-15505\", \"CVE-2019-15538\", \"CVE-2019-14814\", \"CVE-2019-14815\", \"CVE-2019-14816\", \"CVE-2019-13631\", \"CVE-2019-12817\", \"CVE-2019-11477\", \"CVE-2019-11479\", \"CVE-2019-11478\", \"CVE-2019-10126\", \"CVE-2019-12614\", \"CVE-2019-12456\", \"CVE-2019-12455\", \"CVE-2019-12454\", \"CVE-2019-12378\", \"CVE-2019-3846\", \"CVE-2019-12380\", \"CVE-2019-12381\", \"CVE-2019-12382\", \"CVE-2019-12379\", \"CVE-2019-11833\", \"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\", \"CVE-2019-11884\", \"CVE-2019-3900\", \"CVE-2019-9503\", \"CVE-2019-9500\", \"CVE-2019-3882\", \"CVE-2019-9857\", \"CVE-2019-8980\", \"CVE-2019-8912\", \"CVE-2019-7221\", \"CVE-2019-6974\", \"CVE-2019-7222\", \"CVE-2018-16880\", \"CVE-2019-3459\", \"CVE-2019-3460\", \"CVE-2019-3701\", \"CVE-2018-19824\", \"CVE-2018-16862\", \"CVE-2018-19407\", \"CVE-2019-0117\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-03 08:05:42 +0000 (Mon, 03 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-11-14 03:29:25 +0000 (Thu, 14 Nov 2019)\");\n script_name(\"Fedora Update for kernel FEDORA-2019-7a3fc17778\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-7a3fc17778\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FTRJEQBHRQDOXJQRWADYWVUPJL4B4CG7\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the FEDORA-2019-7a3fc17778 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The kernel meta package\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~5.3.11~100.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-30T16:58:49", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-03-12T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2020-1186)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-15219", "CVE-2019-15218", "CVE-2019-3900", "CVE-2019-15538", "CVE-2013-2206", "CVE-2019-15807", "CVE-2019-15666", "CVE-2019-15211", "CVE-2019-12378", "CVE-2019-15118", "CVE-2019-12380", "CVE-2019-13272", "CVE-2019-12455", "CVE-2019-13631", "CVE-2019-15220", "CVE-2019-15920", "CVE-2019-12381", "CVE-2019-11810", "CVE-2019-11833", "CVE-2019-12456", "CVE-2019-11599", "CVE-2019-18805", "CVE-2019-9455", "CVE-2019-8956", "CVE-2019-15221", "CVE-2019-12614", "CVE-2019-3701", "CVE-2019-15292", "CVE-2019-11487", "CVE-2019-11486", "CVE-2019-11811", "CVE-2019-11815", "CVE-2019-15214", "CVE-2019-12382", "CVE-2019-15925", "CVE-2018-16880", "CVE-2019-3846", "CVE-2013-6282", "CVE-2019-5489", "CVE-2019-15919", "CVE-2012-3400", "CVE-2019-13233", "CVE-2019-12615", "CVE-2019-3819", "CVE-2019-3882", "CVE-2013-2164", "CVE-2019-16413", "CVE-2018-20836", "CVE-2019-15917", "CVE-2019-14283"], "modified": "2020-03-26T00:00:00", "id": "OPENVAS:1361412562311220201186", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201186", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1186\");\n script_version(\"2020-03-26T11:51:34+0000\");\n script_cve_id(\"CVE-2012-3400\", \"CVE-2013-2164\", \"CVE-2013-2206\", \"CVE-2013-6282\", \"CVE-2018-16880\", \"CVE-2018-20836\", \"CVE-2019-11486\", \"CVE-2019-11487\", \"CVE-2019-11599\", \"CVE-2019-11810\", \"CVE-2019-11811\", \"CVE-2019-11815\", \"CVE-2019-11833\", \"CVE-2019-12378\", \"CVE-2019-12380\", \"CVE-2019-12381\", \"CVE-2019-12382\", \"CVE-2019-12455\", \"CVE-2019-12456\", \"CVE-2019-12614\", \"CVE-2019-12615\", \"CVE-2019-13233\", \"CVE-2019-13272\", \"CVE-2019-13631\", \"CVE-2019-14283\", \"CVE-2019-15118\", \"CVE-2019-15211\", \"CVE-2019-15214\", \"CVE-2019-15218\", \"CVE-2019-15219\", \"CVE-2019-15220\", \"CVE-2019-15221\", \"CVE-2019-15292\", \"CVE-2019-15538\", \"CVE-2019-15666\", \"CVE-2019-15807\", \"CVE-2019-15917\", \"CVE-2019-15919\", \"CVE-2019-15920\", \"CVE-2019-15925\", \"CVE-2019-16413\", \"CVE-2019-18805\", \"CVE-2019-3701\", \"CVE-2019-3819\", \"CVE-2019-3846\", \"CVE-2019-3882\", \"CVE-2019-3900\", \"CVE-2019-5489\", \"CVE-2019-8956\", \"CVE-2019-9455\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-03-26 11:51:34 +0000 (Thu, 26 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-12 10:47:45 +0000 (Thu, 12 Mar 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2020-1186)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1186\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1186\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2020-1186 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel before 3.4.5 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem.(CVE-2012-3400)\n\nThe mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive.(CVE-2013-2164)\n\nThe sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel before 3.8.5 does not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic.(CVE-2013-2206)\n\nThe (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against Android devices in October and November 2013.(CVE-2013-6282)\n\nAn issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.(CVE-2018-20836)\n\nThe Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions.(CVE-2019-11486)\n\nThe Linux kernel before 5.1-rc5 allows page-_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests.(CVE-2019-11487)\n\nThe coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.(CVE-2019-11599)\n\nAn issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"bpftool\", rpm:\"bpftool~4.19.36~vhulk1907.1.0.h361.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.19.36~vhulk1907.1.0.h361.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.19.36~vhulk1907.1.0.h361.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~4.19.36~vhulk1907.1.0.h361.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~4.19.36~vhulk1907.1.0.h361.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~4.19.36~vhulk1907.1.0.h361.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~4.19.36~vhulk1907.1.0.h361.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~4.19.36~vhulk1907.1.0.h361.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~4.19.36~vhulk1907.1.0.h361.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python3-perf\", rpm:\"python3-perf~4.19.36~vhulk1907.1.0.h361.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:34:36", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-2274)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-15219", "CVE-2017-7472", "CVE-2019-14815", "CVE-2019-15098", "CVE-2018-3693", "CVE-2019-15218", "CVE-2017-5754", "CVE-2017-7261", "CVE-2019-14816", "CVE-2019-15217", "CVE-2019-14284", "CVE-2019-15807", "CVE-2019-15216", "CVE-2018-1066", "CVE-2019-15505", "CVE-2017-7518", "CVE-2019-12378", "CVE-2019-17055", "CVE-2019-15118", "CVE-2019-13648", "CVE-2019-17054", "CVE-2019-9506", "CVE-2018-10675", "CVE-2019-15215", "CVE-2019-13631", "CVE-2019-10207", "CVE-2019-15220", "CVE-2019-15927", "CVE-2019-10140", "CVE-2019-12381", "CVE-2019-9500", "CVE-2019-14835", "CVE-2019-15213", "CVE-2019-9503", "CVE-2019-15212", "CVE-2019-12456", "CVE-2018-9363", "CVE-2019-15221", "CVE-2019-15239", "CVE-2019-12818", "CVE-2019-10142", "CVE-2018-10323", "CVE-2019-15292", "CVE-2018-7995", "CVE-2019-17052", "CVE-2018-20976", "CVE-2019-15214", "CVE-2018-9518", "CVE-2019-12382", "CVE-2019-14821", "CVE-2019-3846", "CVE-2018-10124", "CVE-2019-2101", "CVE-2019-15916", "CVE-2019-15926", "CVE-2019-14814", "CVE-2018-6412", "CVE-2017-5897", "CVE-2019-3882", "CVE-2019-17053", "CVE-2019-1125", "CVE-2019-16413", "CVE-2018-13094", "CVE-2019-17056", "CVE-2019-14283"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192274", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192274", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2274\");\n script_version(\"2020-01-23T12:44:02+0000\");\n script_cve_id(\"CVE-2017-5754\", \"CVE-2017-5897\", \"CVE-2017-7261\", \"CVE-2017-7472\", \"CVE-2017-7518\", \"CVE-2018-10124\", \"CVE-2018-10323\", \"CVE-2018-1066\", \"CVE-2018-10675\", \"CVE-2018-13094\", \"CVE-2018-20976\", \"CVE-2018-3693\", \"CVE-2018-6412\", \"CVE-2018-7995\", \"CVE-2018-9363\", \"CVE-2018-9518\", \"CVE-2019-10140\", \"CVE-2019-10142\", \"CVE-2019-10207\", \"CVE-2019-1125\", \"CVE-2019-12378\", \"CVE-2019-12381\", \"CVE-2019-12382\", \"CVE-2019-12456\", \"CVE-2019-12818\", \"CVE-2019-13631\", \"CVE-2019-13648\", \"CVE-2019-14283\", \"CVE-2019-14284\", \"CVE-2019-14814\", \"CVE-2019-14815\", \"CVE-2019-14816\", \"CVE-2019-14821\", \"CVE-2019-14835\", \"CVE-2019-15098\", \"CVE-2019-15118\", \"CVE-2019-15212\", \"CVE-2019-15213\", \"CVE-2019-15214\", \"CVE-2019-15215\", \"CVE-2019-15216\", \"CVE-2019-15217\", \"CVE-2019-15218\", \"CVE-2019-15219\", \"CVE-2019-15220\", \"CVE-2019-15221\", \"CVE-2019-15239\", \"CVE-2019-15292\", \"CVE-2019-15505\", \"CVE-2019-15807\", \"CVE-2019-15916\", \"CVE-2019-15926\", \"CVE-2019-15927\", \"CVE-2019-16413\", \"CVE-2019-17052\", \"CVE-2019-17053\", \"CVE-2019-17054\", \"CVE-2019-17055\", \"CVE-2019-17056\", \"CVE-2019-2101\", \"CVE-2019-3846\", \"CVE-2019-3882\", \"CVE-2019-9500\", \"CVE-2019-9503\", \"CVE-2019-9506\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:44:02 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:44:02 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-2274)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2274\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2274\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-2274 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.(CVE-2017-5754)\n\nThe ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access.(CVE-2017-5897)\n\nThe vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device.(CVE-2017-7261)\n\nThe KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.(CVE-2017-7472)\n\nA flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this.(CVE-2017-7518)\n\nThe kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument.(CVE-2018-10124)\n\nThe xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image.(CVE-2018-10323)\n\nThe Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response is mishandled during session recovery.(CVE-2018-1066)\n\nThe do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.(CVE-2018-10675)\n\nAn issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~514.44.5.10.h232\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~514.44.5.10.h232\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~514.44.5.10.h232\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~514.44.5.10.h232\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~514.44.5.10.h232\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~514.44.5.10.h232\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~514.44.5.10.h232\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~514.44.5.10.h232\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~514.44.5.10.h232\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:40:37", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-2353)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-15219", "CVE-2017-7472", "CVE-2019-14815", "CVE-2019-15098", "CVE-2016-2384", "CVE-2016-2782", "CVE-2018-3693", "CVE-2017-14051", "CVE-2019-15218", "CVE-2017-7261", "CVE-2019-14816", "CVE-2015-3332", "CVE-2017-13216", "CVE-2017-18595", "CVE-2018-10880", "CVE-2019-15217", "CVE-2019-0136", "CVE-2019-17666", "CVE-2019-14284", "CVE-2019-15807", "CVE-2016-3689", "CVE-2019-15216", "CVE-2019-15505", "CVE-2019-12378", "CVE-2019-17055", "CVE-2016-3139", "CVE-2015-9289", "CVE-2019-15118", "CVE-2017-18551", "CVE-2016-2186", "CVE-2019-13648", "CVE-2019-17054", "CVE-2014-1446", "CVE-2016-2187", "CVE-2018-10675", "CVE-2019-13631", "CVE-2019-15220", "CVE-2016-4569", "CVE-2016-7425", "CVE-2017-13305", "CVE-2017-1000379", "CVE-2016-2184", "CVE-2019-17075", "CVE-2019-15927", "CVE-2017-18232", "CVE-2019-10140", "CVE-2019-12381", "CVE-2018-18710", "CVE-2019-12379", "CVE-2019-14835", "CVE-2019-15213", "CVE-2019-9503", "CVE-2015-1350", "CVE-2019-15212", "CVE-2019-12456", "CVE-2019-15221", "CVE-2018-10322", "CVE-2018-20856", "CVE-2019-12818", "CVE-2018-17972", "CVE-2019-10142", "CVE-2016-3138", "CVE-2018-10323", "CVE-2019-15292", "CVE-2016-3140", "CVE-2019-17052", "CVE-2018-20976", "CVE-2017-18509", "CVE-2016-4578", "CVE-2015-8816", "CVE-2019-15214", "CVE-2016-2185", "CVE-2018-9518", "CVE-2018-10087", "CVE-2019-16232", "CVE-2019-14821", "CVE-2019-3846", "CVE-2018-10124", "CVE-2019-2101", "CVE-2019-15916", "CVE-2016-4580", "CVE-2017-11089", "CVE-2019-15926", "CVE-2019-14814", "CVE-2018-6412", "CVE-2017-13167", "CVE-2019-15291", "CVE-2019-3882", "CVE-2019-17053", "CVE-2019-1125", "CVE-2018-12896", "CVE-2019-17133", "CVE-2019-16413", "CVE-2018-20511", "CVE-2019-17056", "CVE-2019-14283"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192353", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192353", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2353\");\n script_version(\"2020-01-23T14:09:13+0000\");\n script_cve_id(\"CVE-2014-1446\", \"CVE-2015-1350\", \"CVE-2015-3332\", \"CVE-2015-8816\", \"CVE-2015-9289\", \"CVE-2016-2184\", \"CVE-2016-2185\", \"CVE-2016-2186\", \"CVE-2016-2187\", \"CVE-2016-2384\", \"CVE-2016-2782\", \"CVE-2016-3138\", \"CVE-2016-3139\", \"CVE-2016-3140\", \"CVE-2016-3689\", \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4580\", \"CVE-2016-7425\", \"CVE-2017-1000379\", \"CVE-2017-11089\", \"CVE-2017-13167\", \"CVE-2017-13216\", \"CVE-2017-13305\", \"CVE-2017-14051\", \"CVE-2017-18232\", \"CVE-2017-18509\", \"CVE-2017-18551\", \"CVE-2017-18595\", \"CVE-2017-7261\", \"CVE-2017-7472\", \"CVE-2018-10087\", \"CVE-2018-10124\", \"CVE-2018-10322\", \"CVE-2018-10323\", \"CVE-2018-10675\", \"CVE-2018-10880\", \"CVE-2018-12896\", \"CVE-2018-17972\", \"CVE-2018-18710\", \"CVE-2018-20511\", \"CVE-2018-20856\", \"CVE-2018-20976\", \"CVE-2018-3693\", \"CVE-2018-6412\", \"CVE-2018-9518\", \"CVE-2019-0136\", \"CVE-2019-10140\", \"CVE-2019-10142\", \"CVE-2019-1125\", \"CVE-2019-12378\", \"CVE-2019-12379\", \"CVE-2019-12381\", \"CVE-2019-12456\", \"CVE-2019-12818\", \"CVE-2019-13631\", \"CVE-2019-13648\", \"CVE-2019-14283\", \"CVE-2019-14284\", \"CVE-2019-14814\", \"CVE-2019-14815\", \"CVE-2019-14816\", \"CVE-2019-14821\", \"CVE-2019-14835\", \"CVE-2019-15098\", \"CVE-2019-15118\", \"CVE-2019-15212\", \"CVE-2019-15213\", \"CVE-2019-15214\", \"CVE-2019-15216\", \"CVE-2019-15217\", \"CVE-2019-15218\", \"CVE-2019-15219\", \"CVE-2019-15220\", \"CVE-2019-15221\", \"CVE-2019-15291\", \"CVE-2019-15292\", \"CVE-2019-15505\", \"CVE-2019-15807\", \"CVE-2019-15916\", \"CVE-2019-15926\", \"CVE-2019-15927\", \"CVE-2019-16232\", \"CVE-2019-16413\", \"CVE-2019-17052\", \"CVE-2019-17053\", \"CVE-2019-17054\", \"CVE-2019-17055\", \"CVE-2019-17056\", \"CVE-2019-17075\", \"CVE-2019-17133\", \"CVE-2019-17666\", \"CVE-2019-2101\", \"CVE-2019-3846\", \"CVE-2019-3882\", \"CVE-2019-9503\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 14:09:13 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:47:59 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-2353)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2353\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2353\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-2353 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The yam_ioctl function in drivers et/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call.(CVE-2014-1446)\n\nThe VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program.(CVE-2015-1350)\n\nA certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiting the chrome://flags/#enable-tcp-fast-open URL when using certain 3.10.x through 3.16.x kernel builds, including longterm-maintenance releases and ckt (aka Canonical Kernel Team) builds.(CVE-2015-3332)\n\nThe hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.(CVE-2015-8816)\n\nIn the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23.(CVE-2015-9289)\n\nThe create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2184)\n\nThe ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2185)\n\nThe powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~327.62.59.83.h195\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~327.62.59.83.h195\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~327.62.59.83.h195\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~327.62.59.83.h195\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~327.62.59.83.h195\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~327.62.59.83.h195\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~327.62.59.83.h195\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~327.62.59.83.h195\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~327.62.59.83.h195\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~327.62.59.83.h195\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~327.62.59.83.h195\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-08-19T12:27:31", "description": "The 5.0.6 update contains a number of important fixes a cross the tree\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.5, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-04-09T00:00:00", "type": "nessus", "title": "Fedora 28 : kernel / kernel-headers / kernel-tools (2019-65c6d11eba)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-3882", "CVE-2019-9857"], "modified": "2020-01-23T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "p-cpe:/a:fedoraproject:fedora:kernel-headers", "p-cpe:/a:fedoraproject:fedora:kernel-tools", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2019-65C6D11EBA.NASL", "href": "https://www.tenable.com/plugins/nessus/123839", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-65c6d11eba.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(123839);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/23\");\n\n script_cve_id(\"CVE-2019-3882\", \"CVE-2019-9857\");\n script_xref(name:\"FEDORA\", value:\"2019-65c6d11eba\");\n\n script_name(english:\"Fedora 28 : kernel / kernel-headers / kernel-tools (2019-65c6d11eba)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 5.0.6 update contains a number of important fixes a cross the tree\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-65c6d11eba\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected kernel, kernel-headers and / or kernel-tools\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-3882\", \"CVE-2019-9857\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2019-65c6d11eba\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"kernel-5.0.6-100.fc28\")) flag++;\nif (rpm_check(release:\"FC28\", reference:\"kernel-headers-5.0.6-100.fc28\")) flag++;\nif (rpm_check(release:\"FC28\", reference:\"kernel-tools-5.0.6-100.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-headers / kernel-tools\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:27:27", "description": "The 5.0.6 update contains a number of importnat fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.5, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-04-09T00:00:00", "type": "nessus", "title": "Fedora 29 : kernel / kernel-headers / kernel-tools (2019-be9add5b77)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-3882", "CVE-2019-9857"], "modified": "2020-01-23T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "p-cpe:/a:fedoraproject:fedora:kernel-headers", "p-cpe:/a:fedoraproject:fedora:kernel-tools", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2019-BE9ADD5B77.NASL", "href": "https://www.tenable.com/plugins/nessus/123841", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-be9add5b77.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(123841);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/23\");\n\n script_cve_id(\"CVE-2019-3882\", \"CVE-2019-9857\");\n script_xref(name:\"FEDORA\", value:\"2019-be9add5b77\");\n\n script_name(english:\"Fedora 29 : kernel / kernel-headers / kernel-tools (2019-be9add5b77)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 5.0.6 update contains a number of importnat fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-be9add5b77\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected kernel, kernel-headers and / or kernel-tools\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-3882\", \"CVE-2019-9857\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2019-be9add5b77\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"kernel-5.0.6-200.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"kernel-headers-5.0.6-200.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"kernel-tools-5.0.6-200.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-headers / kernel-tools\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:27:17", "description": "The 5.0.6 update contains a number of important fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.5, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-05-02T00:00:00", "type": "nessus", "title": "Fedora 30 : kernel / kernel-headers / kernel-tools (2019-961cda41f0)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-3882", "CVE-2019-9857"], "modified": "2020-01-21T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "p-cpe:/a:fedoraproject:fedora:kernel-headers", "p-cpe:/a:fedoraproject:fedora:kernel-tools", "cpe:/o:fedoraproject:fedora:30"], "id": "FEDORA_2019-961CDA41F0.NASL", "href": "https://www.tenable.com/plugins/nessus/124518", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-961cda41f0.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124518);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/21\");\n\n script_cve_id(\"CVE-2019-3882\", \"CVE-2019-9857\");\n script_xref(name:\"FEDORA\", value:\"2019-961cda41f0\");\n\n script_name(english:\"Fedora 30 : kernel / kernel-headers / kernel-tools (2019-961cda41f0)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 5.0.6 update contains a number of important fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-961cda41f0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected kernel, kernel-headers and / or kernel-tools\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-3882\", \"CVE-2019-9857\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2019-961cda41f0\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"kernel-5.0.6-300.fc30\")) flag++;\nif (rpm_check(release:\"FC30\", reference:\"kernel-headers-5.0.6-300.fc30\")) flag++;\nif (rpm_check(release:\"FC30\", reference:\"kernel-tools-5.0.6-300.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-headers / kernel-tools\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:22:44", "description": "A flaw was found in the Linux kernel's freescale hypervisor manager implementation. A parameter passed via to an ioctl was incorrectly validated and used in size calculations for the page size calculation.\nAn attacker can use this flaw to crash the system or corrupt memory or, possibly, create other adverse security affects. (CVE-2019-10142)\n\nThe do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\\0' character.\n(CVE-2019-11884)\n\nIf the Wake-up on Wireless LAN functionality is configured in the brcmfmac driver, which only works with Broadcom FullMAC chipsets, a malicious event frame can be constructed to trigger a heap buffer overflow in the brcmf_wowl_nd_results() function. This vulnerability can be exploited by compromised chipsets to compromise the host, or when used in combination with another brcmfmac driver flaw (CVE-2019-9503), can be used remotely. This can result in a remote denial of service (DoS). Due to the nature of the flaw, a remote privilege escalation cannot be fully ruled out. (CVE-2019-9500)\n\nA new software page cache side channel attack scenario was discovered in operating systems that implement the very common 'page cache' caching mechanism. A malicious user/process could use 'in memory' page-cache knowledge to infer access timings to shared memory and gain knowledge which can be used to reduce effectiveness of cryptographic strength by monitoring algorithmic behavior, infer access patterns of memory to determine code paths taken, and exfiltrate data to a blinded attacker through page-granularity access times as a side-channel.\n(CVE-2019-5489)\n\nA flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS).\n(CVE-2019-3882)", "cvss3": {"score": 8.3, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2019-05-31T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2019-1214)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10142", "CVE-2019-11884", "CVE-2019-3882", "CVE-2019-5489", "CVE-2019-9500"], "modified": "2020-01-31T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2019-1214.NASL", "href": "https://www.tenable.com/plugins/nessus/125605", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2019-1214.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125605);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/01/31\");\n\n script_cve_id(\"CVE-2019-10142\", \"CVE-2019-11884\", \"CVE-2019-3882\", \"CVE-2019-5489\", \"CVE-2019-9500\");\n script_xref(name:\"ALAS\", value:\"2019-1214\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2019-1214)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the Linux kernel's freescale hypervisor manager\nimplementation. A parameter passed via to an ioctl was incorrectly\nvalidated and used in size calculations for the page size calculation.\nAn attacker can use this flaw to crash the system or corrupt memory\nor, possibly, create other adverse security affects. (CVE-2019-10142)\n\nThe do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the\nLinux kernel before 5.0.15 allows a local user to obtain potentially\nsensitive information from kernel stack memory via a HIDPCONNADD\ncommand, because a name field may not end with a '\\0' character.\n(CVE-2019-11884)\n\nIf the Wake-up on Wireless LAN functionality is configured in the\nbrcmfmac driver, which only works with Broadcom FullMAC chipsets, a\nmalicious event frame can be constructed to trigger a heap buffer\noverflow in the brcmf_wowl_nd_results() function. This vulnerability\ncan be exploited by compromised chipsets to compromise the host, or\nwhen used in combination with another brcmfmac driver flaw\n(CVE-2019-9503), can be used remotely. This can result in a remote\ndenial of service (DoS). Due to the nature of the flaw, a remote\nprivilege escalation cannot be fully ruled out. (CVE-2019-9500)\n\nA new software page cache side channel attack scenario was discovered\nin operating systems that implement the very common 'page cache'\ncaching mechanism. A malicious user/process could use 'in memory'\npage-cache knowledge to infer access timings to shared memory and gain\nknowledge which can be used to reduce effectiveness of cryptographic\nstrength by monitoring algorithmic behavior, infer access patterns of\nmemory to determine code paths taken, and exfiltrate data to a blinded\nattacker through page-granularity access times as a side-channel.\n(CVE-2019-5489)\n\nA flaw was found in the Linux kernel's vfio interface implementation\nthat permits violation of the user's locked memory limit. If a device\nis bound to a vfio driver, such as vfio-pci, and the local attacker is\nadministratively granted ownership of the device, it may cause a\nsystem memory exhaustion and thus a denial of service (DoS).\n(CVE-2019-3882)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2019-1214.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update kernel' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9500\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"kernel-4.14.121-85.96.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-debuginfo-4.14.121-85.96.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-4.14.121-85.96.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.14.121-85.96.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-devel-4.14.121-85.96.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-headers-4.14.121-85.96.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-4.14.121-85.96.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-debuginfo-4.14.121-85.96.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-devel-4.14.121-85.96.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-4.14.121-85.96.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-debuginfo-4.14.121-85.96.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc\");\n}\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:22:44", "description": "A flaw was found in the Linux kernel's freescale hypervisor manager implementation. A parameter passed via to an ioctl was incorrectly validated and used in size calculations for the page size calculation.\nAn attacker can use this flaw to crash the system or corrupt memory or, possibly, create other adverse security affects.(CVE-2019-10142)\n\nA new software page cache side channel attack scenario was discovered in operating systems that implement the very common 'page cache' caching mechanism. A malicious user/process could use 'in memory' page-cache knowledge to infer access timings to shared memory and gain knowledge which can be used to reduce effectiveness of cryptographic strength by monitoring algorithmic behavior, infer access patterns of memory to determine code paths taken, and exfiltrate data to a blinded attacker through page-granularity access times as a side-channel.\n(CVE-2019-5489)\n\nThe do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\\0' character.(CVE-2019-11884)\n\nA flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS).(CVE-2019-3882)\n\nIf the Wake-up on Wireless LAN functionality is configured in the brcmfmac driver, which only works with Broadcom FullMAC chipsets, a malicious event frame can be constructed to trigger a heap buffer overflow in the brcmf_wowl_nd_results() function. This vulnerability can be exploited by compromised chipsets to compromise the host, or when used in combination with another brcmfmac driver flaw (CVE-2019-9503), can be used remotely. This can result in a remote denial of service (DoS). Due to the nature of the flaw, a remote privilege escalation cannot be fully ruled out.(CVE-2019-9500)\n\nA flaw was found in the Linux kernel's implementation of ext4 extent management. The kernel doesn't correctly initialize memory regions in the extent tree block which may be exported to a local user to obtain sensitive information by reading empty/uninitialized data from the filesystem. (CVE-2019-11833)", "cvss3": {"score": 8.3, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2019-05-31T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALAS-2019-1214)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10142", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-3882", "CVE-2019-5489", "CVE-2019-9500"], "modified": "2020-01-31T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2019-1214.NASL", "href": "https://www.tenable.com/plugins/nessus/125598", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2019-1214.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125598);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2020/01/31\");\n\n script_cve_id(\"CVE-2019-10142\", \"CVE-2019-11833\", \"CVE-2019-11884\", \"CVE-2019-3882\", \"CVE-2019-5489\", \"CVE-2019-9500\");\n script_xref(name:\"ALAS\", value:\"2019-1214\");\n\n script_name(english:\"Amazon Linux 2 : kernel (ALAS-2019-1214)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the Linux kernel's freescale hypervisor manager\nimplementation. A parameter passed via to an ioctl was incorrectly\nvalidated and used in size calculations for the page size calculation.\nAn attacker can use this flaw to crash the system or corrupt memory\nor, possibly, create other adverse security affects.(CVE-2019-10142)\n\nA new software page cache side channel attack scenario was discovered\nin operating systems that implement the very common 'page cache'\ncaching mechanism. A malicious user/process could use 'in memory'\npage-cache knowledge to infer access timings to shared memory and gain\nknowledge which can be used to reduce effectiveness of cryptographic\nstrength by monitoring algorithmic behavior, infer access patterns of\nmemory to determine code paths taken, and exfiltrate data to a blinded\nattacker through page-granularity access times as a side-channel.\n(CVE-2019-5489)\n\nThe do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the\nLinux kernel before 5.0.15 allows a local user to obtain potentially\nsensitive information from kernel stack memory via a HIDPCONNADD\ncommand, because a name field may not end with a '\\0'\ncharacter.(CVE-2019-11884)\n\nA flaw was found in the Linux kernel's vfio interface implementation\nthat permits violation of the user's locked memory limit. If a device\nis bound to a vfio driver, such as vfio-pci, and the local attacker is\nadministratively granted ownership of the device, it may cause a\nsystem memory exhaustion and thus a denial of service\n(DoS).(CVE-2019-3882)\n\nIf the Wake-up on Wireless LAN functionality is configured in the\nbrcmfmac driver, which only works with Broadcom FullMAC chipsets, a\nmalicious event frame can be constructed to trigger a heap buffer\noverflow in the brcmf_wowl_nd_results() function. This vulnerability\ncan be exploited by compromised chipsets to compromise the host, or\nwhen used in combination with another brcmfmac driver flaw\n(CVE-2019-9503), can be used remotely. This can result in a remote\ndenial of service (DoS). Due to the nature of the flaw, a remote\nprivilege escalation cannot be fully ruled out.(CVE-2019-9500)\n\nA flaw was found in the Linux kernel's implementation of ext4 extent\nmanagement. The kernel doesn't correctly initialize memory regions in\nthe extent tree block which may be exported to a local user to obtain\nsensitive information by reading empty/uninitialized data from the\nfilesystem. (CVE-2019-11833)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2019-1214.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update kernel' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9500\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-4.14.121-109.96.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-debuginfo-4.14.121-109.96.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.14.121-109.96.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-devel-4.14.121-109.96.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"kernel-headers-4.14.121-109.96.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-tools-4.14.121-109.96.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-4.14.121-109.96.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-tools-devel-4.14.121-109.96.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"perf-4.14.121-109.96.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"perf-debuginfo-4.14.121-109.96.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"python-perf-4.14.121-109.96.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-4.14.121-109.96.amzn2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc\");\n}\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-28T13:15:12", "description": "Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information.\n(CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored in microarchitectural load ports of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory previously stored in microarchitectural store buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12126)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that uncacheable memory previously stored in microarchitectural buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11091)\n\nMatteo Croce, Natale Vinto, and Andrea Spagnolo discovered that the cgroups subsystem of the Linux kernel did not properly account for SCTP socket buffers. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-3874)\n\nAlex Williamson discovered that the vfio subsystem of the Linux kernel did not properly limit DMA mappings. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-3882).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-05-15T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3982-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091", "CVE-2019-3874", "CVE-2019-3882"], "modified": "2020-09-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3982-1.NASL", "href": "https://www.tenable.com/plugins/nessus/125143", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3982-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125143);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\", \"CVE-2019-3874\", \"CVE-2019-3882\");\n script_xref(name:\"USN\", value:\"3982-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3982-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi\nMaisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan\nvan Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh\nRazavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael\nSchwarz, and Daniel Gruss discovered that memory previously stored in\nmicroarchitectural fill buffers of an Intel CPU core may be exposed to\na malicious process that is executing on the same CPU core. A local\nattacker could use this to expose sensitive information.\n(CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco,\nStephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro\nFrigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered\nthat memory previously stored in microarchitectural load ports of an\nIntel CPU core may be exposed to a malicious process that is executing\non the same CPU core. A local attacker could use this to expose\nsensitive information. (CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin,\nDaniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel\nGenkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom\ndiscovered that memory previously stored in microarchitectural store\nbuffers of an Intel CPU core may be exposed to a malicious process\nthat is executing on the same CPU core. A local attacker could use\nthis to expose sensitive information. (CVE-2018-12126)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur,\nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa\nMilburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert\nBos, and Cristiano Giuffrida discovered that uncacheable memory\npreviously stored in microarchitectural buffers of an Intel CPU core\nmay be exposed to a malicious process that is executing on the same\nCPU core. A local attacker could use this to expose sensitive\ninformation. (CVE-2019-11091)\n\nMatteo Croce, Natale Vinto, and Andrea Spagnolo discovered that the\ncgroups subsystem of the Linux kernel did not properly account for\nSCTP socket buffers. A local attacker could use this to cause a denial\nof service (system crash). (CVE-2019-3874)\n\nAlex Williamson discovered that the vfio subsystem of the Linux kernel\ndid not properly limit DMA mappings. A local attacker could use this\nto cause a denial of service (memory exhaustion). (CVE-2019-3882).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3982-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11091\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\", \"CVE-2019-3874\", \"CVE-2019-3882\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3982-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1046-kvm\", pkgver:\"4.4.0-1046.52\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1083-aws\", pkgver:\"4.4.0-1083.93\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1109-raspi2\", pkgver:\"4.4.0-1109.117\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1113-snapdragon\", pkgver:\"4.4.0-1113.118\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-148-generic\", pkgver:\"4.4.0-148.174\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-148-generic-lpae\", pkgver:\"4.4.0-148.174\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-148-lowlatency\", pkgver:\"4.4.0-148.174\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-aws\", pkgver:\"4.4.0.1083.86\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic\", pkgver:\"4.4.0.148.156\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.4.0.148.156\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-kvm\", pkgver:\"4.4.0.1046.46\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.4.0.148.156\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.4.0.1109.109\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-snapdragon\", pkgver:\"4.4.0.1113.105\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-virtual\", pkgver:\"4.4.0.148.156\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-aws / linux-image-4.4-generic / etc\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-02-28T13:13:54", "description": "USN-3982-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 for Ubuntu 14.04 LTS.\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information.\n(CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored in microarchitectural load ports of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory previously stored in microarchitectural store buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12126)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that uncacheable memory previously stored in microarchitectural buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11091)\n\nMatteo Croce, Natale Vinto, and Andrea Spagnolo discovered that the cgroups subsystem of the Linux kernel did not properly account for SCTP socket buffers. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-3874)\n\nAlex Williamson discovered that the vfio subsystem of the Linux kernel did not properly limit DMA mappings. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-3882).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-05-15T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3982-2) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091", "CVE-2019-3874", "CVE-2019-3882"], "modified": "2019-05-16T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-xenial", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3982-2.NASL", "href": "https://www.tenable.com/plugins/nessus/125144", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3982-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125144);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/05/16 10:38:54\");\n\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\", \"CVE-2019-3874\", \"CVE-2019-3882\");\n script_xref(name:\"USN\", value:\"3982-2\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3982-2) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-3982-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 16.04 for Ubuntu 14.04\nLTS.\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi\nMaisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan\nvan Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh\nRazavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael\nSchwarz, and Daniel Gruss discovered that memory previously stored in\nmicroarchitectural fill buffers of an Intel CPU core may be exposed to\na malicious process that is executing on the same CPU core. A local\nattacker could use this to expose sensitive information.\n(CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco,\nStephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro\nFrigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered\nthat memory previously stored in microarchitectural load ports of an\nIntel CPU core may be exposed to a malicious process that is executing\non the same CPU core. A local attacker could use this to expose\nsensitive information. (CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin,\nDaniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel\nGenkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom\ndiscovered that memory previously stored in microarchitectural store\nbuffers of an Intel CPU core may be exposed to a malicious process\nthat is executing on the same CPU core. A local attacker could use\nthis to expose sensitive information. (CVE-2018-12126)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur,\nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa\nMilburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert\nBos, and Cristiano Giuffrida discovered that uncacheable memory\npreviously stored in microarchitectural buffers of an Intel CPU core\nmay be exposed to a malicious process that is executing on the same\nCPU core. A local attacker could use this to expose sensitive\ninformation. (CVE-2019-11091)\n\nMatteo Croce, Natale Vinto, and Andrea Spagnolo discovered that the\ncgroups subsystem of the Linux kernel did not properly account for\nSCTP socket buffers. A local attacker could use this to cause a denial\nof service (system crash). (CVE-2019-3874)\n\nAlex Williamson discovered that the vfio subsystem of the Linux kernel\ndid not properly limit DMA mappings. A local attacker could use this\nto cause a denial of service (memory exhaustion). (CVE-2019-3882).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3982-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\", \"CVE-2019-3874\", \"CVE-2019-3882\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3982-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-148-generic\", pkgver:\"4.4.0-148.174~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-148-generic-lpae\", pkgver:\"4.4.0-148.174~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-148-lowlatency\", pkgver:\"4.4.0-148.174~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lpae-lts-xenial\", pkgver:\"4.4.0.148.130\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lts-xenial\", pkgver:\"4.4.0.148.130\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-lowlatency-lts-xenial\", pkgver:\"4.4.0.148.130\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-virtual-lts-xenial\", pkgver:\"4.4.0.148.130\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-generic / linux-image-4.4-generic-lpae / etc\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:S/C:C/I:N/A:N"}}, {"lastseen": "2021-08-19T12:21:59", "description": "An update of the linux package has been released.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-06-24T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Linux PHSA-2019-3.0-0015", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11487", "CVE-2019-11599", "CVE-2019-11810", "CVE-2019-11815", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-3887", "CVE-2019-9857"], "modified": "2019-06-26T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2019-3_0-0015_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/126115", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-3.0-0015. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126115);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/06/26 10:34:07\");\n\n script_cve_id(\n \"CVE-2019-11487\",\n \"CVE-2019-11599\",\n \"CVE-2019-11810\",\n \"CVE-2019-11815\",\n \"CVE-2019-3459\",\n \"CVE-2019-3460\",\n \"CVE-2019-3887\",\n \"CVE-2019-9857\"\n );\n script_bugtraq_id(\n 106565,\n 107527,\n 107850,\n 107910,\n 108054,\n 108113,\n 108283,\n 108286\n );\n\n script_name(english:\"Photon OS 3.0: Linux PHSA-2019-3.0-0015\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-0015.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11815\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 3.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-api-headers-4.19.40-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-aws-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-aws-debuginfo-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-aws-devel-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-aws-docs-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-aws-drivers-gpu-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-aws-oprofile-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-aws-sound-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-aws-tools-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-debuginfo-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-devel-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-docs-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-drivers-gpu-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-drivers-sound-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-esx-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-esx-debuginfo-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-esx-devel-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-esx-docs-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-oprofile-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-secure-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-secure-debuginfo-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-secure-devel-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-secure-docs-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-secure-lkcm-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-tools-4.19.40-2.ph3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-28T13:15:33", "description": "USN-3981-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS and for the Linux Azure kernel for Ubuntu 14.04 LTS.\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information.\n(CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored in microarchitectural load ports of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory previously stored in microarchitectural store buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12126)\n\nVasily Averin and Evgenii Shatokhin discovered that a use-after-free vulnerability existed in the NFS41+ subsystem when multiple network namespaces are in use. A local attacker in a container could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-16884)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that uncacheable memory previously stored in microarchitectural buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11091)\n\nMatteo Croce, Natale Vinto, and Andrea Spagnolo discovered that the cgroups subsystem of the Linux kernel did not properly account for SCTP socket buffers. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-3874)\n\nAlex Williamson discovered that the vfio subsystem of the Linux kernel did not properly limit DMA mappings. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-3882)\n\nHugues Anguelkov discovered that the Broadcom Wifi driver in the Linux kernel contained a heap buffer overflow. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-9500)\n\nHugues Anguelkov discovered that the Broadcom Wifi driver in the Linux kernel did not properly prevent remote firmware events from being processed for USB Wifi devices. A physically proximate attacker could use this to send firmware events to the device. (CVE-2019-9503).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.3, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2019-05-15T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerabilities (USN-3981-2) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2018-16884", "CVE-2019-11091", "CVE-2019-3874", "CVE-2019-3882", "CVE-2019-9500", "CVE-2019-9503"], "modified": "2020-09-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3981-2.NASL", "href": "https://www.tenable.com/plugins/nessus/125142", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3981-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125142);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2018-16884\", \"CVE-2019-11091\", \"CVE-2019-3874\", \"CVE-2019-3882\", \"CVE-2019-9500\", \"CVE-2019-9503\");\n script_xref(name:\"USN\", value:\"3981-2\");\n\n script_name(english:\"Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerabilities (USN-3981-2) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-3981-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu\n16.04 LTS and for the Linux Azure kernel for Ubuntu 14.04 LTS.\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi\nMaisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan\nvan Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh\nRazavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael\nSchwarz, and Daniel Gruss discovered that memory previously stored in\nmicroarchitectural fill buffers of an Intel CPU core may be exposed to\na malicious process that is executing on the same CPU core. A local\nattacker could use this to expose sensitive information.\n(CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco,\nStephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro\nFrigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered\nthat memory previously stored in microarchitectural load ports of an\nIntel CPU core may be exposed to a malicious process that is executing\non the same CPU core. A local attacker could use this to expose\nsensitive information. (CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin,\nDaniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel\nGenkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom\ndiscovered that memory previously stored in microarchitectural store\nbuffers of an Intel CPU core may be exposed to a malicious process\nthat is executing on the same CPU core. A local attacker could use\nthis to expose sensitive information. (CVE-2018-12126)\n\nVasily Averin and Evgenii Shatokhin discovered that a use-after-free\nvulnerability existed in the NFS41+ subsystem when multiple network\nnamespaces are in use. A local attacker in a container could use this\nto cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2018-16884)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur,\nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa\nMilburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert\nBos, and Cristiano Giuffrida discovered that uncacheable memory\npreviously stored in microarchitectural buffers of an Intel CPU core\nmay be exposed to a malicious process that is executing on the same\nCPU core. A local attacker could use this to expose sensitive\ninformation. (CVE-2019-11091)\n\nMatteo Croce, Natale Vinto, and Andrea Spagnolo discovered that the\ncgroups subsystem of the Linux kernel did not properly account for\nSCTP socket buffers. A local attacker could use this to cause a denial\nof service (system crash). (CVE-2019-3874)\n\nAlex Williamson discovered that the vfio subsystem of the Linux kernel\ndid not properly limit DMA mappings. A local attacker could use this\nto cause a denial of service (memory exhaustion). (CVE-2019-3882)\n\nHugues Anguelkov discovered that the Broadcom Wifi driver in the Linux\nkernel contained a heap buffer overflow. A physically proximate\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2019-9500)\n\nHugues Anguelkov discovered that the Broadcom Wifi driver in the Linux\nkernel did not properly prevent remote firmware events from being\nprocessed for USB Wifi devices. A physically proximate attacker could\nuse this to send firmware events to the device. (CVE-2019-9503).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3981-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9503\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2018-16884\", \"CVE-2019-11091\", \"CVE-2019-3874\", \"CVE-2019-3882\", \"CVE-2019-9500\", \"CVE-2019-9503\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3981-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-1013-oracle\", pkgver:\"4.15.0-1013.15~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-1032-gcp\", pkgver:\"4.15.0-1032.34~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-1045-azure\", pkgver:\"4.15.0-1045.49\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-50-generic\", pkgver:\"4.15.0-50.54~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-50-generic-lpae\", pkgver:\"4.15.0-50.54~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-50-lowlatency\", pkgver:\"4.15.0-50.54~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-azure\", pkgver:\"4.15.0.1045.49\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-gcp\", pkgver:\"4.15.0.1032.46\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-hwe-16.04\", pkgver:\"4.15.0.50.71\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae-hwe-16.04\", pkgver:\"4.15.0.50.71\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-gke\", pkgver:\"4.15.0.1032.46\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency-hwe-16.04\", pkgver:\"4.15.0.50.71\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-oem\", pkgver:\"4.15.0.50.71\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-oracle\", pkgver:\"4.15.0.1013.7\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-virtual-hwe-16.04\", pkgver:\"4.15.0.50.71\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.15-azure / linux-image-4.15-gcp / etc\");\n}\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-28T13:14:46", "description": "The SUSE Linux Enterprise 12 SP4 Azure kernel was updated to receive various security and bugfixes.\n\nFour new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331)\n\nCVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)\n\nCVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)\n\nCVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS)\n\nCVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)\n\nThis kernel update contains software mitigations for these issues, which also utilize CPU microcode updates shipped in parallel.\n\nFor more information on this set of information leaks, check out https://www.suse.com/support/kb/doc/?id=7023736\n\nThe following security bugs were fixed: CVE-2018-16880: A flaw was found in the handle_rx() function in the vhost_net driver. A malicious virtual guest, under specific conditions, could trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.\n(bnc#1122767).\n\nCVE-2019-9003: Attackers could trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a 'service ipmievd restart' loop (bnc#1126704).\n\nCVE-2019-9503: A brcmfmac frame validation bypass was fixed.\n(bnc#1132828).\n\nCVE-2019-9500: A brcmfmac heap buffer overflow in brcmf_wowl_nd_results was fixed. (bnc#1132681).\n\nCVE-2019-3882: A flaw was found in the vfio interface implementation that permitted violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS).\n(bnc#1131416 bnc#1131427).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.3, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2019-05-15T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1242-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2018-16880", "CVE-2019-11091", "CVE-2019-3882", "CVE-2019-9003", "CVE-2019-9500", "CVE-2019-9503"], "modified": "2020-01-31T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-azure", "p-cpe:/a:novell:suse_linux:kernel-azure-base", "p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debugsource", "p-cpe:/a:novell:suse_linux:kernel-azure-devel", "p-cpe:/a:novell:suse_linux:kernel-syms-azure", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-1242-1.NASL", "href": "https://www.tenable.com/plugins/nessus/125132", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1242-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125132);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/01/31\");\n\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2018-16880\", \"CVE-2019-11091\", \"CVE-2019-3882\", \"CVE-2019-9003\", \"CVE-2019-9500\", \"CVE-2019-9503\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1242-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP4 Azure kernel was updated to receive\nvarious security and bugfixes.\n\nFour new speculative execution information leak issues have been\nidentified in Intel CPUs. (bsc#1111331)\n\nCVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)\n\nCVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)\n\nCVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS)\n\nCVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory\n(MDSUM)\n\nThis kernel update contains software mitigations for these issues,\nwhich also utilize CPU microcode updates shipped in parallel.\n\nFor more information on this set of information leaks, check out\nhttps://www.suse.com/support/kb/doc/?id=7023736\n\nThe following security bugs were fixed: CVE-2018-16880: A flaw was\nfound in the handle_rx() function in the vhost_net driver. A malicious\nvirtual guest, under specific conditions, could trigger an\nout-of-bounds write in a kmalloc-8 slab on a virtual host which may\nlead to a kernel memory corruption and a system panic. Due to the\nnature of the flaw, privilege escalation cannot be fully ruled out.\n(bnc#1122767).\n\nCVE-2019-9003: Attackers could trigger a\ndrivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by\narranging for certain simultaneous execution of the code, as\ndemonstrated by a 'service ipmievd restart' loop (bnc#1126704).\n\nCVE-2019-9503: A brcmfmac frame validation bypass was fixed.\n(bnc#1132828).\n\nCVE-2019-9500: A brcmfmac heap buffer overflow in\nbrcmf_wowl_nd_results was fixed. (bnc#1132681).\n\nCVE-2019-3882: A flaw was found in the vfio interface implementation\nthat permitted violation of the user's locked memory limit. If a\ndevice is bound to a vfio driver, such as vfio-pci, and the local\nattacker is administratively granted ownership of the device, it may\ncause a system memory exhaustion and thus a denial of service (DoS).\n(bnc#1131416 bnc#1131427).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052904\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053043\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055117\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055121\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1070872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1078216\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085535\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088804\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1093777\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097583\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097585\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097586\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097587\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1100132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103259\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107937\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108193\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108937\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111331\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112128\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114638\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119680\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122767\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125342\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126356\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126704\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126740\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127371\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127372\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128415\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128544\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129273\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129276\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129770\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130154\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130195\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130335\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130336\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130337\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130338\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130425\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130527\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130567\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131168\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131171\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131173\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131174\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131176\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131177\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131179\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131180\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131290\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131326\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131335\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131336\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131416\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131442\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131467\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131574\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131587\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131659\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131848\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131851\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131934\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131935\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132083\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132219\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132226\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132227\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132368\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132372\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132373\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132397\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132403\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132407\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132411\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132413\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132414\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132527\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132531\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132563\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132564\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132570\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132571\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132572\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132618\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132681\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132828\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132943\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133005\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133149\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133486\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133529\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133668\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133672\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133674\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133675\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133698\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133702\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133731\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133769\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133774\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133778\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133779\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133780\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133850\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133851\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133852\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12126/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12127/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12130/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16880/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11091/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-3882/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-9003/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-9500/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-9503/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/support/kb/doc/?id=7023736\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191242-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c7d3241b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-1242=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9503\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-azure-4.12.14-6.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-azure-base-4.12.14-6.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-azure-base-debuginfo-4.12.14-6.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-azure-debuginfo-4.12.14-6.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-azure-debugsource-4.12.14-6.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-azure-devel-4.12.14-6.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-syms-azure-4.12.14-6.12.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-28T13:15:11", "description": "Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information.\n(CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored in microarchitectural load ports of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory previously stored in microarchitectural store buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12126)\n\nVasily Averin and Evgenii Shatokhin discovered that a use-after-free vulnerability existed in the NFS41+ subsystem when multiple network namespaces are in use. A local attacker in a container could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-16884)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that uncacheable memory previously stored in microarchitectural buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11091)\n\nMatteo Croce, Natale Vinto, and Andrea Spagnolo discovered that the cgroups subsystem of the Linux kernel did not properly account for SCTP socket buffers. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-3874)\n\nAlex Williamson discovered that the vfio subsystem of the Linux kernel did not properly limit DMA mappings. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-3882)\n\nHugues Anguelkov discovered that the Broadcom Wifi driver in the Linux kernel contained a heap buffer overflow. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-9500)\n\nHugues Anguelkov discovered that the Broadcom Wifi driver in the Linux kernel did not properly prevent remote firmware events from being processed for USB Wifi devices. A physically proximate attacker could use this to send firmware events to the device. (CVE-2019-9503).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.3, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2019-05-15T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-3981-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2018-16884", "CVE-2019-11091", "CVE-2019-3874", "CVE-2019-3882", "CVE-2019-9500", "CVE-2019-9503"], "modified": "2020-09-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-3981-1.NASL", "href": "https://www.tenable.com/plugins/nessus/125141", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3981-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125141);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2018-16884\", \"CVE-2019-11091\", \"CVE-2019-3874\", \"CVE-2019-3882\", \"CVE-2019-9500\", \"CVE-2019-9503\");\n script_xref(name:\"USN\", value:\"3981-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-3981-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi\nMaisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan\nvan Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh\nRazavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael\nSchwarz, and Daniel Gruss discovered that memory previously stored in\nmicroarchitectural fill buffers of an Intel CPU core may be exposed to\na malicious process that is executing on the same CPU core. A local\nattacker could use this to expose sensitive information.\n(CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco,\nStephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro\nFrigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered\nthat memory previously stored in microarchitectural load ports of an\nIntel CPU core may be exposed to a malicious process that is executing\non the same CPU core. A local attacker could use this to expose\nsensitive information. (CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin,\nDaniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel\nGenkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom\ndiscovered that memory previously stored in microarchitectural store\nbuffers of an Intel CPU core may be exposed to a malicious process\nthat is executing on the same CPU core. A local attacker could use\nthis to expose sensitive information. (CVE-2018-12126)\n\nVasily Averin and Evgenii Shatokhin discovered that a use-after-free\nvulnerability existed in the NFS41+ subsystem when multiple network\nnamespaces are in use. A local attacker in a container could use this\nto cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2018-16884)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur,\nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa\nMilburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert\nBos, and Cristiano Giuffrida discovered that uncacheable memory\npreviously stored in microarchitectural buffers of an Intel CPU core\nmay be exposed to a malicious process that is executing on the same\nCPU core. A local attacker could use this to expose sensitive\ninformation. (CVE-2019-11091)\n\nMatteo Croce, Natale Vinto, and Andrea Spagnolo discovered that the\ncgroups subsystem of the Linux kernel did not properly account for\nSCTP socket buffers. A local attacker could use this to cause a denial\nof service (system crash). (CVE-2019-3874)\n\nAlex Williamson discovered that the vfio subsystem of the Linux kernel\ndid not properly limit DMA mappings. A local attacker could use this\nto cause a denial of service (memory exhaustion). (CVE-2019-3882)\n\nHugues Anguelkov discovered that the Broadcom Wifi driver in the Linux\nkernel contained a heap buffer overflow. A physically proximate\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2019-9500)\n\nHugues Anguelkov discovered that the Broadcom Wifi driver in the Linux\nkernel did not properly prevent remote firmware events from being\nprocessed for USB Wifi devices. A physically proximate attacker could\nuse this to send firmware events to the device. (CVE-2019-9503).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3981-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9503\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2018-16884\", \"CVE-2019-11091\", \"CVE-2019-3874\", \"CVE-2019-3882\", \"CVE-2019-9500\", \"CVE-2019-9503\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3981-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1013-oracle\", pkgver:\"4.15.0-1013.15\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1032-gcp\", pkgver:\"4.15.0-1032.34\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1034-kvm\", pkgver:\"4.15.0-1034.34\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1036-raspi2\", pkgver:\"4.15.0-1036.38\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1038-oem\", pkgver:\"4.15.0-1038.43\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1039-aws\", pkgver:\"4.15.0-1039.41\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1053-snapdragon\", pkgver:\"4.15.0-1053.57\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-50-generic\", pkgver:\"4.15.0-50.54\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-50-generic-lpae\", pkgver:\"4.15.0-50.54\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-50-lowlatency\", pkgver:\"4.15.0-50.54\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-50-snapdragon\", pkgver:\"4.15.0-50.54\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-aws\", pkgver:\"4.15.0.1039.38\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-gcp\", pkgver:\"4.15.0.1032.34\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-generic\", pkgver:\"4.15.0.50.52\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.15.0.50.52\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-kvm\", pkgver:\"4.15.0.1034.34\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.15.0.50.52\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-oem\", pkgver:\"4.15.0.1038.43\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-oracle\", pkgver:\"4.15.0.1013.16\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.15.0.1036.34\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-snapdragon\", pkgver:\"4.15.0.1053.56\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-virtual\", pkgver:\"4.15.0.50.52\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.15-aws / linux-image-4.15-gcp / etc\");\n}\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-28T13:14:24", "description": "Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information.\n(CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored in microarchitectural load ports of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory previously stored in microarchitectural store buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12126)\n\nVasily Averin and Evgenii Shatokhin discovered that a use-after-free vulnerability existed in the NFS41+ subsystem when multiple network namespaces are in use. A local attacker in a container could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-16884)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that uncacheable memory previously stored in microarchitectural buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11091)\n\nMatteo Croce, Natale Vinto, and Andrea Spagnolo discovered that the cgroups subsystem of the Linux kernel did not properly account for SCTP socket buffers. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-3874)\n\nAlex Williamson discovered that the vfio subsystem of the Linux kernel did not properly limit DMA mappings. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-3882)\n\nMarc Orr discovered that the KVM hypervisor implementation in the Linux kernel did not properly restrict APIC MSR register values when nested virtualization is used. An attacker in a guest vm could use this to cause a denial of service (host OS crash). (CVE-2019-3887)\n\nHugues Anguelkov discovered that the Broadcom Wifi driver in the Linux kernel contained a heap buffer overflow. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-9500)\n\nHugues Anguelkov discovered that the Broadcom Wifi driver in the Linux kernel did not properly prevent remote firmware events from being processed for USB Wifi devices. A physically proximate attacker could use this to send firmware events to the device. (CVE-2019-9503).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.3, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2019-05-15T00:00:00", "type": "nessus", "title": "Ubuntu 18.10 : Linux kernel vulnerabilities (USN-3980-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2018-16884", "CVE-2019-11091", "CVE-2019-3874", "CVE-2019-3882", "CVE-2019-3887", "CVE-2019-9500", "CVE-2019-9503"], "modified": "2020-09-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "cpe:/o:canonical:ubuntu_linux:18.10"], "id": "UBUNTU_USN-3980-1.NASL", "href": "https://www.tenable.com/plugins/nessus/125139", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3980-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125139);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2018-16884\", \"CVE-2019-11091\", \"CVE-2019-3874\", \"CVE-2019-3882\", \"CVE-2019-3887\", \"CVE-2019-9500\", \"CVE-2019-9503\");\n script_xref(name:\"USN\", value:\"3980-1\");\n\n script_name(english:\"Ubuntu 18.10 : Linux kernel vulnerabilities (USN-3980-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi\nMaisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan\nvan Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh\nRazavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael\nSchwarz, and Daniel Gruss discovered that memory previously stored in\nmicroarchitectural fill buffers of an Intel CPU core may be exposed to\na malicious process that is executing on the same CPU core. A local\nattacker could use this to expose sensitive information.\n(CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco,\nStephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro\nFrigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered\nthat memory previously stored in microarchitectural load ports of an\nIntel CPU core may be exposed to a malicious process that is executing\non the same CPU core. A local attacker could use this to expose\nsensitive information. (CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin,\nDaniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel\nGenkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom\ndiscovered that memory previously stored in microarchitectural store\nbuffers of an Intel CPU core may be exposed to a malicious process\nthat is executing on the same CPU core. A local attacker could use\nthis to expose sensitive information. (CVE-2018-12126)\n\nVasily Averin and Evgenii Shatokhin discovered that a use-after-free\nvulnerability existed in the NFS41+ subsystem when multiple network\nnamespaces are in use. A local attacker in a container could use this\nto cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2018-16884)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur,\nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa\nMilburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert\nBos, and Cristiano Giuffrida discovered that uncacheable memory\npreviously stored in microarchitectural buffers of an Intel CPU core\nmay be exposed to a malicious process that is executing on the same\nCPU core. A local attacker could use this to expose sensitive\ninformation. (CVE-2019-11091)\n\nMatteo Croce, Natale Vinto, and Andrea Spagnolo discovered that the\ncgroups subsystem of the Linux kernel did not properly account for\nSCTP socket buffers. A local attacker could use this to cause a denial\nof service (system crash). (CVE-2019-3874)\n\nAlex Williamson discovered that the vfio subsystem of the Linux kernel\ndid not properly limit DMA mappings. A local attacker could use this\nto cause a denial of service (memory exhaustion). (CVE-2019-3882)\n\nMarc Orr discovered that the KVM hypervisor implementation in the\nLinux kernel did not properly restrict APIC MSR register values when\nnested virtualization is used. An attacker in a guest vm could use\nthis to cause a denial of service (host OS crash). (CVE-2019-3887)\n\nHugues Anguelkov discovered that the Broadcom Wifi driver in the Linux\nkernel contained a heap buffer overflow. A physically proximate\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2019-9500)\n\nHugues Anguelkov discovered that the Broadcom Wifi driver in the Linux\nkernel did not properly prevent remote firmware events from being\nprocessed for USB Wifi devices. A physically proximate attacker could\nuse this to send firmware events to the device. (CVE-2019-9503).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3980-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9503\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 18.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2018-16884\", \"CVE-2019-11091\", \"CVE-2019-3874\", \"CVE-2019-3882\", \"CVE-2019-3887\", \"CVE-2019-9500\", \"CVE-2019-9503\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3980-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"18.10\", pkgname:\"linux-image-4.18.0-1011-gcp\", pkgver:\"4.18.0-1011.12\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"linux-image-4.18.0-1012-kvm\", pkgver:\"4.18.0-1012.12\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"linux-image-4.18.0-1014-raspi2\", pkgver:\"4.18.0-1014.16\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"linux-image-4.18.0-1016-aws\", pkgver:\"4.18.0-1016.18\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"linux-image-4.18.0-1018-azure\", pkgver:\"4.18.0-1018.18\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"linux-image-4.18.0-20-generic\", pkgver:\"4.18.0-20.21\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"linux-image-4.18.0-20-generic-lpae\", pkgver:\"4.18.0-20.21\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"linux-image-4.18.0-20-lowlatency\", pkgver:\"4.18.0-20.21\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"linux-image-4.18.0-20-snapdragon\", pkgver:\"4.18.0-20.21\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"linux-image-aws\", pkgver:\"4.18.0.1016.16\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"linux-image-azure\", pkgver:\"4.18.0.1018.19\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"linux-image-gcp\", pkgver:\"4.18.0.1011.11\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"linux-image-generic\", pkgver:\"4.18.0.20.21\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.18.0.20.21\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"linux-image-gke\", pkgver:\"4.18.0.1011.11\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"linux-image-kvm\", pkgver:\"4.18.0.1012.12\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.18.0.20.21\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"linux-image-raspi2\", pkgver:\"4.18.0.1014.11\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"linux-image-snapdragon\", pkgver:\"4.18.0.20.21\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"linux-image-virtual\", pkgver:\"4.18.0.20.21\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.18-aws / linux-image-4.18-azure / etc\");\n}\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-28T13:15:32", "description": "USN-3980-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.10.\nThis update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.10 for Ubuntu 18.04 LTS.\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information.\n(CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored in microarchitectural load ports of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory previously stored in microarchitectural store buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12126)\n\nVasily Averin and Evgenii Shatokhin discovered that a use-after-free vulnerability existed in the NFS41+ subsystem when multiple network namespaces are in use. A local attacker in a container could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-16884)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that uncacheable memory previously stored in microarchitectural buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11091)\n\nMatteo Croce, Natale Vinto, and Andrea Spagnolo discovered that the cgroups subsystem of the Linux kernel did not properly account for SCTP socket buffers. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-3874)\n\nAlex Williamson discovered that the vfio subsystem of the Linux kernel did not properly limit DMA mappings. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-3882)\n\nMarc Orr discovered that the KVM hypervisor implementation in the Linux kernel did not properly restrict APIC MSR register values when nested virtualization is used. An attacker in a guest vm could use this to cause a denial of service (host OS crash). (CVE-2019-3887)\n\nHugues Anguelkov discovered that the Broadcom Wifi driver in the Linux kernel contained a heap buffer overflow. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-9500)\n\nHugues Anguelkov discovered that the Broadcom Wifi driver in the Linux kernel did not properly prevent remote firmware events from being processed for USB Wifi devices. A physically proximate attacker could use this to send firmware events to the device. (CVE-2019-9503).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.3, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2019-05-15T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS : Linux kernel (HWE) vulnerabilities (USN-3980-2) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2018-16884", "CVE-2019-11091", "CVE-2019-3874", "CVE-2019-3882", "CVE-2019-3887", "CVE-2019-9500", "CVE-2019-9503"], "modified": "2020-09-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-3980-2.NASL", "href": "https://www.tenable.com/plugins/nessus/125140", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3980-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125140);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2018-16884\", \"CVE-2019-11091\", \"CVE-2019-3874\", \"CVE-2019-3882\", \"CVE-2019-3887\", \"CVE-2019-9500\", \"CVE-2019-9503\");\n script_xref(name:\"USN\", value:\"3980-2\");\n\n script_name(english:\"Ubuntu 18.04 LTS : Linux kernel (HWE) vulnerabilities (USN-3980-2) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-3980-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.10.\nThis update provides the corresponding updates for the Linux Hardware\nEnablement (HWE) kernel from Ubuntu 18.10 for Ubuntu 18.04 LTS.\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi\nMaisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan\nvan Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh\nRazavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael\nSchwarz, and Daniel Gruss discovered that memory previously stored in\nmicroarchitectural fill buffers of an Intel CPU core may be exposed to\na malicious process that is executing on the same CPU core. A local\nattacker could use this to expose sensitive information.\n(CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco,\nStephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro\nFrigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered\nthat memory previously stored in microarchitectural load ports of an\nIntel CPU core may be exposed to a malicious process that is executing\non the same CPU core. A local attacker could use this to expose\nsensitive information. (CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin,\nDaniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel\nGenkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom\ndiscovered that memory previously stored in microarchitectural store\nbuffers of an Intel CPU core may be exposed to a malicious process\nthat is executing on the same CPU core. A local attacker could use\nthis to expose sensitive information. (CVE-2018-12126)\n\nVasily Averin and Evgenii Shatokhin discovered that a use-after-free\nvulnerability existed in the NFS41+ subsystem when multiple network\nnamespaces are in use. A local attacker in a container could use this\nto cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2018-16884)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur,\nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa\nMilburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert\nBos, and Cristiano Giuffrida discovered that uncacheable memory\npreviously stored in microarchitectural buffers of an Intel CPU core\nmay be exposed to a malicious process that is executing on the same\nCPU core. A local attacker could use this to expose sensitive\ninformation. (CVE-2019-11091)\n\nMatteo Croce, Natale Vinto, and Andrea Spagnolo discovered that the\ncgroups subsystem of the Linux kernel did not properly account for\nSCTP socket buffers. A local attacker could use this to cause a denial\nof service (system crash). (CVE-2019-3874)\n\nAlex Williamson discovered that the vfio subsystem of the Linux kernel\ndid not properly limit DMA mappings. A local attacker could use this\nto cause a denial of service (memory exhaustion). (CVE-2019-3882)\n\nMarc Orr discovered that the KVM hypervisor implementation in the\nLinux kernel did not properly restrict APIC MSR register values when\nnested virtualization is used. An attacker in a guest vm could use\nthis to cause a denial of service (host OS crash). (CVE-2019-3887)\n\nHugues Anguelkov discovered that the Broadcom Wifi driver in the Linux\nkernel contained a heap buffer overflow. A physically proximate\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2019-9500)\n\nHugues Anguelkov discovered that the Broadcom Wifi driver in the Linux\nkernel did not properly prevent remote firmware events from being\nprocessed for USB Wifi devices. A physically proximate attacker could\nuse this to send firmware events to the device. (CVE-2019-9503).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3980-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9503\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2018-16884\", \"CVE-2019-11091\", \"CVE-2019-3874\", \"CVE-2019-3882\", \"CVE-2019-3887\", \"CVE-2019-9500\", \"CVE-2019-9503\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3980-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.18.0-1018-azure\", pkgver:\"4.18.0-1018.18~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.18.0-20-generic\", pkgver:\"4.18.0-20.21~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.18.0-20-generic-lpae\", pkgver:\"4.18.0-20.21~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.18.0-20-lowlatency\", pkgver:\"4.18.0-20.21~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.18.0-20-snapdragon\", pkgver:\"4.18.0-20.21~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-azure\", pkgver:\"4.18.0.1018.17\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-generic-hwe-18.04\", pkgver:\"4.18.0.20.70\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-generic-lpae-hwe-18.04\", pkgver:\"4.18.0.20.70\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-lowlatency-hwe-18.04\", pkgver:\"4.18.0.20.70\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-snapdragon-hwe-18.04\", pkgver:\"4.18.0.20.70\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-virtual-hwe-18.04\", pkgver:\"4.18.0.20.70\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.18-azure / linux-image-4.18-generic / etc\");\n}\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-28T13:14:47", "description": "Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information.\n(CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored in microarchitectural load ports of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory previously stored in microarchitectural store buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12126)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that uncacheable memory previously stored in microarchitectural buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11091)\n\nIt was discovered that the IPv4 generic receive offload (GRO) for UDP implementation in the Linux kernel did not properly handle padded packets. A remote attacker could use this to cause a denial of service (system crash). (CVE-2019-11683)\n\nIt was discovered that a race condition existed in the Binder IPC driver for the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2019-1999)\n\nMatteo Croce, Natale Vinto, and Andrea Spagnolo discovered that the cgroups subsystem of the Linux kernel did not properly account for SCTP socket buffers. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-3874)\n\nAlex Williamson discovered that the vfio subsystem of the Linux kernel did not properly limit DMA mappings. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-3882)\n\nMarc Orr discovered that the KVM hypervisor implementation in the Linux kernel did not properly restrict APIC MSR register values when nested virtualization is used. An attacker in a guest vm could use this to cause a denial of service (host OS crash). (CVE-2019-3887)\n\nHugues Anguelkov discovered that the Broadcom Wifi driver in the Linux kernel contained a heap buffer overflow. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-9500)\n\nHugues Anguelkov discovered that the Broadcom Wifi driver in the Linux kernel did not properly prevent remote firmware events from being processed for USB Wifi devices. A physically proximate attacker could use this to send firmware events to the device. (CVE-2019-9503).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-15T00:00:00", "type": "nessus", "title": "Ubuntu 19.04 : Linux kernel vulnerabilities (USN-3979-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091", "CVE-2019-11683", "CVE-2019-1999", "CVE-2019-3874", "CVE-2019-3882", "CVE-2019-3887", "CVE-2019-9500", "CVE-2019-9503"], "modified": "2020-09-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "cpe:/o:canonical:ubuntu_linux:19.04"], "id": "UBUNTU_USN-3979-1.NASL", "href": "https://www.tenable.com/plugins/nessus/125138", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3979-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125138);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\", \"CVE-2019-11683\", \"CVE-2019-1999\", \"CVE-2019-3874\", \"CVE-2019-3882\", \"CVE-2019-3887\", \"CVE-2019-9500\", \"CVE-2019-9503\");\n script_xref(name:\"USN\", value:\"3979-1\");\n\n script_name(english:\"Ubuntu 19.04 : Linux kernel vulnerabilities (USN-3979-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi\nMaisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan\nvan Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh\nRazavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael\nSchwarz, and Daniel Gruss discovered that memory previously stored in\nmicroarchitectural fill buffers of an Intel CPU core may be exposed to\na malicious process that is executing on the same CPU core. A local\nattacker could use this to expose sensitive information.\n(CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco,\nStephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro\nFrigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered\nthat memory previously stored in microarchitectural load ports of an\nIntel CPU core may be exposed to a malicious process that is executing\non the same CPU core. A local attacker could use this to expose\nsensitive information. (CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin,\nDaniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel\nGenkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom\ndiscovered that memory previously stored in microarchitectural store\nbuffers of an Intel CPU core may be exposed to a malicious process\nthat is executing on the same CPU core. A local attacker could use\nthis to expose sensitive information. (CVE-2018-12126)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur,\nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa\nMilburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert\nBos, and Cristiano Giuffrida discovered that uncacheable memory\npreviously stored in microarchitectural buffers of an Intel CPU core\nmay be exposed to a malicious process that is executing on the same\nCPU core. A local attacker could use this to expose sensitive\ninformation. (CVE-2019-11091)\n\nIt was discovered that the IPv4 generic receive offload (GRO) for UDP\nimplementation in the Linux kernel did not properly handle padded\npackets. A remote attacker could use this to cause a denial of service\n(system crash). (CVE-2019-11683)\n\nIt was discovered that a race condition existed in the Binder IPC\ndriver for the Linux kernel. A local attacker could use this to cause\na denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2019-1999)\n\nMatteo Croce, Natale Vinto, and Andrea Spagnolo discovered that the\ncgroups subsystem of the Linux kernel did not properly account for\nSCTP socket buffers. A local attacker could use this to cause a denial\nof service (system crash). (CVE-2019-3874)\n\nAlex Williamson discovered that the vfio subsystem of the Linux kernel\ndid not properly limit DMA mappings. A local attacker could use this\nto cause a denial of service (memory exhaustion). (CVE-2019-3882)\n\nMarc Orr discovered that the KVM hypervisor implementation in the\nLinux kernel did not properly restrict APIC MSR register values when\nnested virtualization is used. An attacker in a guest vm could use\nthis to cause a denial of service (host OS crash). (CVE-2019-3887)\n\nHugues Anguelkov discovered that the Broadcom Wifi driver in the Linux\nkernel contained a heap buffer overflow. A physically proximate\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2019-9500)\n\nHugues Anguelkov discovered that the Broadcom Wifi driver in the Linux\nkernel did not properly prevent remote firmware events from being\nprocessed for USB Wifi devices. A physically proximate attacker could\nuse this to send firmware events to the device. (CVE-2019-9503).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3979-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(19\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 19.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\", \"CVE-2019-11683\", \"CVE-2019-1999\", \"CVE-2019-3874\", \"CVE-2019-3882\", \"CVE-2019-3887\", \"CVE-2019-9500\", \"CVE-2019-9503\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3979-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1006-aws\", pkgver:\"5.0.0-1006.6\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1006-azure\", pkgver:\"5.0.0-1006.6\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1006-gcp\", pkgver:\"5.0.0-1006.6\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1006-kvm\", pkgver:\"5.0.0-1006.6\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1008-raspi2\", pkgver:\"5.0.0-1008.8\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-15-generic\", pkgver:\"5.0.0-15.16\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-15-generic-lpae\", pkgver:\"5.0.0-15.16\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-15-lowlatency\", pkgver:\"5.0.0-15.16\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-aws\", pkgver:\"5.0.0.1006.6\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-azure\", pkgver:\"5.0.0.1006.6\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-gcp\", pkgver:\"5.0.0.1006.6\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-generic\", pkgver:\"5.0.0.15.16\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"5.0.0.15.16\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-gke\", pkgver:\"5.0.0.1006.6\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-kvm\", pkgver:\"5.0.0.1006.6\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"5.0.0.15.16\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-raspi2\", pkgver:\"5.0.0.1008.5\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-virtual\", pkgver:\"5.0.0.15.16\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-5.0-aws / linux-image-5.0-azure / linux-image-5.0-gcp / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-28T13:14:48", "description": "The openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes.\n\nFour new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331)\n\n - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)\n\n - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)\n\n - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS)\n\n - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)\n\nThis kernel update contains software mitigations for these issues, which also utilize CPU microcode updates shipped in parallel.\n\nFor more information on this set of information leaks, check out https://www.suse.com/support/kb/doc/?id=7023736\n\nThe following security bugs were fixed :\n\n - CVE-2018-16880: A flaw was found in handle_rx() function in the vhost_net driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic.\n Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (bnc#1122767).\n\n - CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c had multiple race conditions (bnc#1133188). It has been disabled.\n\n - CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c. There is a race condition leading to a use-after-free, related to net namespace cleanup (bnc#1134537).\n\n - CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\\0' character (bnc#1134848).\n\n - CVE-2019-3882: A flaw was found in vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). (bnc#1131416 bnc#1131427).\n\n - CVE-2019-9003: Attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a 'service ipmievd restart' loop (bnc#1126704).\n\n - CVE-2019-9500: A brcmfmac heap buffer overflow in brcmf_wowl_nd_results was fixed (bnc#1132681).\n\n - CVE-2019-9503: Multiple brcmfmac frame validation bypasses have been fixed (bnc#1132828).\n\nThe following non-security bugs were fixed :\n\n - 9p: do not trust pdu content for stat item size (bsc#1051510).\n\n - acpi, nfit: Prefer _DSM over _LSR for namespace label reads (bsc#1112128) (bsc#1132426).\n\n - ACPI / SBS: Fix GPE storm on recent MacBookPro's (bsc#1051510).\n\n - ALSA: core: Do not refer to snd_cards array directly (bsc#1051510).\n\n - ALSA: core: Fix card races between register and disconnect (bsc#1051510).\n\n - ALSA: emu10k1: Drop superfluous id-uniquification behavior (bsc#1051510).\n\n - ALSA: hda - Add two more machines to the power_save_blacklist (bsc#1051510).\n\n - ALSA: hda/hdmi - Consider eld_valid when reporting jack event (bsc#1051510).\n\n - ALSA: hda/hdmi - Read the pin sense from register when repolling (bsc#1051510).\n\n - ALSA: hda: Initialize power_state field properly (bsc#1051510).\n\n - ALSA: hda/realtek - Add new Dell platform for headset mode (bsc#1051510).\n\n - ALSA: hda/realtek - Add quirk for Tuxedo XC 1509 (bsc#1131442).\n\n - ALSA: hda/realtek - Add support headset mode for DELL WYSE AIO (bsc#1051510).\n\n - ALSA: hda/realtek - Add support headset mode for New DELL WYSE NB (bsc#1051510).\n\n - ALSA: hda/realtek - add two more pin configuration sets to quirk table (bsc#1051510).\n\n - ALSA: hda/realtek - Apply the fixup for ASUS Q325UAR (bsc#1051510).\n\n - ALSA: hda/realtek - EAPD turn on later (bsc#1051510).\n\n - ALSA: hda/realtek - Fixed Dell AIO speaker noise (bsc#1051510).\n\n - ALSA: hda - Register irq handler after the chip initialization (bsc#1051510).\n\n - ALSA: hdea/realtek - Headset fixup for System76 Gazelle (gaze14) (bsc#1051510).\n\n - ALSA: info: Fix racy addition/deletion of nodes (bsc#1051510).\n\n - ALSA: line6: Avoid polluting led_* namespace (bsc#1051510).\n\n - ALSA: line6: use dynamic buffers (bsc#1051510).\n\n - ALSA: PCM: check if ops are defined before suspending PCM (bsc#1051510).\n\n - ALSA: seq: Align temporary re-locking with irqsave version (bsc#1051510).\n\n - ALSA: seq: Correct unlock sequence at snd_seq_client_ioctl_unlock() (bsc#1051510).\n\n - ALSA: seq: Cover unsubscribe_port() in list_mutex (bsc#1051510).\n\n - ALSA: seq: Fix OOB-reads from strlcpy (bsc#1051510).\n\n - ALSA: seq: Fix race of get-subscription call vs port-delete ioctls (bsc#1051510).\n\n - ALSA: seq: Protect in-kernel ioctl calls with mutex (bsc#1051510).\n\n - ALSA: seq: Protect racy pool manipulation from OSS sequencer (bsc#1051510).\n\n - ALSA: seq: Remove superfluous irqsave flags (bsc#1051510).\n\n - ALSA: seq: Simplify snd_seq_kernel_client_enqueue() helper (bsc#1051510).\n\n - ALSA: timer: Check ack_list emptiness instead of bit flag (bsc#1051510).\n\n - ALSA: timer: Coding style fixes (bsc#1051510).\n\n - ALSA: timer: Make snd_timer_close() really kill pending actions (bsc#1051510).\n\n - ALSA: timer: Make sure to clear pending ack list (bsc#1051510).\n\n - ALSA: timer: Revert active callback sync check at close (bsc#1051510).\n\n - ALSA: timer: Simplify error path in snd_timer_open() (bsc#1051510).\n\n - ALSA: timer: Unify timer callback process code (bsc#1051510).\n\n - ALSA: usb-audio: Fix a memory leak bug (bsc#1051510).\n\n - ALSA: usb-audio: Handle the error from snd_usb_mixer_apply_create_quirk() (bsc#1051510).\n\n - ALSA: usx2y: fix a double free bug (bsc#1051510).\n\n - ASoC: cs4270: Set auto-increment bit for register writes (bsc#1051510).\n\n - ASoC: fix valid stream condition (bsc#1051510).\n\n - ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe (bsc#1051510).\n\n - ASoC: fsl_esai: fix channel swap issue when stream starts (bsc#1051510).\n\n - ASoC: fsl_esai: Fix missing break in switch statement (bsc#1051510).\n\n - ASoC: hdmi-codec: fix S/PDIF DAI (bsc#1051510).\n\n - ASoC: Intel: avoid Oops if DMA setup fails (bsc#1051510).\n\n - ASoC: max98090: Fix restore of DAPM Muxes (bsc#1051510).\n\n - ASoC: nau8810: fix the issue of widget with prefixed name (bsc#1051510).\n\n - ASoC: nau8824: fix the issue of the widget with prefix name (bsc#1051510).\n\n - ASoC: RT5677-SPI: Disable 16Bit SPI Transfers (bsc#1051510).\n\n - ASoC: samsung: odroid: Fix clock configuration for 44100 sample rate (bsc#1051510).\n\n - ASoC:soc-pcm:fix a codec fixup issue in TDM case (bsc#1051510).\n\n - ASoC: stm32: fix sai driver name initialisation (bsc#1051510).\n\n - ASoC: tlv320aic32x4: Fix Common Pins (bsc#1051510).\n\n - ASoC: topology: free created components in tplg load error (bsc#1051510).\n\n - ASoC: wm_adsp: Add locking to wm_adsp2_bus_error (bsc#1051510).\n\n - assume flash part size to be 4MB, if it can't be determined (bsc#1127371).\n\n - at76c50x-usb: Do not register led_trigger if usb_register_driver failed (bsc#1051510).\n\n - ath10k: avoid possible string overflow (bsc#1051510).\n\n - audit: fix a memleak caused by auditing load module (bsc#1051510).\n\n - b43: shut up clang -Wuninitialized variable warning (bsc#1051510).\n\n - batman-adv: Reduce claim hash refcnt only for removed entry (bsc#1051510).\n\n - batman-adv: Reduce tt_global hash refcnt only for removed entry (bsc#1051510).\n\n - batman-adv: Reduce tt_local hash refcnt only for removed entry (bsc#1051510).\n\n - bcache: account size of buckets used in uuid write to ca->meta_sectors_written (bsc#1130972).\n\n - bcache: add a comment in super.c (bsc#1130972).\n\n - bcache: add code comments for bset.c (bsc#1130972).\n\n - bcache: add comment for cache_set->fill_iter (bsc#1130972).\n\n - bcache: add identifier names to arguments of function definitions (bsc#1130972).\n\n - bcache: add missing SPDX header (bsc#1130972).\n\n - bcache: add MODULE_DESCRIPTION information (bsc#1130972).\n\n - bcache: add separate workqueue for journal_write to avoid deadlock (bsc#1130972).\n\n - bcache: add static const prefix to char * array declarations (bsc#1130972).\n\n - bcache: add sysfs_strtoul_bool() for setting bit-field variables (bsc#1130972).\n\n - bcache: add the missing comments for smp_mb()/smp_wmb() (bsc#1130972).\n\n - bcache: cannot set writeback_running via sysfs if no writeback kthread created (bsc#1130972).\n\n - bcache: correct dirty data statistics (bsc#1130972).\n\n - bcache: do not assign in if condition in bcache_init() (bsc#1130972).\n\n - bcache: do not assign in if condition register_bcache() (bsc#1130972).\n\n - bcache: do not check if debug dentry is ERR or NULL explicitly on remove (bsc#1130972).\n\n - bcache: do not check NULL pointer before calling kmem_cache_destroy (bsc#1130972).\n\n - bcache: do not clone bio in bch_data_verify (bsc#1130972).\n\n - bcache: do not mark writeback_running too early (bsc#1130972).\n\n - bcache: export backing_dev_name via sysfs (bsc#1130972).\n\n - bcache: export backing_dev_uuid via sysfs (bsc#1130972).\n\n - bcache: fix code comments style (bsc#1130972).\n\n - bcache: fix indentation issue, remove tabs on a hunk of code (bsc#1130972).\n\n - bcache: fix indent by replacing blank by tabs (bsc#1130972).\n\n - bcache: fix input integer overflow of congested threshold (bsc#1130972).\n\n - bcache: fix input overflow to cache set io_error_limit (bsc#1130972).\n\n - bcache: fix input overflow to cache set sysfs file io_error_halflife (bsc#1130972).\n\n - bcache: fix input overflow to journal_delay_ms (bsc#1130972).\n\n - bcache: fix input overflow to sequential_cutoff (bsc#1130972).\n\n - bcache: fix input overflow to writeback_delay (bsc#1130972).\n\n - bcache: fix input overflow to writeback_rate_minimum (bsc#1130972).\n\n - bcache: fix ioctl in flash device (bsc#1130972).\n\n - bcache: fix mistaken code comments in bcache.h (bsc#1130972).\n\n - bcache: fix mistaken comments in request.c (bsc#1130972).\n\n - bcache: fix potential div-zero error of writeback_rate_i_term_inverse (bsc#1130972).\n\n - bcache: fix potential div-zero error of writeback_rate_p_term_inverse (bsc#1130972).\n\n - bcache: fix typo in code comments of closure_return_with_destructor() (bsc#1130972).\n\n - bcache: fix typo 'succesfully' to 'successfully' (bsc#1130972).\n\n - bcache: improve sysfs_strtoul_clamp() (bsc#1130972).\n\n - bcache: introduce force_wake_up_gc() (bsc#1130972).\n\n - bcache: make cutoff_writeback and cutoff_writeback_sync tunable (bsc#1130972).\n\n - bcache: Move couple of functions to sysfs.c (bsc#1130972).\n\n - bcache: Move couple of string arrays to sysfs.c (bsc#1130972).\n\n - bcache: move open brace at end of function definitions to next line (bsc#1130972).\n\n - bcache: never writeback a discard operation (bsc#1130972).\n\n - bcache: not use hard coded memset size in bch_cache_accounting_clear() (bsc#1130972).\n\n - bcache: option to automatically run gc thread after writeback (bsc#1130972).\n\n - bcache: panic fix for making cache device (bsc#1130972).\n\n - bcache: Populate writeback_rate_minimum attribute (bsc#1130972).\n\n - bcache: prefer 'help' in Kconfig (bsc#1130972).\n\n - bcache: print number of keys in trace_bcache_journal_write (bsc#1130972).\n\n - bcache: recal cached_dev_sectors on detach (bsc#1130972).\n\n - bcache: remove unnecessary space before ioctl function pointer arguments (bsc#1130972).\n\n - bcache: remove unused bch_passthrough_cache (bsc#1130972).\n\n - bcache: remove useless parameter of bch_debug_init() (bsc#1130972).\n\n - bcache: Replace bch_read_string_list() by\n __sysfs_match_string() (bsc#1130972).\n\n - bcache: replace hard coded number with BUCKET_GC_GEN_MAX (bsc#1130972).\n\n - bcache: replace '%pF' by '%pS' in seq_printf() (bsc#1130972).\n\n - bcache: replace printk() by pr_*() routines (bsc#1130972).\n\n - bcache: replace Symbolic permissions by octal permission numbers (bsc#1130972).\n\n - bcache: set writeback_percent in a flexible range (bsc#1130972).\n\n - bcache: split combined if-condition code into separate ones (bsc#1130972).\n\n - bcache: stop bcache device when backing device is offline (bsc#1130972).\n\n - bcache: stop using the deprecated get_seconds() (bsc#1130972).\n\n - bcache: style fixes for lines over 80 characters (bsc#1130972).\n\n - bcache: style fix to add a blank line after declarations (bsc#1130972).\n\n - bcache: style fix to replace 'unsigned' by 'unsigned int' (bsc#1130972).\n\n - bcache: treat stale && dirty keys as bad keys (bsc#1130972).\n\n - bcache: trivial - remove tailing backslash in macro BTREE_FLAG (bsc#1130972).\n\n - bcache: update comment for bch_data_insert (bsc#1130972).\n\n - bcache: update comment in sysfs.c (bsc#1130972).\n\n - bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set (bsc#1130972).\n\n - bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata (bsc#1130972).\n\n - bcache: use REQ_PRIO to indicate bio for metadata (bsc#1130972).\n\n - bcache: use routines from lib/crc64.c for CRC64 calculation (bsc#1130972).\n\n - bcache: use sysfs_strtoul_bool() to set bit-field variables (bsc#1130972).\n\n - blkcg: Introduce blkg_root_lookup() (bsc#1131673).\n\n - blkcg: Make blkg_root_lookup() work for queues in bypass mode (bsc#1131673).\n\n - blk-mq: adjust debugfs and sysfs register when updating nr_hw_queues (bsc#1131673).\n\n - blk-mq: Avoid that submitting a bio concurrently with device removal triggers a crash (bsc#1131673).\n\n - blk-mq: change gfp flags to GFP_NOIO in blk_mq_realloc_hw_ctxs (bsc#1131673).\n\n - blk-mq: fallback to previous nr_hw_queues when updating fails (bsc#1131673).\n\n - blk-mq: init hctx sched after update ctx and hctx mapping (bsc#1131673).\n\n - blk-mq: realloc hctx when hw queue is mapped to another node (bsc#1131673).\n\n - blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter (bsc#1131673).\n\n - block: check_events: do not bother with events if unsupported (bsc#1110946, bsc#1119843).\n\n - block: disk_events: introduce event flags (bsc#1110946, bsc#1119843).\n\n - block: Ensure that a request queue is dissociated from the cgroup controller (bsc#1131673).\n\n - block: Fix a race between request queue removal and the block cgroup controller (bsc#1131673).\n\n - block: Introduce blk_exit_queue() (bsc#1131673).\n\n - block: kABI fixes for bio_rewind_iter() removal (bsc#1131673).\n\n - block: remove bio_rewind_iter() (bsc#1131673).\n\n - bluetooth: Align minimum encryption key size for LE and BR/EDR connections (bsc#1051510).\n\n - bluetooth: btusb: request wake pin with NOAUTOEN (bsc#1051510).\n\n - bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt (bsc#1051510).\n\n - bluetooth: hci_uart: Check if socket buffer is ERR_PTR in h4_recv_buf() (bsc#1133731).\n\n - bluetooth: hidp: fix buffer overflow (bsc#1051510).\n\n - bnxt_en: Drop oversize TX packets to prevent errors (networking-stable-19_03_07).\n\n - bonding: fix PACKET_ORIGDEV regression (git-fixes).\n\n - bpf: fix use after free in bpf_evict_inode (bsc#1083647).\n\n - brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler() (bsc#1051510).\n\n - btrfs: add a helper to return a head ref (bsc#1134813).\n\n - btrfs: Avoid possible qgroup_rsv_size overflow in btrfs_calculate_inode_block_rsv_size (git-fixes).\n\n - btrfs: breakout empty head cleanup to a helper (bsc#1134813).\n\n - btrfs: check for refs on snapshot delete resume (bsc#1131335).\n\n - btrfs: delayed-ref: Introduce better documented delayed ref structures (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: Do not panic when we can't find a root key (bsc#1112063).\n\n - btrfs: extent-tree: Open-code process_func in\n __btrfs_mod_ref (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: Factor out common delayed refs init code (bsc#1134813).\n\n - btrfs: fix assertion failure on fsync with NO_HOLES enabled (bsc#1131848).\n\n - btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks (git-fixes).\n\n - btrfs: fix incorrect file size after shrinking truncate and fsync (bsc#1130195).\n\n - btrfs: Introduce init_delayed_ref_head (bsc#1134813).\n\n - btrfs: move all ref head cleanup to the helper function (bsc#1134813).\n\n - btrfs: move extent_op cleanup to a helper (bsc#1134813).\n\n - btrfs: move ref_mod modification into the if (ref) logic (bsc#1134813).\n\n - btrfs: Open-code add_delayed_data_ref (bsc#1134813).\n\n - btrfs: Open-code add_delayed_tree_ref (bsc#1134813).\n\n - btrfs: qgroup: Move reserved data accounting from btrfs_delayed_ref_head to btrfs_qgroup_extent_record (bsc#1134162).\n\n - btrfs: qgroup: Remove duplicated trace points for qgroup_rsv_add/release (bsc#1134160).\n\n - btrfs: remove delayed_ref_node from ref_head (bsc#1134813).\n\n - btrfs: remove WARN_ON in log_dir_items (bsc#1131847).\n\n - btrfs: save drop_progress if we drop refs at all (bsc#1131336).\n\n - btrfs: split delayed ref head initialization and addition (bsc#1134813).\n\n - btrfs: track refs in a rb_tree instead of a list (bsc#1134813).\n\n - btrfs: Use init_delayed_ref_common in add_delayed_data_ref (bsc#1134813).\n\n - btrfs: Use init_delayed_ref_common in add_delayed_tree_ref (bsc#1134813).\n\n - btrfs: Use init_delayed_ref_head in add_delayed_ref_head (bsc#1134813).\n\n - cdrom: Fix race condition in cdrom_sysctl_register (bsc#1051510).\n\n - ceph: ensure d_name stability in ceph_dentry_hash() (bsc#1134461).\n\n - ceph: fix ci->i_head_snapc leak (bsc#1122776).\n\n - ceph: fix use-after-free on symlink traversal (bsc#1134459).\n\n - ceph: only use d_name directly when parent is locked (bsc#1134460).\n\n - cgroup: fix parsing empty mount option string (bsc#1133094).\n\n - cifs: Do not count -ENODATA as failure for query directory (bsc#1051510).\n\n - cifs: do not dereference smb_file_target before null check (bsc#1051510).\n\n - cifs: Do not hide EINTR after sending network packets (bsc#1051510).\n\n - cifs: Do not reconnect TCP session in add_credits() (bsc#1051510).\n\n - cifs: Do not reset lease state to NONE on lease break (bsc#1051510).\n\n - cifs: Fix adjustment of credits for MTU requests (bsc#1051510).\n\n - cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510).\n\n - cifs: Fix credits calculations for reads with errors (bsc#1051510).\n\n - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542).\n\n - cifs: Fix possible hang during async MTU reads and writes (bsc#1051510).\n\n - cifs: Fix potential OOB access of lock element array (bsc#1051510).\n\n - cifs: Fix read after write for files with read caching (bsc#1051510).\n\n - clk: fractional-divider: check parent rate only if flag is set (bsc#1051510).\n\n - clk: rockchip: fix frac settings of GPLL clock for rk3328 (bsc#1051510).\n\n - clk: rockchip: Fix video codec clocks on rk3288 (bsc#1051510).\n\n - clk: rockchip: fix wrong clock definitions for rk3328 (bsc#1051510).\n\n - clk: x86: Add system specific quirk to mark clocks as critical (bsc#1051510).\n\n - cpupowerutils: bench - Fix cpu online check (bsc#1051510).\n\n - cpu/speculation: Add 'mitigations=' cmdline option (bsc#1112178).\n\n - crypto: arm/aes-neonbs - do not access already-freed walk.iv (bsc#1051510).\n\n - crypto: caam - add missing put_device() call (bsc#1129770).\n\n - crypto: ccm - fix incompatibility between 'ccm' and 'ccm_base' (bsc#1051510).\n\n - crypto: ccp - Do not free psp_master when PLATFORM_INIT fails (bsc#1051510).\n\n - crypto: chacha20poly1305 - set cra_name correctly (bsc#1051510).\n\n - crypto: crct10dif-generic - fix use via crypto_shash_digest() (bsc#1051510).\n\n - crypto: crypto4xx - properly set IV after de- and encrypt (bsc#1051510).\n\n - crypto: fips - Grammar s/options/option/, s/to/the/ (bsc#1051510).\n\n - crypto: gcm - fix incompatibility between 'gcm' and 'gcm_base' (bsc#1051510).\n\n - crypto: pcbc - remove bogus memcpy()s with src == dest (bsc#1051510).\n\n - crypto: sha256/arm - fix crash bug in Thumb2 build (bsc#1051510).\n\n - crypto: sha512/arm - fix crash bug in Thumb2 build (bsc#1051510).\n\n - crypto: skcipher - do not WARN on unprocessed data after slow walk step (bsc#1051510).\n\n - crypto: sun4i-ss - Fix invalid calculation of hash end (bsc#1051510).\n\n - crypto: vmx - fix copy-paste error in CTR mode (bsc#1051510).\n\n - crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest() (bsc#1051510).\n\n - crypto: x86/poly1305 - fix overflow during partial reduction (bsc#1051510).\n\n - cxgb4: Add capability to get/set SGE Doorbell Queue Timer Tick (bsc#1127371).\n\n - cxgb4: Added missing break in ndo_udp_tunnel_(add/del) (bsc#1127371).\n\n - cxgb4: Add flag tc_flower_initialized (bsc#1127371).\n\n - cxgb4: Add new T5 PCI device id 0x50ae (bsc#1127371).\n\n - cxgb4: Add new T5 PCI device ids 0x50af and 0x50b0 (bsc#1127371).\n\n - cxgb4: Add new T6 PCI device ids 0x608a (bsc#1127371).\n\n - cxgb4: add per rx-queue counter for packet errors (bsc#1127371).\n\n - cxgb4: Add support for FW_ETH_TX_PKT_VM_WR (bsc#1127371).\n\n - cxgb4: add support to display DCB info (bsc#1127371).\n\n - cxgb4: Add support to read actual provisioned resources (bsc#1127371).\n\n - cxgb4: collect ASIC LA dumps from ULP TX (bsc#1127371).\n\n - cxgb4: collect hardware queue descriptors (bsc#1127371).\n\n - cxgb4: collect number of free PSTRUCT page pointers (bsc#1127371).\n\n - cxgb4: convert flower table to use rhashtable (bsc#1127371).\n\n - cxgb4: cxgb4: use FW_PORT_ACTION_L1_CFG32 for 32 bit capability (bsc#1127371).\n\n - cxgb4/cxgb4vf: Add support for SGE doorbell queue timer (bsc#1127371).\n\n - cxgb4/cxgb4vf: Fix mac_hlist initialization and free (bsc#1127374).\n\n - cxgb4/cxgb4vf: Link management changes (bsc#1127371).\n\n - cxgb4/cxgb4vf: Program hash region for (t4/t4vf)_change_mac() (bsc#1127371).\n\n - cxgb4: display number of rx and tx pages free (bsc#1127371).\n\n - cxgb4: do not return DUPLEX_UNKNOWN when link is down (bsc#1127371).\n\n - cxgb4: Export sge_host_page_size to ulds (bsc#1127371).\n\n - cxgb4: fix the error path of cxgb4_uld_register() (bsc#1127371).\n\n - cxgb4: impose mandatory VLAN usage when non-zero TAG ID (bsc#1127371).\n\n - cxgb4: Mask out interrupts that are not enabled (bsc#1127175).\n\n - cxgb4: move Tx/Rx free pages collection to common code (bsc#1127371).\n\n - cxgb4: remove redundant assignment to vlan_cmd.dropnovlan_fm (bsc#1127371).\n\n - cxgb4: Remove SGE_HOST_PAGE_SIZE dependency on page size (bsc#1127371).\n\n - cxgb4: remove the unneeded locks (bsc#1127371).\n\n - cxgb4: specify IQTYPE in fw_iq_cmd (bsc#1127371).\n\n - cxgb4: Support ethtool private flags (bsc#1127371).\n\n - cxgb4: update supported DCB version (bsc#1127371).\n\n - cxgb4: use new fw interface to get the VIN and smt index (bsc#1127371).\n\n - cxgb4vf: Few more link management changes (bsc#1127374).\n\n - cxgb4vf: fix memleak in mac_hlist initialization (bsc#1127374).\n\n - cxgb4vf: Update port information in cxgb4vf_open() (bsc#1127374).\n\n - device_cgroup: fix RCU imbalance in error case (bsc#1051510).\n\n - Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc (bsc#1051510).\n\n - dmaengine: axi-dmac: Do not check the number of frames for alignment (bsc#1051510).\n\n - dmaengine: imx-dma: fix warning comparison of distinct pointer types (bsc#1051510).\n\n - dmaengine: qcom_hidma: assign channel cookie correctly (bsc#1051510).\n\n - dmaengine: sh: rcar-dmac: With cyclic DMA residue 0 is valid (bsc#1051510).\n\n - dmaengine: tegra210-dma: free dma controller in remove() (bsc#1051510).\n\n - dmaengine: tegra: avoid overflow of byte tracking (bsc#1051510).\n\n - dm: disable DISCARD if the underlying storage no longer supports it (bsc#1114638).\n\n - drivers: hv: vmbus: Offload the handling of channels to two workqueues (bsc#1130567).\n\n - drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind() (bsc#1130567).\n\n - drm: Auto-set allow_fb_modifiers when given modifiers at plane init (bsc#1051510).\n\n - drm: bridge: dw-hdmi: Fix overflow workaround for Rockchip SoCs (bsc#1113722)\n\n - drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers (bsc#1051510).\n\n - drm/fb-helper: dpms_legacy(): Only set on connectors in use (bsc#1051510).\n\n - drm/i915: Fix I915_EXEC_RING_MASK (bsc#1051510).\n\n - drm/i915/gvt: Add in context mmio 0x20D8 to gen9 mmio list (bsc#1113722)\n\n - drm/i915/gvt: Annotate iomem usage (bsc#1051510).\n\n - drm/i915/gvt: do not deliver a workload if its creation fails (bsc#1051510).\n\n - drm/i915/gvt: do not let pin count of shadow mm go negative (bsc#1113722)\n\n - drm/i915/gvt: Fix incorrect mask of mmio 0x22028 in gen8/9 mmio list (bnc#1113722)\n\n - drm/i915/gvt: Fix MI_FLUSH_DW parsing with correct index check (bsc#1051510).\n\n - drm/mediatek: Fix an error code in mtk_hdmi_dt_parse_pdata() (bsc#1113722)\n\n - drm/mediatek: fix possible object reference leak (bsc#1051510).\n\n - drm/meson: add size and alignment requirements for dumb buffers (bnc#1113722)\n\n - drm/meson: Fix invalid pointer in meson_drv_unbind() (bsc#1051510).\n\n - drm/meson: Uninstall IRQ handler (bsc#1051510).\n\n - drm/nouveau: Stop using drm_crtc_force_disable (bsc#1051510).\n\n - drm/nouveau/volt/gf117: fix speedo readout register (bsc#1051510).\n\n - drm/rockchip: shutdown drm subsystem on shutdown (bsc#1051510).\n\n - drm/rockchip: vop: reset scale mode when win is disabled (bsc#1113722)\n\n - drm/sun4i: Add missing drm_atomic_helper_shutdown at driver unbind (bsc#1113722)\n\n - drm/sun4i: Fix component unbinding and component master deletion (bsc#1113722)\n\n - drm/sun4i: rgb: Change the pixel clock validation check (bnc#1113722)\n\n - drm/sun4i: Set device driver data at bind time for use in unbind (bsc#1113722)\n\n - drm/sun4i: Unbind components before releasing DRM and memory (bsc#1113722)\n\n - drm/ttm: Remove warning about inconsistent mapping information (bnc#1131488)\n\n - drm/udl: add a release method and delay modeset teardown (bsc#1085536)\n\n - drm/vc4: Fix memory leak during gpu reset. (bsc#1113722)\n\n - dsa: mv88e6xxx: Ensure all pending interrupts are handled prior to exit (networking-stable-19_02_20).\n\n - dt-bindings: net: Fix a typo in the phy-mode list for ethernet bindings (bsc#1129770).\n\n - dwc2: gadget: Fix completed transfer size calculation in DDMA (bsc#1051510).\n\n - e1000e: fix cyclic resets at link up with active tx (bsc#1051510).\n\n - e1000e: Fix -Wformat-truncation warnings (bsc#1051510).\n\n - ext2: Fix underflow in ext2_max_size() (bsc#1131174).\n\n - ext4: add mask of ext4 flags to swap (bsc#1131170).\n\n - ext4: add missing brelse() in add_new_gdb_meta_bg() (bsc#1131176).\n\n - ext4: brelse all indirect buffer in ext4_ind_remove_space() (bsc#1131173).\n\n - ext4: cleanup bh release code in ext4_ind_remove_space() (bsc#1131851).\n\n - ext4: cleanup pagecache before swap i_data (bsc#1131178).\n\n - ext4: fix check of inode in swap_inode_boot_loader (bsc#1131177).\n\n - ext4: fix data corruption caused by unaligned direct AIO (bsc#1131172).\n\n - ext4: fix EXT4_IOC_SWAP_BOOT (bsc#1131180).\n\n - ext4: fix NULL pointer dereference while journal is aborted (bsc#1131171).\n\n - ext4: update quota information while swapping boot loader inode (bsc#1131179).\n\n - fbdev: fbmem: fix memory access if logo is bigger than the screen (bsc#1051510).\n\n - fix cgroup_do_mount() handling of failure exits (bsc#1133095).\n\n - Fix kabi after 'md: batch flush requests.' (bsc#1119680).\n\n - Fix struct page kABI after adding atomic for ppc (bsc#1131326, bsc#1108937).\n\n - fm10k: Fix a potential NULL pointer dereference (bsc#1051510).\n\n - fs: avoid fdput() after failed fdget() in vfs_dedupe_file_range() (bsc#1132384, bsc#1132219).\n\n - fs/nfs: Fix nfs_parse_devname to not modify it's argument (git-fixes).\n\n - futex: Cure exit race (bsc#1050549).\n\n - futex: Ensure that futex address is aligned in handle_futex_death() (bsc#1050549).\n\n - futex: Handle early deadlock return correctly (bsc#1050549).\n\n - ghes, EDAC: Fix ghes_edac registration (bsc#1133176).\n\n - gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input (bsc#1051510).\n\n - gpio: aspeed: fix a potential NULL pointer dereference (bsc#1051510).\n\n - gpio: gpio-omap: fix level interrupt idling (bsc#1051510).\n\n - gpio: of: Fix of_gpiochip_add() error path (bsc#1051510).\n\n - gre6: use log_ecn_error module parameter in ip6_tnl_rcv() (git-fixes).\n\n - hid: debug: fix race condition with between rdesc_show() and device removal (bsc#1051510).\n\n - hid: i2c-hid: Ignore input report if there's no data present on Elan touchpanels (bsc#1133486).\n\n - hid: input: add mapping for Assistant key (bsc#1051510).\n\n - hid: intel-ish-hid: avoid binding wrong ishtp_cl_device (bsc#1051510).\n\n - hid: intel-ish: ipc: handle PIMR before ish_wakeup also clear PISR busy_clear bit (bsc#1051510).\n\n - hid: logitech: check the return value of create_singlethread_workqueue (bsc#1051510).\n\n - hv_netvsc: Fix IP header checksum for coalesced packets (networking-stable-19_03_07).\n\n - hwmon: (f71805f) Use request_muxed_region for Super-IO accesses (bsc#1051510).\n\n - hwmon: (pc87427) Use request_muxed_region for Super-IO accesses (bsc#1051510).\n\n - hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses (bsc#1051510).\n\n - hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses (bsc#1051510).\n\n - hwmon: (vt1211) Use request_muxed_region for Super-IO accesses (bsc#1051510).\n\n - hwmon: (w83627hf) Use request_muxed_region for Super-IO accesses (bsc#1051510).\n\n - hwrng: virtio - Avoid repeated init of completion (bsc#1051510).\n\n - i2c: Make i2c_unregister_device() NULL-aware (bsc#1108193).\n\n - ibmvnic: Enable GRO (bsc#1132227).\n\n - ibmvnic: Fix completion structure initialization (bsc#1131659).\n\n - ibmvnic: Fix netdev feature clobbering during a reset (bsc#1132227).\n\n - iio: adc: at91: disable adc channel interrupt in timeout case (bsc#1051510).\n\n - iio: adc: fix warning in Qualcomm PM8xxx HK/XOADC driver (bsc#1051510).\n\n - iio: ad_sigma_delta: select channel when reading register (bsc#1051510).\n\n - iio: core: fix a possible circular locking dependency (bsc#1051510).\n\n - iio: cros_ec: Fix the maths for gyro scale calculation (bsc#1051510).\n\n - iio: dac: mcp4725: add missing powerdown bits in store eeprom (bsc#1051510).\n\n - iio: Fix scan mask selection (bsc#1051510).\n\n - iio/gyro/bmg160: Use millidegrees for temperature scale (bsc#1051510).\n\n - iio: gyro: mpu3050: fix chip ID reading (bsc#1051510).\n\n - Input: introduce KEY_ASSISTANT (bsc#1051510).\n\n - Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ (bsc#1051510).\n\n - Input: synaptics-rmi4 - write config register values to the right offset (bsc#1051510).\n\n - intel_idle: add support for Jacobsville (jsc#SLE-5394).\n\n - intel_th: msu: Fix single mode with IOMMU (bsc#1051510).\n\n - intel_th: pci: Add Comet Lake support (bsc#1051510).\n\n - io: accel: kxcjk1013: restore the range after resume (bsc#1051510).\n\n - iommu/amd: Set exclusion range correctly (bsc#1130425).\n\n - iommu/vt-d: Do not request page request irq under dmar_global_lock (bsc#1135006).\n\n - iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU (bsc#1135007).\n\n - iommu/vt-d: Set intel_iommu_gfx_mapped correctly (bsc#1135008).\n\n - ip6_tunnel: fix ip6 tunnel lookup in collect_md mode (git-fixes).\n\n - ipmi: Fix I2C client removal in the SSIF driver (bsc#1108193).\n\n - ipmi:ssif: compare block number correctly for multi-part return messages (bsc#1051510).\n\n - ipmi_ssif: Remove duplicate NULL check (bsc#1108193).\n\n - ipv4: Return error for RTA_VIA attribute (networking-stable-19_03_07).\n\n - ipv6: Fix dangling pointer when ipv6 fragment (git-fixes).\n\n - ipv6: propagate genlmsg_reply return code (networking-stable-19_02_24).\n\n - ipv6: Return error for RTA_VIA attribute (networking-stable-19_03_07).\n\n - ipv6: sit: reset ip header pointer in ipip6_rcv (git-fixes).\n\n - ipvlan: disallow userns cap_net_admin to change global mode/flags (networking-stable-19_03_15).\n\n - ipvs: remove IPS_NAT_MASK check to fix passive FTP (git-fixes).\n\n - It's wrong to add len to sector_nr in raid10 reshape twice (git-fixes).\n\n - iw_cxgb4: cq/qp mask depends on bar2 pages in a host page (bsc#1127371).\n\n - iwiwifi: fix bad monitor buffer register addresses (bsc#1129770).\n\n - iwlwifi: fix send hcmd timeout recovery flow (bsc#1129770).\n\n - jbd2: clear dirty flag when revoking a buffer from an older transaction (bsc#1131167).\n\n - jbd2: fix compile warning when using JBUFFER_TRACE (bsc#1131168).\n\n - kABI: restore icmp_send (kabi).\n\n - kabi/severities: add cxgb4 and cxgb4vf shared data to the whitelis (bsc#1127372)\n\n - kABI workaround for removed usb_interface.pm_usage_cnt field (bsc#1051510).\n\n - kABI workaround for snd_seq_kernel_client_enqueue() API changes (bsc#1051510).\n\n - kbuild: modversions: Fix relative CRC byte order interpretation (bsc#1131290).\n\n - kbuild: strip whitespace in cmd_record_mcount findstring (bsc#1065729).\n\n - kcm: switch order of device registration to fix a crash (bnc#1130527).\n\n - kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv (bsc#1051510).\n\n - kernel/sysctl.c: fix out-of-bounds access when setting file-max (bsc#1051510).\n\n - kernfs: do not set dentry->d_fsdata (boo#1133115).\n\n - KEYS: always initialize keyring_index_key::desc_len (bsc#1051510).\n\n - KEYS: user: Align the payload buffer (bsc#1051510).\n\n - KVM: Call kvm_arch_memslots_updated() before updating memslots (bsc#1132563).\n\n - KVM: Fix kABI for AMD SMAP Errata workaround (bsc#1133149).\n\n - KVM: Fix UAF in nested posted interrupt processing (bsc#1134199).\n\n - KVM: nVMX: Apply addr size mask to effective address for VMX instructions (bsc#1132561).\n\n - KVM: nVMX: Clear reserved bits of #DB exit qualification (bsc#1134200).\n\n - KVM: nVMX: Ignore limit checks on VMX instructions using flat segments (bsc#1132564).\n\n - KVM: nVMX: restore host state in nested_vmx_vmexit for VMFail (bsc#1134201).\n\n - KVM: nVMX: Sign extend displacements of VMX instr's mem operands (bsc#1132562).\n\n - KVM: PPC: Book3S HV: Fix race between kvm_unmap_hva_range and MMU mode switch (bsc#1061840).\n\n - KVM: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation) (bsc#1133149).\n\n - KVM: VMX: Compare only a single byte for VMCS' 'launched' in vCPU-run (bsc#1132555).\n\n - KVM: VMX: Zero out *all* general purpose registers after VM-Exit (bsc#1134202).\n\n - KVM: x86: Always use 32-bit SMRAM save state for 32-bit kernels (bsc#1134203).\n\n - KVM: x86: Do not clear EFER during SMM transitions for 32-bit vCPU (bsc#1134204).\n\n - KVM: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts (bsc#1114279).\n\n - KVM: x86/mmu: Detect MMIO generation wrap in any address space (bsc#1132570).\n\n - KVM: x86/mmu: Do not cache MMIO accesses while memslots are in flux (bsc#1132571).\n\n - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID (bsc#1111331).\n\n - KVM: x86: svm: make sure NMI is injected after nmi_singlestep (bsc#1134205).\n\n - leds: avoid races with workqueue (bsc#1051510).\n\n - leds: pca9532: fix a potential NULL pointer dereference (bsc#1051510).\n\n - lib: add crc64 calculation routines (bsc#1130972).\n\n - libata: fix using DMA buffers on stack (bsc#1051510).\n\n - lib: do not depend on linux headers being installed (bsc#1130972).\n\n - lightnvm: if LUNs are already allocated fix return (bsc#1085535).\n\n - linux/kernel.h: Use parentheses around argument in u64_to_user_ptr() (bsc#1051510).\n\n - Linux v5.0-rc7: bcm2835 MMC issues (bsc#1070872).\n\n - locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a new <linux/bits.h> file (bsc#1111331).\n\n - lpfc: validate command in lpfc_sli4_scmd_to_wqidx_distr() (bsc#1129138).\n\n - mac80211: do not call driver wake_tx_queue op during reconfig (bsc#1051510).\n\n - md: batch flush requests (bsc#1119680).\n\n - md: Fix failed allocation of md_register_thread (git-fixes).\n\n - md/raid1: do not clear bitmap bits on interrupted recovery (git-fixes).\n\n - md/raid5: fix 'out of memory' during raid cache recovery (git-fixes).\n\n - media: cx18: update *pos correctly in cx18_read_pos() (bsc#1051510).\n\n - media: cx23885: check allocation return (bsc#1051510).\n\n - media: davinci-isif: avoid uninitialized variable use (bsc#1051510).\n\n - media: ivtv: update *pos correctly in ivtv_read_pos() (bsc#1051510).\n\n - media: mt9m111: set initial frame size other than 0x0 (bsc#1051510).\n\n - media: mtk-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510).\n\n - media: mx2_emmaprp: Correct return type for mem2mem buffer helpers (bsc#1051510).\n\n - media: ov2659: fix unbalanced mutex_lock/unlock (bsc#1051510).\n\n - media: pvrusb2: Prevent a buffer overflow (bsc#1129770).\n\n - media: s5p-g2d: Correct return type for mem2mem buffer helpers (bsc#1051510).\n\n - media: s5p-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510).\n\n - media: serial_ir: Fix use-after-free in serial_ir_init_module (bsc#1051510).\n\n - media: sh_veu: Correct return type for mem2mem buffer helpers (bsc#1051510).\n\n - media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame (bsc#1051510).\n\n - media: vivid: use vfree() instead of kfree() for dev->bitmap_cap (bsc#1051510).\n\n - media: wl128x: Fix an error code in fm_download_firmware() (bsc#1051510).\n\n - media: wl128x: prevent two potential buffer overflows (bsc#1051510).\n\n - mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S (bsc#1051510).\n\n - missing barriers in some of unix_sock ->addr and ->path accesses (networking-stable-19_03_15).\n\n - mmc: core: fix possible use after free of host (bsc#1051510).\n\n - mmc: davinci: remove extraneous __init annotation (bsc#1051510).\n\n - mmc: sdhci: Fix data command CRC error handling (bsc#1051510).\n\n - mmc: sdhci: Handle auto-command errors (bsc#1051510).\n\n - mmc: sdhci: Rename SDHCI_ACMD12_ERR and SDHCI_INT_ACMD12ERR (bsc#1051510).\n\n - mmc: tmio_mmc_core: do not claim spurious interrupts (bsc#1051510).\n\n - mm/debug.c: fix __dump_page when mapping->host is not set (bsc#1131934).\n\n - mm/huge_memory.c: fix modifying of page protection by insert_pfn_pmd() (bsc#1126740).\n\n - mm/page_isolation.c: fix a wrong flag in set_migratetype_isolate() (bsc#1131935).\n\n - mm/vmalloc: fix size check for remap_vmalloc_range_partial() (bsc#1133825).\n\n - mpls: Return error for RTA_GATEWAY attribute (networking-stable-19_03_07).\n\n - mt7601u: bump supported EEPROM version (bsc#1051510).\n\n - mtd: docg3: fix a possible memory leak of mtd->name (bsc#1051510).\n\n - mtd: docg3: Fix passing zero to 'PTR_ERR' warning in doc_probe_device (bsc#1051510).\n\n - mtd: nand: omap: Fix comment in platform data using wrong Kconfig symbol (bsc#1051510).\n\n - mtd: part: fix incorrect format specifier for an unsigned long long (bsc#1051510).\n\n - mtd: spi-nor: intel-spi: Avoid crossing 4K address boundary on read/write (bsc#1129770).\n\n - mwifiex: do not advertise IBSS features without FW support (bsc#1129770).\n\n - mwifiex: Fix mem leak in mwifiex_tm_cmd (bsc#1051510).\n\n - mwifiex: prevent an array overflow (bsc#1051510).\n\n - mwl8k: Fix rate_idx underflow (bsc#1051510).\n\n - net: Add header for usage of fls64() (networking-stable-19_02_20).\n\n - net: Add __icmp_send helper (networking-stable-19_03_07).\n\n - net: avoid false positives in untrusted gso validation (git-fixes).\n\n - net: avoid skb_warn_bad_offload on IS_ERR (git-fixes).\n\n - net: avoid use IPCB in cipso_v4_error (networking-stable-19_03_07).\n\n - net: bridge: add vlan_tunnel to bridge port policies (git-fixes).\n\n - net: bridge: fix per-port af_packet sockets (git-fixes).\n\n - net: bridge: multicast: use rcu to access port list from br_multicast_start_querier (git-fixes).\n\n - net: datagram: fix unbounded loop in\n __skb_try_recv_datagram() (git-fixes).\n\n - net: Do not allocate page fragments that are not skb aligned (networking-stable-19_02_20).\n\n - net: dsa: legacy: do not unmask port bitmaps (git-fixes).\n\n - net: dsa: mv88e6xxx: Fix u64 statistics (networking-stable-19_03_07).\n\n - netfilter: bridge: ebt_among: add missing match size checks (git-fixes).\n\n - netfilter: bridge: ebt_among: add more missing match size checks (git-fixes).\n\n - netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING (git-fixes).\n\n - netfilter: drop template ct when conntrack is skipped (git-fixes).\n\n - netfilter: ip6t_MASQUERADE: add dependency on conntrack module (git-fixes).\n\n - netfilter: ipset: Missing nfnl_lock()/nfnl_unlock() is added to ip_set_net_exit() (git-fixes).\n\n - netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt (git-fixes).\n\n - netfilter: nf_socket: Fix out of bounds access in nf_sk_lookup_slow_v(4,6) (git-fixes).\n\n - netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_(match|target) (git-fixes).\n\n - netfilter: x_tables: fix int overflow in xt_alloc_table_info() (git-fixes).\n\n - net: Fix for_each_netdev_feature on Big endian (networking-stable-19_02_20).\n\n - net: fix IPv6 prefix route residue (networking-stable-19_02_20).\n\n - net: Fix untag for vlan packets without ethernet header (git-fixes).\n\n - net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off (git-fixes).\n\n - net/hsr: Check skb_put_padto() return value (git-fixes).\n\n - net: hsr: fix memory leak in hsr_dev_finalize() (networking-stable-19_03_15).\n\n - net/hsr: fix possible crash in add_timer() (networking-stable-19_03_15).\n\n - net/ibmvnic: Update carrier state after link state change (bsc#1135100).\n\n - net/ibmvnic: Update MAC address settings after adapter reset (bsc#1134760).\n\n - netlabel: fix out-of-bounds memory accesses (networking-stable-19_03_07).\n\n - netlink: fix nla_put_(u8,u16,u32) for KASAN (git-fixes).\n\n - net/mlx5e: Do not overwrite pedit action when multiple pedit used (networking-stable-19_02_24).\n\n - net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails (networking-stable-19_03_07).\n\n - net/packet: fix 4gb buffer limit due to overflow check (networking-stable-19_02_24).\n\n - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec (git-fixes).\n\n - net_sched: acquire RTNL in tc_action_net_exit() (git-fixes).\n\n - net_sched: fix two more memory leaks in cls_tcindex (networking-stable-19_02_24).\n\n - net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255 (networking-stable-19_03_15).\n\n - net: sit: fix memory leak in sit_init_net() (networking-stable-19_03_07).\n\n - net: sit: fix UBSAN Undefined behaviour in check_6rd (networking-stable-19_03_15).\n\n - net: socket: set sock->sk to NULL after calling proto_ops::release() (networking-stable-19_03_07).\n\n - net: validate untrusted gso packets without csum offload (networking-stable-19_02_20).\n\n - net/x25: fix a race in x25_bind() (networking-stable-19_03_15).\n\n - net/x25: fix use-after-free in x25_device_event() (networking-stable-19_03_15).\n\n - net/x25: reset state in x25_connect() (networking-stable-19_03_15).\n\n - net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms() (git-fixes).\n\n - NFC: nci: Add some bounds checking in nci_hci_cmd_received() (bsc#1051510).\n\n - NFS: Add missing encode / decode sequence_maxsz to v4.2 operations (git-fixes).\n\n - nfsd4: catch some false session retries (git-fixes).\n\n - nfsd4: fix cached replies to solo SEQUENCE compounds (git-fixes).\n\n - NFS: Do not recoalesce on error in nfs_pageio_complete_mirror() (git-fixes).\n\n - NFS: Do not use page_file_mapping after removing the page (git-fixes).\n\n - NFS: Fix an I/O request leakage in nfs_do_recoalesce (git-fixes).\n\n - NFS: Fix a soft lockup in the delegation recovery code (git-fixes).\n\n - NFS: Fix a typo in nfs_init_timeout_values() (git-fixes).\n\n - NFS: Fix dentry revalidation on NFSv4 lookup (bsc#1132618).\n\n - NFS: Fix I/O request leakages (git-fixes).\n\n - NFS: fix mount/umount race in nlmclnt (git-fixes).\n\n - NFS/pnfs: Bulk destroy of layouts needs to be safe w.r.t. umount (git-fixes).\n\n - NFSv4.1 do not free interrupted slot on open (git-fixes).\n\n - NFSv4.1: Reinitialise sequence results before retransmitting a request (git-fixes).\n\n - NFSv4/flexfiles: Fix invalid deref in FF_LAYOUT_DEVID_NODE() (git-fixes).\n\n - nvme: add proper discard setup for the multipath device (bsc#1114638).\n\n - nvme: fix the dangerous reference of namespaces list (bsc#1131673).\n\n - nvme: make sure ns head inherits underlying device limits (bsc#1131673).\n\n - nvme-multipath: avoid crash on invalid subsystem cntlid enumeration (bsc#1129273).\n\n - nvme-multipath: split bios with the ns_head bio_set before submitting (bsc#1103259, bsc#1131673).\n\n - nvme: only reconfigure discard if necessary (bsc#1114638).\n\n - ocfs2: fix inode bh swapping mixup in ocfs2_reflink_inodes_lock (bsc#1131169).\n\n - ocfs2: turn on OCFS2_FS_STATS setting(bsc#1134393) We need to turn on OCFS2_FS_STATS kernel configuration setting, to fix bsc#1134393.\n\n - omapfb: add missing of_node_put after of_device_is_available (bsc#1051510).\n\n - openvswitch: add seqadj extension when NAT is used (bsc#1051510).\n\n - openvswitch: fix flow actions reallocation (bsc#1051510).\n\n - packet: validate msg_namelen in send directly (git-fixes).\n\n - PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA controller (bsc#1051510).\n\n - PCI: designware-ep: Read-only registers need DBI_RO_WR_EN to be writable (bsc#1051510).\n\n - PCI: pciehp: Convert to threaded IRQ (bsc#1133005).\n\n - PCI: pciehp: Ignore Link State Changes after powering off a slot (bsc#1133005).\n\n - phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode (bsc#1051510).\n\n - phy: sun4i-usb: Support set_mode to USB_HOST for non-OTG PHYs (bsc#1051510).\n\n - platform/x86: alienware-wmi: printing the wrong error code (bsc#1051510).\n\n - platform/x86: dell-rbtn: Add missing #include (bsc#1051510).\n\n - platform/x86: intel_pmc_ipc: adding error handling (bsc#1051510).\n\n - platform/x86: intel_punit_ipc: Revert 'Fix resource ioremap warning' (bsc#1051510).\n\n - platform/x86: pmc_atom: Drop __initconst on dmi table (bsc#1051510).\n\n - platform/x86: sony-laptop: Fix unintentional fall-through (bsc#1051510).\n\n - powerpc/64: Call setup_barrier_nospec() from setup_arch() (bsc#1131107).\n\n - powerpc/64: Disable the speculation barrier from the command line (bsc#1131107).\n\n - powerpc64/ftrace: Include ftrace.h needed for enable/disable calls (bsc#1088804, git-fixes).\n\n - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific (bsc#1131107).\n\n - powerpc/64s: Add new security feature flags for count cache flush (bsc#1131107).\n\n - powerpc/64s: Add support for software count cache flush (bsc#1131107).\n\n - powerpc/64s: Fix logic when handling unknown CPU features (bsc#1055117).\n\n - powerpc/64s: Fix page table fragment refcount race vs speculative references (bsc#1131326, bsc#1108937).\n\n - powerpc/asm: Add a patch_site macro & helpers for patching instructions (bsc#1131107).\n\n - powerpc: avoid -mno-sched-epilog on GCC 4.9 and newer (bsc#1065729).\n\n - powerpc: consolidate -mno-sched-epilog into FTRACE flags (bsc#1065729).\n\n - powerpc: Fix 32-bit KVM-PR lockup and host crash with MacOS guest (bsc#1061840).\n\n - powerpc/fsl: Fix spectre_v2 mitigations reporting (bsc#1131107).\n\n - powerpc/hugetlb: Handle mmap_min_addr correctly in get_unmapped_area callback (bsc#1131900).\n\n - powerpc/kvm: Save and restore host AMR/IAMR/UAMOR (bsc#1061840).\n\n - powerpc/mm: Add missing tracepoint for tlbie (bsc#1055117, git-fixes).\n\n - powerpc/mm: Check secondary hash page table (bsc#1065729).\n\n - powerpc/mm: Fix page table dump to work on Radix (bsc#1055186, git-fixes).\n\n - powerpc/mm/hash: Handle mmap_min_addr correctly in get_unmapped_area topdown search (bsc#1131900).\n\n - powerpc/mm/radix: Display if mappings are exec or not (bsc#1055186, git-fixes).\n\n - powerpc/mm/radix: Prettify mapped memory range print out (bsc#1055186, git-fixes).\n\n - powerpc/numa: document topology_updates_enabled, disable by default (bsc#1133584).\n\n - powerpc/numa: improve control of topology updates (bsc#1133584).\n\n - powerpc/perf: Fix unit_sel/cache_sel checks (bsc#1053043).\n\n - powerpc/perf: Remove l2 bus events from HW cache event array (bsc#1053043).\n\n - powerpc/powernv/cpuidle: Init all present cpus for deep states (bsc#1055121).\n\n - powerpc/powernv: Do not reprogram SLW image on every KVM guest entry/exit (bsc#1061840).\n\n - powerpc/powernv/ioda2: Remove redundant free of TCE pages (bsc#1061840).\n\n - powerpc/powernv/ioda: Allocate indirect TCE levels of cached userspace addresses on demand (bsc#1061840).\n\n - powerpc/powernv/ioda: Fix locked_vm counting for memory used by IOMMU tables (bsc#1061840).\n\n - powerpc/powernv: Make opal log only readable by root (bsc#1065729).\n\n - powerpc/powernv: Query firmware for count cache flush settings (bsc#1131107).\n\n - powerpc/powernv: Remove never used pnv_power9_force_smt4 (bsc#1061840).\n\n - powerpc/pseries: Query hypervisor for count cache flush settings (bsc#1131107).\n\n - powerpc/security: Fix spectre_v2 reporting (bsc#1131107).\n\n - powerpc/speculation: Support 'mitigations=' cmdline option (bsc#1112178).\n\n - powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64 (bsc#1131587).\n\n - powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038 (bsc#1131587).\n\n - proc/kcore: do not bounds check against address 0 (bsc#1051510).\n\n - proc: revalidate kernel thread inodes to root:root (bsc#1051510).\n\n - proc/sysctl: fix return error for proc_doulongvec_minmax() (bsc#1051510).\n\n - pwm: Fix deadlock warning when removing PWM device (bsc#1051510).\n\n - pwm: meson: Consider 128 a valid pre-divider (bsc#1051510).\n\n - pwm: meson: Do not disable PWM when setting duty repeatedly (bsc#1051510).\n\n - pwm: meson: Use the spin-lock only to protect register modifications (bsc#1051510).\n\n - pwm: tiehrpwm: Update shadow register for disabling PWMs (bsc#1051510).\n\n - qla2xxx: allow irqbalance control in non-MQ mode (bsc#1128979).\n\n - qla2xxx: always allocate qla_tgt_wq (bsc#1131451).\n\n - qmi_wwan: add Olicard 600 (bsc#1051510).\n\n - qmi_wwan: Add support for Quectel EG12/EM12 (networking-stable-19_03_07).\n\n - RAS/CEC: Check the correct variable in the debugfs error handling (bsc#1085535).\n\n - ravb: Decrease TxFIFO depth of Q3 and Q2 to one (networking-stable-19_03_15).\n\n - rdma/cxgb4: Add support for 64Byte cqes (bsc#1127371).\n\n - rdma/cxgb4: Add support for kernel mode SRQ's (bsc#1127371).\n\n - rdma/cxgb4: Add support for srq functions & structs (bsc#1127371).\n\n - rdma/cxgb4: fix some info leaks (bsc#1127371).\n\n - RDMA/cxgb4: Make c4iw_poll_cq_one() easier to analyze (bsc#1127371).\n\n - rdma/cxgb4: Remove a set-but-not-used variable (bsc#1127371).\n\n - RDMA/iw_cxgb4: Drop __GFP_NOFAIL (bsc#1127371).\n\n - rds: fix refcount bug in rds_sock_addref (git-fixes).\n\n - rds: tcp: atomically purge entries from rds_tcp_conn_list during netns delete (git-fixes).\n\n - Re-export snd_cards for kABI compatibility (bsc#1051510).\n\n - regulator: tps65086: Fix tps65086_ldoa1_ranges for selector 0xB (bsc#1051510).\n\n - Revert 'ALSA: seq: Protect in-kernel ioctl calls with mutex' (bsc#1051510).\n\n - Revert 'block: unexport DISK_EVENT_MEDIA_CHANGE for legacy/fringe drivers' (bsc#1110946, bsc#1119843).\n\n - Revert 'drm/sun4i: rgb: Change the pixel clock validation check (bnc#1113722)' \n\n - Revert 'ide: unexport DISK_EVENT_MEDIA_CHANGE for ide-gd and ide-cd' (bsc#1110946).\n\n - Revert 'tty: pty: Fix race condition between release_one_tty and pty_write' (bsc#1051510).\n\n - ring-buffer: Check if memory is available before allocation (bsc#1132531).\n\n - route: set the deleted fnhe fnhe_daddr to 0 in ip_del_fnhe to fix a race (networking-stable-19_03_15).\n\n - rt2x00: do not increment sequence number while re-transmitting (bsc#1051510).\n\n - rtlwifi: rtl8723ae: Fix missing break in switch statement (bsc#1051510).\n\n - rxrpc: Do not release call mutex on error pointer (git-fixes).\n\n - rxrpc: Do not treat call aborts as conn aborts (git-fixes).\n\n - rxrpc: Fix client call queueing, waiting for channel (networking-stable-19_03_15).\n\n - rxrpc: Fix Tx ring annotation after initial Tx failure (git-fixes).\n\n - s390/dasd: fix panic for failed online processing (bsc#1132589).\n\n - s390/pkey: move pckmo subfunction available checks away from module init (bsc#1128544).\n\n - s390/speculation: Support 'mitigations=' cmdline option (bsc#1112178).\n\n - sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init() (bsc#1051510).\n\n - sc16is7xx: move label 'err_spi' to correct section (bsc#1051510).\n\n - sc16is7xx: put err_spi and err_i2c into correct #ifdef (bsc#1051510).\n\n - scripts: override locale from environment when running recordmcount.pl (bsc#1134354).\n\n - scsi: libsas: allocate sense buffer for bsg queue (bsc#1131467).\n\n - scsi: qla2xxx: Add new FC-NVMe enable BIT to enable FC-NVMe feature (bsc#1130579).\n\n - scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show (bsc#1132044).\n\n - sctp: call gso_reset_checksum when computing checksum in sctp_gso_segment (networking-stable-19_02_24).\n\n - sctp: only update outstanding_bytes for transmitted queue when doing prsctp_prune (git-fixes).\n\n - sctp: set frag_point in sctp_setsockopt_maxseg correctly` (git-fixes).\n\n - selinux: use kernel linux/socket.h for genheaders and mdp (bsc#1134810).\n\n - serial: 8250_pxa: honor the port number from devicetree (bsc#1051510).\n\n - serial: ar933x_uart: Fix build failure with disabled console (bsc#1051510).\n\n - serial: max310x: Fix to avoid potential NULL pointer dereference (bsc#1051510).\n\n - serial: sh-sci: Fix setting SCSCR_TIE while transferring data (bsc#1051510).\n\n - serial: uartps: console_setup() can't be placed to init section (bsc#1051510).\n\n - sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach() (networking-stable-19_02_24).\n\n - SoC: imx-sgtl5000: add missing put_device() (bsc#1051510).\n\n - soc: qcom: gsbi: Fix error handling in gsbi_probe() (bsc#1051510).\n\n - soc/tegra: fuse: Fix illegal free of IO base address (bsc#1051510).\n\n - soc/tegra: pmc: Drop locking from tegra_powergate_is_powered() (bsc#1051510).\n\n - spi: a3700: Clear DATA_OUT when performing a read (bsc#1051510).\n\n - spi: bcm2835aux: fix driver to not allow 65535 (=-1) cs-gpios (bsc#1051510).\n\n - spi: bcm2835aux: setup gpio-cs to output and correct level during setup (bsc#1051510).\n\n - spi: bcm2835aux: warn in dmesg that native cs is not really supported (bsc#1051510).\n\n - spi: rspi: Fix sequencer reset during initialization (bsc#1051510).\n\n - ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit (bsc#1051510).\n\n - staging: comedi: ni_usb6501: Fix possible double-free of\n ->usb_rx_buf (bsc#1051510).\n\n - staging: comedi: ni_usb6501: Fix use of uninitialized mutex (bsc#1051510).\n\n - staging: comedi: vmk80xx: Fix possible double-free of\n ->usb_rx_buf (bsc#1051510).\n\n - staging: comedi: vmk80xx: Fix use of uninitialized semaphore (bsc#1051510).\n\n - staging: iio: ad7192: Fix ad7193 channel address (bsc#1051510).\n\n - staging: rtl8188eu: Fix potential NULL pointer dereference of kcalloc (bsc#1051510).\n\n - staging: rtl8712: uninitialized memory in read_bbreg_hdl() (bsc#1051510).\n\n - staging: vt6655: Fix interrupt race condition on device start up (bsc#1051510).\n\n - staging: vt6655: Remove vif check from vnt_interrupt (bsc#1051510).\n\n - stm class: Fix an endless loop in channel allocation (bsc#1051510).\n\n - stm class: Fix channel free in stm output free path (bsc#1051510).\n\n - stm class: Prevent division by zero (bsc#1051510).\n\n - sunrpc/cache: handle missing listeners better (bsc#1126221).\n\n - sunrpc: fix 4 more call sites that were using stack memory with a scatterlist (git-fixes).\n\n - supported.conf: Add openvswitch to kernel-default-base (bsc#1124839).\n\n - supported.conf: Add vxlan to kernel-default-base (bsc#1132083).\n\n - supported.conf: dw_mmc-bluefield is not needed in kernel-default-base (bsc#1131574).\n\n - svm/avic: Fix invalidate logical APIC id entry (bsc#1132726).\n\n - svm: Fix AVIC DFR and LDR handling (bsc#1132558).\n\n - sysctl: handle overflow for file-max (bsc#1051510).\n\n - tcp: fix TCP_REPAIR_QUEUE bound checking (git-fixes).\n\n - tcp: tcp_v4_err() should be more careful (networking-stable-19_02_20).\n\n - thermal/int340x_thermal: Add additional UUIDs (bsc#1051510).\n\n - thermal/int340x_thermal: fix mode setting (bsc#1051510).\n\n - tipc: fix race condition causing hung sendto (networking-stable-19_03_07).\n\n - tpm: Fix the type of the return value in calc_tpm2_event_size() (bsc#1082555).\n\n - tracing: Fix a memory leak by early error exit in trace_pid_write() (bsc#1133702).\n\n - tracing: Fix buffer_ref pipe ops (bsc#1133698).\n\n - tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account (bsc#1132527).\n\n - tty: atmel_serial: fix a potential NULL pointer dereference (bsc#1051510).\n\n - tty: increase the default flip buffer limit to 2*640K (bsc#1051510).\n\n - tty: pty: Fix race condition between release_one_tty and pty_write (bsc#1051510).\n\n - tty: vt.c: Fix TIOCL_BLANKSCREEN console blanking if blankinterval == 0 (bsc#1051510).\n\n - tun: fix blocking read (networking-stable-19_03_07).\n\n - tun: remove unnecessary memory barrier (networking-stable-19_03_07).\n\n - UAS: fix alignment of scatter/gather segments (bsc#1129770).\n\n - udf: Fix crash on IO error during truncate (bsc#1131175).\n\n - usb: cdc-acm: fix unthrottle races (bsc#1051510).\n\n - usb: chipidea: Grab the (legacy) USB PHY by phandle first (bsc#1051510).\n\n - usb: core: Fix bug caused by duplicate interface PM usage counter (bsc#1051510).\n\n - usb: core: Fix unterminated string returned by usb_string() (bsc#1051510).\n\n - usb: dwc3: Fix default lpm_nyet_threshold value (bsc#1051510).\n\n - usb: f_fs: Avoid crash due to out-of-scope stack ptr access (bsc#1051510).\n\n - usb: gadget: net2272: Fix net2272_dequeue() (bsc#1051510).\n\n - usb: gadget: net2280: Fix net2280_dequeue() (bsc#1051510).\n\n - usb: gadget: net2280: Fix overrun of OUT messages (bsc#1051510).\n\n - usb: host: xhci-rcar: Add XHCI_TRUST_TX_LENGTH quirk (bsc#1051510).\n\n - usb: mtu3: fix EXTCON dependency (bsc#1051510).\n\n - usb: serial: cp210x: add new device id (bsc#1051510).\n\n - usb: serial: cp210x: fix GPIO in autosuspend (bsc#1120902).\n\n - usb: serial: f81232: fix interrupt worker not stop (bsc#1051510).\n\n - usb: serial: fix unthrottle races (bsc#1051510).\n\n - usb: serial: ftdi_sio: add additional NovaTech products (bsc#1051510).\n\n - usb: serial: option: add Olicard 600 (bsc#1051510).\n\n - usb: serial: option: add support for Quectel EM12 (bsc#1051510).\n\n - usb-storage: Set virt_boundary_mask to avoid SG overflows (bsc#1051510).\n\n - usb: u132-hcd: fix resource leak (bsc#1051510).\n\n - usb: usb251xb: fix to avoid potential NULL pointer dereference (bsc#1051510).\n\n - usb: usbip: fix isoc packet num validation in get_pipe (bsc#1051510).\n\n - usb: w1 ds2490: Fix bug caused by improper use of altsetting array (bsc#1051510).\n\n - usb: yurex: Fix protection fault after device removal (bsc#1051510).\n\n - vfio/mdev: Avoid release parent reference during error path (bsc#1051510).\n\n - vfio/mdev: Fix aborting mdev child device removal if one fails (bsc#1051510).\n\n - vfio_pci: Enable memory accesses before calling pci_map_rom (bsc#1051510).\n\n - vfio/pci: use correct format characters (bsc#1051510).\n\n - vfs: allow dedupe of user owned read-only files (bsc#1133778, bsc#1132219).\n\n - vfs: avoid problematic remapping requests into partial EOF block (bsc#1133850, bsc#1132219).\n\n - vfs: dedupe: extract helper for a single dedup (bsc#1133769, bsc#1132219).\n\n - vfs: dedupe should return EPERM if permission is not granted (bsc#1133779, bsc#1132219).\n\n - vfs: exit early from zero length remap operations (bsc#1132411, bsc#1132219).\n\n - vfs: export vfs_dedupe_file_range_one() to modules (bsc#1133772, bsc#1132219).\n\n - vfs: limit size of dedupe (bsc#1132397, bsc#1132219).\n\n - vfs: rename clone_verify_area to remap_verify_area (bsc#1133852, bsc#1132219).\n\n - vfs: skip zero-length dedupe requests (bsc#1133851, bsc#1132219).\n\n - vfs: swap names of (do,vfs)_clone_file_range() (bsc#1133774, bsc#1132219).\n\n - vfs: vfs_clone_file_prep_inodes should return EINVAL for a clone from beyond EOF (bsc#1133780, bsc#1132219).\n\n - vhost/vsock: fix reset orphans race with close timeout (bsc#1051510).\n\n - video: fbdev: Set pixclock = 0 in goldfishfb (bsc#1051510).\n\n - virtio-blk: limit number of hw queues by nr_cpu_ids (bsc#1051510).\n\n - virtio: Honour 'may_reduce_num' in vring_create_virtqueue (bsc#1051510).\n\n - virtio_pci: fix a NULL pointer reference in vp_del_vqs (bsc#1051510).\n\n - vsock/virtio: fix kernel panic after device hot-unplug (bsc#1051510).\n\n - vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock (bsc#1051510).\n\n - vsock/virtio: reset connected sockets on device removal (bsc#1051510).\n\n - vxlan: test dev->flags & IFF_UP before calling netif_rx() (networking-stable-19_02_20).\n\n - wil6210: check NULL pointer in\n _wil_cfg80211_merge_extra_ies (bsc#1051510).\n\n - wlcore: Fix memory leak in case wl12xx_fetch_firmware failure (bsc#1051510).\n\n - x86/cpu: Sanitize FAM6_ATOM naming (bsc#1111331).\n\n - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (bsc#1111331).\n\n - x86/kvm/hyper-v: avoid spurious pending stimer on vCPU init (bsc#1132572).\n\n - x86/kvm/vmx: Add MDS protection when L1D Flush is not active (bsc#1111331).\n\n - x86/MCE/AMD, EDAC/mce_amd: Add new error descriptions for some SMCA bank types (bsc#1128415).\n\n - x86/MCE/AMD, EDAC/mce_amd: Add new McaTypes for CS, PSP, and SMU units (bsc#1128415).\n\n - x86/MCE/AMD, EDAC/mce_amd: Add new MP5, NBIO, and PCIE SMCA bank types (bsc#1128415).\n\n - x86/mce/AMD, EDAC/mce_amd: Enumerate Reserved SMCA bank type (bsc#1128415).\n\n - x86/mce/AMD: Pass the bank number to smca_get_bank_type() (bsc#1128415).\n\n - x86/MCE: Fix kABI for new AMD bank names (bsc#1128415).\n\n - x86/mce: Handle varying MCA bank counts (bsc#1128415).\n\n - x86/msr-index: Cleanup bit defines (bsc#1111331).\n\n - x86/PCI: Fixup RTIT_BAR of Intel Denverton Trace Hub (bsc#1120318).\n\n - x86/speculation: Consolidate CPU whitelists (bsc#1111331).\n\n - x86/speculation/mds: Add basic bug infrastructure for MDS (bsc#1111331).\n\n - x86/speculation/mds: Add BUG_MSBDS_ONLY (bsc#1111331).\n\n - x86/speculation/mds: Add mds_clear_cpu_buffers() (bsc#1111331).\n\n - x86/speculation/mds: Add mds=full,nosmt cmdline option (bsc#1111331).\n\n - x86/speculation/mds: Add mitigation control for MDS (bsc#1111331).\n\n - x86/speculation/mds: Add mitigation mode VMWERV (bsc#1111331).\n\n - x86/speculation/mds: Add 'mitigations=' support for MDS (bsc#1111331).\n\n - x86/speculation/mds: Add SMT warning message (bsc#1111331).\n\n - x86/speculation/mds: Add sysfs reporting for MDS (bsc#1111331).\n\n - x86/speculation/mds: Clear CPU buffers on exit to user (bsc#1111331).\n\n - x86/speculation/mds: Conditionally clear CPU buffers on idle entry (bsc#1111331).\n\n - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (bsc#1111331).\n\n - x86/speculation: Move arch_smt_update() call to after mitigation decisions (bsc#1111331).\n\n - x86/speculation: Prevent deadlock on ssb_state::lock (bsc#1114279).\n\n - x86/speculation: Simplify the CPU bug detection logic (bsc#1111331).\n\n - x86/speculation: Support 'mitigations=' cmdline option (bsc#1112178).\n\n - x86/tsc: Force inlining of cyc2ns bits (bsc#1052904).\n\n - xen-netback: do not populate the hash cache on XenBus disconnect (networking-stable-19_03_07).\n\n - xen-netback: fix occasional leak of grant ref mappings under memory pressure (networking-stable-19_03_07).\n\n - xen: Prevent buffer overflow in privcmd ioctl (bsc#1065600).\n\n - xfrm: do not call rcu_read_unlock when afinfo is NULL in xfrm_get_tos (git-fixes).\n\n - xfrm: Fix ESN sequence number handling for IPsec GSO packets (git-fixes).\n\n - xfrm: fix rcu_read_unlock usage in xfrm_local_error (git-fixes).\n\n - xfrm: Fix stack-out-of-bounds read on socket policy lookup (git-fixes).\n\n - xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM) (git-fixes).\n\n - xfrm: Return error on unknown encap_type in init_state (git-fixes).\n\n - xfs: add the ability to join a held buffer to a defer_ops (bsc#1133674).\n\n - xfs: allow xfs_lock_two_inodes to take different EXCL/SHARED modes (bsc#1132370, bsc#1132219).\n\n - xfs: call xfs_qm_dqattach before performing reflink operations (bsc#1132368, bsc#1132219).\n\n - xfs: cap the length of deduplication requests (bsc#1132373, bsc#1132219).\n\n - xfs: clean up xfs_reflink_remap_blocks call site (bsc#1132413, bsc#1132219).\n\n - xfs: detect and fix bad summary counts at mount (bsc#1114427).\n\n - xfs: fix data corruption w/ unaligned dedupe ranges (bsc#1132405, bsc#1132219).\n\n - xfs: fix data corruption w/ unaligned reflink ranges (bsc#1132407, bsc#1132219).\n\n - xfs: fix pagecache truncation prior to reflink (bsc#1132412, bsc#1132219).\n\n - xfs: fix reporting supported extra file attributes for statx() (bsc#1133529).\n\n - xfs: flush removing page cache in xfs_reflink_remap_prep (bsc#1132414, bsc#1132219).\n\n - xfs: hold xfs_buf locked between shortform->leaf conversion and the addition of an attribute (bsc#1133675).\n\n - xfs: kill meaningless variable 'zero' (bsc#1106011).\n\n - xfs: only grab shared inode locks for source file during reflink (bsc#1132372, bsc#1132219).\n\n - xfs: prepare xfs_break_layouts() for another layout type (bsc#1106011).\n\n - xfs: prepare xfs_break_layouts() to be called with XFS_MMAPLOCK_EXCL (bsc#1106011).\n\n - xfs: refactor clonerange preparation into a separate helper (bsc#1132402, bsc#1132219).\n\n - xfs: refactor xfs_trans_roll (bsc#1133667).\n\n - xfs: reflink find shared should take a transaction (bsc#1132226, bsc#1132219).\n\n - xfs: reflink should break pnfs leases before sharing blocks (bsc#1132369, bsc#1132219).\n\n - xfs: remove dest file's post-eof preallocations before reflinking (bsc#1132365, bsc#1132219).\n\n - xfs: remove the ip argument to xfs_defer_finish (bsc#1133672).\n\n - xfs: remove xfs_zero_range (bsc#1106011).\n\n - xfs: rename xfs_defer_join to xfs_defer_ijoin (bsc#1133668).\n\n - xfs: update ctime and remove suid before cloning files (bsc#1132404, bsc#1132219).\n\n - xfs: zero posteof blocks when cloning above eof (bsc#1132403, bsc#1132219).\n\n - xhci: Do not let USB3 ports stuck in polling state prevent suspend (bsc#1051510).\n\n - xhci: Fix port resume done detection for SS ports with LPM enabled (bsc#1051510).", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-17T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2019-1404) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2018-16880", "CVE-2019-11091", "CVE-2019-11486", "CVE-2019-11815", "CVE-2019-11884", "CVE-2019-3882", "CVE-2019-9003", "CVE-2019-9500", "CVE-2019-9503"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-1404.NASL", "href": "https://www.tenable.com/plugins/nessus/125243", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1404.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125243);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2018-16880\", \"CVE-2019-11091\", \"CVE-2019-11486\", \"CVE-2019-11815\", \"CVE-2019-11884\", \"CVE-2019-3882\", \"CVE-2019-9003\", \"CVE-2019-9500\", \"CVE-2019-9503\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2019-1404) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)\");\n script_summary(english:\"Check for the openSUSE-2019-1404 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE Leap 15.0 kernel was updated to receive various security\nand bugfixes.\n\nFour new speculative execution information leak issues have been\nidentified in Intel CPUs. (bsc#1111331)\n\n - CVE-2018-12126: Microarchitectural Store Buffer Data\n Sampling (MSBDS)\n\n - CVE-2018-12127: Microarchitectural Fill Buffer Data\n Sampling (MFBDS)\n\n - CVE-2018-12130: Microarchitectural Load Port Data\n Samling (MLPDS)\n\n - CVE-2019-11091: Microarchitectural Data Sampling\n Uncacheable Memory (MDSUM)\n\nThis kernel update contains software mitigations for these issues,\nwhich also utilize CPU microcode updates shipped in parallel.\n\nFor more information on this set of information leaks, check out\nhttps://www.suse.com/support/kb/doc/?id=7023736\n\nThe following security bugs were fixed :\n\n - CVE-2018-16880: A flaw was found in handle_rx() function\n in the vhost_net driver. A malicious virtual guest,\n under specific conditions, can trigger an out-of-bounds\n write in a kmalloc-8 slab on a virtual host which may\n lead to a kernel memory corruption and a system panic.\n Due to the nature of the flaw, privilege escalation\n cannot be fully ruled out. (bnc#1122767).\n\n - CVE-2019-11486: The Siemens R3964 line discipline driver\n in drivers/tty/n_r3964.c had multiple race conditions\n (bnc#1133188). It has been disabled.\n\n - CVE-2019-11815: An issue was discovered in\n rds_tcp_kill_sock in net/rds/tcp.c. There is a race\n condition leading to a use-after-free, related to net\n namespace cleanup (bnc#1134537).\n\n - CVE-2019-11884: The do_hidp_sock_ioctl function in\n net/bluetooth/hidp/sock.c allowed a local user to obtain\n potentially sensitive information from kernel stack\n memory via a HIDPCONNADD command, because a name field\n may not end with a '\\0' character (bnc#1134848).\n\n - CVE-2019-3882: A flaw was found in vfio interface\n implementation that permits violation of the user's\n locked memory limit. If a device is bound to a vfio\n driver, such as vfio-pci, and the local attacker is\n administratively granted ownership of the device, it may\n cause a system memory exhaustion and thus a denial of\n service (DoS). (bnc#1131416 bnc#1131427).\n\n - CVE-2019-9003: Attackers can trigger a\n drivers/char/ipmi/ipmi_msghandler.c use-after-free and\n OOPS by arranging for certain simultaneous execution of\n the code, as demonstrated by a 'service ipmievd restart'\n loop (bnc#1126704).\n\n - CVE-2019-9500: A brcmfmac heap buffer overflow in\n brcmf_wowl_nd_results was fixed (bnc#1132681).\n\n - CVE-2019-9503: Multiple brcmfmac frame validation\n bypasses have been fixed (bnc#1132828).\n\nThe following non-security bugs were fixed :\n\n - 9p: do not trust pdu content for stat item size\n (bsc#1051510).\n\n - acpi, nfit: Prefer _DSM over _LSR for namespace label\n reads (bsc#1112128) (bsc#1132426).\n\n - ACPI / SBS: Fix GPE storm on recent MacBookPro's\n (bsc#1051510).\n\n - ALSA: core: Do not refer to snd_cards array directly\n (bsc#1051510).\n\n - ALSA: core: Fix card races between register and\n disconnect (bsc#1051510).\n\n - ALSA: emu10k1: Drop superfluous id-uniquification\n behavior (bsc#1051510).\n\n - ALSA: hda - Add two more machines to the\n power_save_blacklist (bsc#1051510).\n\n - ALSA: hda/hdmi - Consider eld_valid when reporting jack\n event (bsc#1051510).\n\n - ALSA: hda/hdmi - Read the pin sense from register when\n repolling (bsc#1051510).\n\n - ALSA: hda: Initialize power_state field properly\n (bsc#1051510).\n\n - ALSA: hda/realtek - Add new Dell platform for headset\n mode (bsc#1051510).\n\n - ALSA: hda/realtek - Add quirk for Tuxedo XC 1509\n (bsc#1131442).\n\n - ALSA: hda/realtek - Add support headset mode for DELL\n WYSE AIO (bsc#1051510).\n\n - ALSA: hda/realtek - Add support headset mode for New\n DELL WYSE NB (bsc#1051510).\n\n - ALSA: hda/realtek - add two more pin configuration sets\n to quirk table (bsc#1051510).\n\n - ALSA: hda/realtek - Apply the fixup for ASUS Q325UAR\n (bsc#1051510).\n\n - ALSA: hda/realtek - EAPD turn on later (bsc#1051510).\n\n - ALSA: hda/realtek - Fixed Dell AIO speaker noise\n (bsc#1051510).\n\n - ALSA: hda - Register irq handler after the chip\n initialization (bsc#1051510).\n\n - ALSA: hdea/realtek - Headset fixup for System76 Gazelle\n (gaze14) (bsc#1051510).\n\n - ALSA: info: Fix racy addition/deletion of nodes\n (bsc#1051510).\n\n - ALSA: line6: Avoid polluting led_* namespace\n (bsc#1051510).\n\n - ALSA: line6: use dynamic buffers (bsc#1051510).\n\n - ALSA: PCM: check if ops are defined before suspending\n PCM (bsc#1051510).\n\n - ALSA: seq: Align temporary re-locking with irqsave\n version (bsc#1051510).\n\n - ALSA: seq: Correct unlock sequence at\n snd_seq_client_ioctl_unlock() (bsc#1051510).\n\n - ALSA: seq: Cover unsubscribe_port() in list_mutex\n (bsc#1051510).\n\n - ALSA: seq: Fix OOB-reads from strlcpy (bsc#1051510).\n\n - ALSA: seq: Fix race of get-subscription call vs\n port-delete ioctls (bsc#1051510).\n\n - ALSA: seq: Protect in-kernel ioctl calls with mutex\n (bsc#1051510).\n\n - ALSA: seq: Protect racy pool manipulation from OSS\n sequencer (bsc#1051510).\n\n - ALSA: seq: Remove superfluous irqsave flags\n (bsc#1051510).\n\n - ALSA: seq: Simplify snd_seq_kernel_client_enqueue()\n helper (bsc#1051510).\n\n - ALSA: timer: Check ack_list emptiness instead of bit\n flag (bsc#1051510).\n\n - ALSA: timer: Coding style fixes (bsc#1051510).\n\n - ALSA: timer: Make snd_timer_close() really kill pending\n actions (bsc#1051510).\n\n - ALSA: timer: Make sure to clear pending ack list\n (bsc#1051510).\n\n - ALSA: timer: Revert active callback sync check at close\n (bsc#1051510).\n\n - ALSA: timer: Simplify error path in snd_timer_open()\n (bsc#1051510).\n\n - ALSA: timer: Unify timer callback process code\n (bsc#1051510).\n\n - ALSA: usb-audio: Fix a memory leak bug (bsc#1051510).\n\n - ALSA: usb-audio: Handle the error from\n snd_usb_mixer_apply_create_quirk() (bsc#1051510).\n\n - ALSA: usx2y: fix a double free bug (bsc#1051510).\n\n - ASoC: cs4270: Set auto-increment bit for register writes\n (bsc#1051510).\n\n - ASoC: fix valid stream condition (bsc#1051510).\n\n - ASoC: fsl-asoc-card: fix object reference leaks in\n fsl_asoc_card_probe (bsc#1051510).\n\n - ASoC: fsl_esai: fix channel swap issue when stream\n starts (bsc#1051510).\n\n - ASoC: fsl_esai: Fix missing break in switch statement\n (bsc#1051510).\n\n - ASoC: hdmi-codec: fix S/PDIF DAI (bsc#1051510).\n\n - ASoC: Intel: avoid Oops if DMA setup fails\n (bsc#1051510).\n\n - ASoC: max98090: Fix restore of DAPM Muxes (bsc#1051510).\n\n - ASoC: nau8810: fix the issue of widget with prefixed\n name (bsc#1051510).\n\n - ASoC: nau8824: fix the issue of the widget with prefix\n name (bsc#1051510).\n\n - ASoC: RT5677-SPI: Disable 16Bit SPI Transfers\n (bsc#1051510).\n\n - ASoC: samsung: odroid: Fix clock configuration for 44100\n sample rate (bsc#1051510).\n\n - ASoC:soc-pcm:fix a codec fixup issue in TDM case\n (bsc#1051510).\n\n - ASoC: stm32: fix sai driver name initialisation\n (bsc#1051510).\n\n - ASoC: tlv320aic32x4: Fix Common Pins (bsc#1051510).\n\n - ASoC: topology: free created components in tplg load\n error (bsc#1051510).\n\n - ASoC: wm_adsp: Add locking to wm_adsp2_bus_error\n (bsc#1051510).\n\n - assume flash part size to be 4MB, if it can't be\n determined (bsc#1127371).\n\n - at76c50x-usb: Do not register led_trigger if\n usb_register_driver failed (bsc#1051510).\n\n - ath10k: avoid possible string overflow (bsc#1051510).\n\n - audit: fix a memleak caused by auditing load module\n (bsc#1051510).\n\n - b43: shut up clang -Wuninitialized variable warning\n (bsc#1051510).\n\n - batman-adv: Reduce claim hash refcnt only for removed\n entry (bsc#1051510).\n\n - batman-adv: Reduce tt_global hash refcnt only for\n removed entry (bsc#1051510).\n\n - batman-adv: Reduce tt_local hash refcnt only for removed\n entry (bsc#1051510).\n\n - bcache: account size of buckets used in uuid write to\n ca->meta_sectors_written (bsc#1130972).\n\n - bcache: add a comment in super.c (bsc#1130972).\n\n - bcache: add code comments for bset.c (bsc#1130972).\n\n - bcache: add comment for cache_set->fill_iter\n (bsc#1130972).\n\n - bcache: add identifier names to arguments of function\n definitions (bsc#1130972).\n\n - bcache: add missing SPDX header (bsc#1130972).\n\n - bcache: add MODULE_DESCRIPTION information\n (bsc#1130972).\n\n - bcache: add separate workqueue for journal_write to\n avoid deadlock (bsc#1130972).\n\n - bcache: add static const prefix to char * array\n declarations (bsc#1130972).\n\n - bcache: add sysfs_strtoul_bool() for setting bit-field\n variables (bsc#1130972).\n\n - bcache: add the missing comments for smp_mb()/smp_wmb()\n (bsc#1130972).\n\n - bcache: cannot set writeback_running via sysfs if no\n writeback kthread created (bsc#1130972).\n\n - bcache: correct dirty data statistics (bsc#1130972).\n\n - bcache: do not assign in if condition in bcache_init()\n (bsc#1130972).\n\n - bcache: do not assign in if condition register_bcache()\n (bsc#1130972).\n\n - bcache: do not check if debug dentry is ERR or NULL\n explicitly on remove (bsc#1130972).\n\n - bcache: do not check NULL pointer before calling\n kmem_cache_destroy (bsc#1130972).\n\n - bcache: do not clone bio in bch_data_verify\n (bsc#1130972).\n\n - bcache: do not mark writeback_running too early\n (bsc#1130972).\n\n - bcache: export backing_dev_name via sysfs (bsc#1130972).\n\n - bcache: export backing_dev_uuid via sysfs (bsc#1130972).\n\n - bcache: fix code comments style (bsc#1130972).\n\n - bcache: fix indentation issue, remove tabs on a hunk of\n code (bsc#1130972).\n\n - bcache: fix indent by replacing blank by tabs\n (bsc#1130972).\n\n - bcache: fix input integer overflow of congested\n threshold (bsc#1130972).\n\n - bcache: fix input overflow to cache set io_error_limit\n (bsc#1130972).\n\n - bcache: fix input overflow to cache set sysfs file\n io_error_halflife (bsc#1130972).\n\n - bcache: fix input overflow to journal_delay_ms\n (bsc#1130972).\n\n - bcache: fix input overflow to sequential_cutoff\n (bsc#1130972).\n\n - bcache: fix input overflow to writeback_delay\n (bsc#1130972).\n\n - bcache: fix input overflow to writeback_rate_minimum\n (bsc#1130972).\n\n - bcache: fix ioctl in flash device (bsc#1130972).\n\n - bcache: fix mistaken code comments in bcache.h\n (bsc#1130972).\n\n - bcache: fix mistaken comments in request.c\n (bsc#1130972).\n\n - bcache: fix potential div-zero error of\n writeback_rate_i_term_inverse (bsc#1130972).\n\n - bcache: fix potential div-zero error of\n writeback_rate_p_term_inverse (bsc#1130972).\n\n - bcache: fix typo in code comments of\n closure_return_with_destructor() (bsc#1130972).\n\n - bcache: fix typo 'succesfully' to 'successfully'\n (bsc#1130972).\n\n - bcache: improve sysfs_strtoul_clamp() (bsc#1130972).\n\n - bcache: introduce force_wake_up_gc() (bsc#1130972).\n\n - bcache: make cutoff_writeback and cutoff_writeback_sync\n tunable (bsc#1130972).\n\n - bcache: Move couple of functions to sysfs.c\n (bsc#1130972).\n\n - bcache: Move couple of string arrays to sysfs.c\n (bsc#1130972).\n\n - bcache: move open brace at end of function definitions\n to next line (bsc#1130972).\n\n - bcache: never writeback a discard operation\n (bsc#1130972).\n\n - bcache: not use hard coded memset size in\n bch_cache_accounting_clear() (bsc#1130972).\n\n - bcache: option to automatically run gc thread after\n writeback (bsc#1130972).\n\n - bcache: panic fix for making cache device (bsc#1130972).\n\n - bcache: Populate writeback_rate_minimum attribute\n (bsc#1130972).\n\n - bcache: prefer 'help' in Kconfig (bsc#1130972).\n\n - bcache: print number of keys in\n trace_bcache_journal_write (bsc#1130972).\n\n - bcache: recal cached_dev_sectors on detach\n (bsc#1130972).\n\n - bcache: remove unnecessary space before ioctl function\n pointer arguments (bsc#1130972).\n\n - bcache: remove unused bch_passthrough_cache\n (bsc#1130972).\n\n - bcache: remove useless parameter of bch_debug_init()\n (bsc#1130972).\n\n - bcache: Replace bch_read_string_list() by\n __sysfs_match_string() (bsc#1130972).\n\n - bcache: replace hard coded number with BUCKET_GC_GEN_MAX\n (bsc#1130972).\n\n - bcache: replace '%pF' by '%pS' in seq_printf()\n (bsc#1130972).\n\n - bcache: replace printk() by pr_*() routines\n (bsc#1130972).\n\n - bcache: replace Symbolic permissions by octal permission\n numbers (bsc#1130972).\n\n - bcache: set writeback_percent in a flexible range\n (bsc#1130972).\n\n - bcache: split combined if-condition code into separate\n ones (bsc#1130972).\n\n - bcache: stop bcache device when backing device is\n offline (bsc#1130972).\n\n - bcache: stop using the deprecated get_seconds()\n (bsc#1130972).\n\n - bcache: style fixes for lines over 80 characters\n (bsc#1130972).\n\n - bcache: style fix to add a blank line after declarations\n (bsc#1130972).\n\n - bcache: style fix to replace 'unsigned' by 'unsigned\n int' (bsc#1130972).\n\n - bcache: treat stale && dirty keys as bad keys\n (bsc#1130972).\n\n - bcache: trivial - remove tailing backslash in macro\n BTREE_FLAG (bsc#1130972).\n\n - bcache: update comment for bch_data_insert\n (bsc#1130972).\n\n - bcache: update comment in sysfs.c (bsc#1130972).\n\n - bcache: use MAX_CACHES_PER_SET instead of magic number 8\n in __bch_bucket_alloc_set (bsc#1130972).\n\n - bcache: use (REQ_META|REQ_PRIO) to indicate bio for\n metadata (bsc#1130972).\n\n - bcache: use REQ_PRIO to indicate bio for metadata\n (bsc#1130972).\n\n - bcache: use routines from lib/crc64.c for CRC64\n calculation (bsc#1130972).\n\n - bcache: use sysfs_strtoul_bool() to set bit-field\n variables (bsc#1130972).\n\n - blkcg: Introduce blkg_root_lookup() (bsc#1131673).\n\n - blkcg: Make blkg_root_lookup() work for queues in bypass\n mode (bsc#1131673).\n\n - blk-mq: adjust debugfs and sysfs register when updating\n nr_hw_queues (bsc#1131673).\n\n - blk-mq: Avoid that submitting a bio concurrently with\n device removal triggers a crash (bsc#1131673).\n\n - blk-mq: change gfp flags to GFP_NOIO in\n blk_mq_realloc_hw_ctxs (bsc#1131673).\n\n - blk-mq: fallback to previous nr_hw_queues when updating\n fails (bsc#1131673).\n\n - blk-mq: init hctx sched after update ctx and hctx\n mapping (bsc#1131673).\n\n - blk-mq: realloc hctx when hw queue is mapped to another\n node (bsc#1131673).\n\n - blk-mq: sync the update nr_hw_queues with\n blk_mq_queue_tag_busy_iter (bsc#1131673).\n\n - block: check_events: do not bother with events if\n unsupported (bsc#1110946, bsc#1119843).\n\n - block: disk_events: introduce event flags (bsc#1110946,\n bsc#1119843).\n\n - block: Ensure that a request queue is dissociated from\n the cgroup controller (bsc#1131673).\n\n - block: Fix a race between request queue removal and the\n block cgroup controller (bsc#1131673).\n\n - block: Introduce blk_exit_queue() (bsc#1131673).\n\n - block: kABI fixes for bio_rewind_iter() removal\n (bsc#1131673).\n\n - block: remove bio_rewind_iter() (bsc#1131673).\n\n - bluetooth: Align minimum encryption key size for LE and\n BR/EDR connections (bsc#1051510).\n\n - bluetooth: btusb: request wake pin with NOAUTOEN\n (bsc#1051510).\n\n - bluetooth: Check L2CAP option sizes returned from\n l2cap_get_conf_opt (bsc#1051510).\n\n - bluetooth: hci_uart: Check if socket buffer is ERR_PTR\n in h4_recv_buf() (bsc#1133731).\n\n - bluetooth: hidp: fix buffer overflow (bsc#1051510).\n\n - bnxt_en: Drop oversize TX packets to prevent errors\n (networking-stable-19_03_07).\n\n - bonding: fix PACKET_ORIGDEV regression (git-fixes).\n\n - bpf: fix use after free in bpf_evict_inode\n (bsc#1083647).\n\n - brcm80211: potential NULL dereference in\n brcmf_cfg80211_vndr_cmds_dcmd_handler() (bsc#1051510).\n\n - btrfs: add a helper to return a head ref (bsc#1134813).\n\n - btrfs: Avoid possible qgroup_rsv_size overflow in\n btrfs_calculate_inode_block_rsv_size (git-fixes).\n\n - btrfs: breakout empty head cleanup to a helper\n (bsc#1134813).\n\n - btrfs: check for refs on snapshot delete resume\n (bsc#1131335).\n\n - btrfs: delayed-ref: Introduce better documented delayed\n ref structures (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: Do not panic when we can't find a root key\n (bsc#1112063).\n\n - btrfs: extent-tree: Open-code process_func in\n __btrfs_mod_ref (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: Factor out common delayed refs init code\n (bsc#1134813).\n\n - btrfs: fix assertion failure on fsync with NO_HOLES\n enabled (bsc#1131848).\n\n - btrfs: Fix bound checking in\n qgroup_trace_new_subtree_blocks (git-fixes).\n\n - btrfs: fix incorrect file size after shrinking truncate\n and fsync (bsc#1130195).\n\n - btrfs: Introduce init_delayed_ref_head (bsc#1134813).\n\n - btrfs: move all ref head cleanup to the helper function\n (bsc#1134813).\n\n - btrfs: move extent_op cleanup to a helper (bsc#1134813).\n\n - btrfs: move ref_mod modification into the if (ref) logic\n (bsc#1134813).\n\n - btrfs: Open-code add_delayed_data_ref (bsc#1134813).\n\n - btrfs: Open-code add_delayed_tree_ref (bsc#1134813).\n\n - btrfs: qgroup: Move reserved data accounting from\n btrfs_delayed_ref_head to btrfs_qgroup_extent_record\n (bsc#1134162).\n\n - btrfs: qgroup: Remove duplicated trace points for\n qgroup_rsv_add/release (bsc#1134160).\n\n - btrfs: remove delayed_ref_node from ref_head\n (bsc#1134813).\n\n - btrfs: remove WARN_ON in log_dir_items (bsc#1131847).\n\n - btrfs: save drop_progress if we drop refs at all\n (bsc#1131336).\n\n - btrfs: split delayed ref head initialization and\n addition (bsc#1134813).\n\n - btrfs: track refs in a rb_tree instead of a list\n (bsc#1134813).\n\n - btrfs: Use init_delayed_ref_common in\n add_delayed_data_ref (bsc#1134813).\n\n - btrfs: Use init_delayed_ref_common in\n add_delayed_tree_ref (bsc#1134813).\n\n - btrfs: Use init_delayed_ref_head in add_delayed_ref_head\n (bsc#1134813).\n\n - cdrom: Fix race condition in cdrom_sysctl_register\n (bsc#1051510).\n\n - ceph: ensure d_name stability in ceph_dentry_hash()\n (bsc#1134461).\n\n - ceph: fix ci->i_head_snapc leak (bsc#1122776).\n\n - ceph: fix use-after-free on symlink traversal\n (bsc#1134459).\n\n - ceph: only use d_name directly when parent is locked\n (bsc#1134460).\n\n - cgroup: fix parsing empty mount option string\n (bsc#1133094).\n\n - cifs: Do not count -ENODATA as failure for query\n directory (bsc#1051510).\n\n - cifs: do not dereference smb_file_target before null\n check (bsc#1051510).\n\n - cifs: Do not hide EINTR after sending network packets\n (bsc#1051510).\n\n - cifs: Do not reconnect TCP session in add_credits()\n (bsc#1051510).\n\n - cifs: Do not reset lease state to NONE on lease break\n (bsc#1051510).\n\n - cifs: Fix adjustment of credits for MTU requests\n (bsc#1051510).\n\n - cifs: Fix credit calculation for encrypted reads with\n errors (bsc#1051510).\n\n - cifs: Fix credits calculations for reads with errors\n (bsc#1051510).\n\n - cifs: fix POSIX lock leak and invalid ptr deref\n (bsc#1114542).\n\n - cifs: Fix possible hang during async MTU reads and\n writes (bsc#1051510).\n\n - cifs: Fix potential OOB access of lock element array\n (bsc#1051510).\n\n - cifs: Fix read after write for files with read caching\n (bsc#1051510).\n\n - clk: fractional-divider: check parent rate only if flag\n is set (bsc#1051510).\n\n - clk: rockchip: fix frac settings of GPLL clock for\n rk3328 (bsc#1051510).\n\n - clk: rockchip: Fix video codec clocks on rk3288\n (bsc#1051510).\n\n - clk: rockchip: fix wrong clock definitions for rk3328\n (bsc#1051510).\n\n - clk: x86: Add system specific quirk to mark clocks as\n critical (bsc#1051510).\n\n - cpupowerutils: bench - Fix cpu online check\n (bsc#1051510).\n\n - cpu/speculation: Add 'mitigations=' cmdline option\n (bsc#1112178).\n\n - crypto: arm/aes-neonbs - do not access already-freed\n walk.iv (bsc#1051510).\n\n - crypto: caam - add missing put_device() call\n (bsc#1129770).\n\n - crypto: ccm - fix incompatibility between 'ccm' and\n 'ccm_base' (bsc#1051510).\n\n - crypto: ccp - Do not free psp_master when PLATFORM_INIT\n fails (bsc#1051510).\n\n - crypto: chacha20poly1305 - set cra_name correctly\n (bsc#1051510).\n\n - crypto: crct10dif-generic - fix use via\n crypto_shash_digest() (bsc#1051510).\n\n - crypto: crypto4xx - properly set IV after de- and\n encrypt (bsc#1051510).\n\n - crypto: fips - Grammar s/options/option/, s/to/the/\n (bsc#1051510).\n\n - crypto: gcm - fix incompatibility between 'gcm' and\n 'gcm_base' (bsc#1051510).\n\n - crypto: pcbc - remove bogus memcpy()s with src == dest\n (bsc#1051510).\n\n - crypto: sha256/arm - fix crash bug in Thumb2 build\n (bsc#1051510).\n\n - crypto: sha512/arm - fix crash bug in Thumb2 build\n (bsc#1051510).\n\n - crypto: skcipher - do not WARN on unprocessed data after\n slow walk step (bsc#1051510).\n\n - crypto: sun4i-ss - Fix invalid calculation of hash end\n (bsc#1051510).\n\n - crypto: vmx - fix copy-paste error in CTR mode\n (bsc#1051510).\n\n - crypto: x86/crct10dif-pcl - fix use via\n crypto_shash_digest() (bsc#1051510).\n\n - crypto: x86/poly1305 - fix overflow during partial\n reduction (bsc#1051510).\n\n - cxgb4: Add capability to get/set SGE Doorbell Queue\n Timer Tick (bsc#1127371).\n\n - cxgb4: Added missing break in ndo_udp_tunnel_(add/del)\n (bsc#1127371).\n\n - cxgb4: Add flag tc_flower_initialized (bsc#1127371).\n\n - cxgb4: Add new T5 PCI device id 0x50ae (bsc#1127371).\n\n - cxgb4: Add new T5 PCI device ids 0x50af and 0x50b0\n (bsc#1127371).\n\n - cxgb4: Add new T6 PCI device ids 0x608a (bsc#1127371).\n\n - cxgb4: add per rx-queue counter for packet errors\n (bsc#1127371).\n\n - cxgb4: Add support for FW_ETH_TX_PKT_VM_WR\n (bsc#1127371).\n\n - cxgb4: add support to display DCB info (bsc#1127371).\n\n - cxgb4: Add support to read actual provisioned resources\n (bsc#1127371).\n\n - cxgb4: collect ASIC LA dumps from ULP TX (bsc#1127371).\n\n - cxgb4: collect hardware queue descriptors (bsc#1127371).\n\n - cxgb4: collect number of free PSTRUCT page pointers\n (bsc#1127371).\n\n - cxgb4: convert flower table to use rhashtable\n (bsc#1127371).\n\n - cxgb4: cxgb4: use FW_PORT_ACTION_L1_CFG32 for 32 bit\n capability (bsc#1127371).\n\n - cxgb4/cxgb4vf: Add support for SGE doorbell queue timer\n (bsc#1127371).\n\n - cxgb4/cxgb4vf: Fix mac_hlist initialization and free\n (bsc#1127374).\n\n - cxgb4/cxgb4vf: Link management changes (bsc#1127371).\n\n - cxgb4/cxgb4vf: Program hash region for\n (t4/t4vf)_change_mac() (bsc#1127371).\n\n - cxgb4: display number of rx and tx pages free\n (bsc#1127371).\n\n - cxgb4: do not return DUPLEX_UNKNOWN when link is down\n (bsc#1127371).\n\n - cxgb4: Export sge_host_page_size to ulds (bsc#1127371).\n\n - cxgb4: fix the error path of cxgb4_uld_register()\n (bsc#1127371).\n\n - cxgb4: impose mandatory VLAN usage when non-zero TAG ID\n (bsc#1127371).\n\n - cxgb4: Mask out interrupts that are not enabled\n (bsc#1127175).\n\n - cxgb4: move Tx/Rx free pages collection to common code\n (bsc#1127371).\n\n - cxgb4: remove redundant assignment to\n vlan_cmd.dropnovlan_fm (bsc#1127371).\n\n - cxgb4: Remove SGE_HOST_PAGE_SIZE dependency on page size\n (bsc#1127371).\n\n - cxgb4: remove the unneeded locks (bsc#1127371).\n\n - cxgb4: specify IQTYPE in fw_iq_cmd (bsc#1127371).\n\n - cxgb4: Support ethtool private flags (bsc#1127371).\n\n - cxgb4: update supported DCB version (bsc#1127371).\n\n - cxgb4: use new fw interface to get the VIN and smt index\n (bsc#1127371).\n\n - cxgb4vf: Few more link management changes (bsc#1127374).\n\n - cxgb4vf: fix memleak in mac_hlist initialization\n (bsc#1127374).\n\n - cxgb4vf: Update port information in cxgb4vf_open()\n (bsc#1127374).\n\n - device_cgroup: fix RCU imbalance in error case\n (bsc#1051510).\n\n - Disable kgdboc failed by echo space to\n /sys/module/kgdboc/parameters/kgdboc (bsc#1051510).\n\n - dmaengine: axi-dmac: Do not check the number of frames\n for alignment (bsc#1051510).\n\n - dmaengine: imx-dma: fix warning comparison of distinct\n pointer types (bsc#1051510).\n\n - dmaengine: qcom_hidma: assign channel cookie correctly\n (bsc#1051510).\n\n - dmaengine: sh: rcar-dmac: With cyclic DMA residue 0 is\n valid (bsc#1051510).\n\n - dmaengine: tegra210-dma: free dma controller in remove()\n (bsc#1051510).\n\n - dmaengine: tegra: avoid overflow of byte tracking\n (bsc#1051510).\n\n - dm: disable DISCARD if the underlying storage no longer\n supports it (bsc#1114638).\n\n - drivers: hv: vmbus: Offload the handling of channels to\n two workqueues (bsc#1130567).\n\n - drivers: hv: vmbus: Reset the channel callback in\n vmbus_onoffer_rescind() (bsc#1130567).\n\n - drm: Auto-set allow_fb_modifiers when given modifiers at\n plane init (bsc#1051510).\n\n - drm: bridge: dw-hdmi: Fix overflow workaround for\n Rockchip SoCs (bsc#1113722)\n\n - drm/dp/mst: Configure no_stop_bit correctly for remote\n i2c xfers (bsc#1051510).\n\n - drm/fb-helper: dpms_legacy(): Only set on connectors in\n use (bsc#1051510).\n\n - drm/i915: Fix I915_EXEC_RING_MASK (bsc#1051510).\n\n - drm/i915/gvt: Add in context mmio 0x20D8 to gen9 mmio\n list (bsc#1113722)\n\n - drm/i915/gvt: Annotate iomem usage (bsc#1051510).\n\n - drm/i915/gvt: do not deliver a workload if its creation\n fails (bsc#1051510).\n\n - drm/i915/gvt: do not let pin count of shadow mm go\n negative (bsc#1113722)\n\n - drm/i915/gvt: Fix incorrect mask of mmio 0x22028 in\n gen8/9 mmio list (bnc#1113722)\n\n - drm/i915/gvt: Fix MI_FLUSH_DW parsing with correct index\n check (bsc#1051510).\n\n - drm/mediatek: Fix an error code in\n mtk_hdmi_dt_parse_pdata() (bsc#1113722)\n\n - drm/mediatek: fix possible object reference leak\n (bsc#1051510).\n\n - drm/meson: add size and alignment requirements for dumb\n buffers (bnc#1113722)\n\n - drm/meson: Fix invalid pointer in meson_drv_unbind()\n (bsc#1051510).\n\n - drm/meson: Uninstall IRQ handler (bsc#1051510).\n\n - drm/nouveau: Stop using drm_crtc_force_disable\n (bsc#1051510).\n\n - drm/nouveau/volt/gf117: fix speedo readout register\n (bsc#1051510).\n\n - drm/rockchip: shutdown drm subsystem on shutdown\n (bsc#1051510).\n\n - drm/rockchip: vop: reset scale mode when win is disabled\n (bsc#1113722)\n\n - drm/sun4i: Add missing drm_atomic_helper_shutdown at\n driver unbind (bsc#1113722)\n\n - drm/sun4i: Fix component unbinding and component master\n deletion (bsc#1113722)\n\n - drm/sun4i: rgb: Change the pixel clock validation check\n (bnc#1113722)\n\n - drm/sun4i: Set device driver data at bind time for use\n in unbind (bsc#1113722)\n\n - drm/sun4i: Unbind components before releasing DRM and\n memory (bsc#1113722)\n\n - drm/ttm: Remove warning about inconsistent mapping\n information (bnc#1131488)\n\n - drm/udl: add a release method and delay modeset teardown\n (bsc#1085536)\n\n - drm/vc4: Fix memory leak during gpu reset. (bsc#1113722)\n\n - dsa: mv88e6xxx: Ensure all pending interrupts are\n handled prior to exit (networking-stable-19_02_20).\n\n - dt-bindings: net: Fix a typo in the phy-mode list for\n ethernet bindings (bsc#1129770).\n\n - dwc2: gadget: Fix completed transfer size calculation in\n DDMA (bsc#1051510).\n\n - e1000e: fix cyclic resets at link up with active tx\n (bsc#1051510).\n\n - e1000e: Fix -Wformat-truncation warnings (bsc#1051510).\n\n - ext2: Fix underflow in ext2_max_size() (bsc#1131174).\n\n - ext4: add mask of ext4 flags to swap (bsc#1131170).\n\n - ext4: add missing brelse() in add_new_gdb_meta_bg()\n (bsc#1131176).\n\n - ext4: brelse all indirect buffer in\n ext4_ind_remove_space() (bsc#1131173).\n\n - ext4: cleanup bh release code in ext4_ind_remove_space()\n (bsc#1131851).\n\n - ext4: cleanup pagecache before swap i_data\n (bsc#1131178).\n\n - ext4: fix check of inode in swap_inode_boot_loader\n (bsc#1131177).\n\n - ext4: fix data corruption caused by unaligned direct AIO\n (bsc#1131172).\n\n - ext4: fix EXT4_IOC_SWAP_BOOT (bsc#1131180).\n\n - ext4: fix NULL pointer dereference while journal is\n aborted (bsc#1131171).\n\n - ext4: update quota information while swapping boot\n loader inode (bsc#1131179).\n\n - fbdev: fbmem: fix memory access if logo is bigger than\n the screen (bsc#1051510).\n\n - fix cgroup_do_mount() handling of failure exits\n (bsc#1133095).\n\n - Fix kabi after 'md: batch flush requests.'\n (bsc#1119680).\n\n - Fix struct page kABI after adding atomic for ppc\n (bsc#1131326, bsc#1108937).\n\n - fm10k: Fix a potential NULL pointer dereference\n (bsc#1051510).\n\n - fs: avoid fdput() after failed fdget() in\n vfs_dedupe_file_range() (bsc#1132384, bsc#1132219).\n\n - fs/nfs: Fix nfs_parse_devname to not modify it's\n argument (git-fixes).\n\n - futex: Cure exit race (bsc#1050549).\n\n - futex: Ensure that futex address is aligned in\n handle_futex_death() (bsc#1050549).\n\n - futex: Handle early deadlock return correctly\n (bsc#1050549).\n\n - ghes, EDAC: Fix ghes_edac registration (bsc#1133176).\n\n - gpio: adnp: Fix testing wrong value in\n adnp_gpio_direction_input (bsc#1051510).\n\n - gpio: aspeed: fix a potential NULL pointer dereference\n (bsc#1051510).\n\n - gpio: gpio-omap: fix level interrupt idling\n (bsc#1051510).\n\n - gpio: of: Fix of_gpiochip_add() error path\n (bsc#1051510).\n\n - gre6: use log_ecn_error module parameter in\n ip6_tnl_rcv() (git-fixes).\n\n - hid: debug: fix race condition with between rdesc_show()\n and device removal (bsc#1051510).\n\n - hid: i2c-hid: Ignore input report if there's no data\n present on Elan touchpanels (bsc#1133486).\n\n - hid: input: add mapping for Assistant key (bsc#1051510).\n\n - hid: intel-ish-hid: avoid binding wrong ishtp_cl_device\n (bsc#1051510).\n\n - hid: intel-ish: ipc: handle PIMR before ish_wakeup also\n clear PISR busy_clear bit (bsc#1051510).\n\n - hid: logitech: check the return value of\n create_singlethread_workqueue (bsc#1051510).\n\n - hv_netvsc: Fix IP header checksum for coalesced packets\n (networking-stable-19_03_07).\n\n - hwmon: (f71805f) Use request_muxed_region for Super-IO\n accesses (bsc#1051510).\n\n - hwmon: (pc87427) Use request_muxed_region for Super-IO\n accesses (bsc#1051510).\n\n - hwmon: (smsc47b397) Use request_muxed_region for\n Super-IO accesses (bsc#1051510).\n\n - hwmon: (smsc47m1) Use request_muxed_region for Super-IO\n accesses (bsc#1051510).\n\n - hwmon: (vt1211) Use request_muxed_region for Super-IO\n accesses (bsc#1051510).\n\n - hwmon: (w83627hf) Use request_muxed_region for Super-IO\n accesses (bsc#1051510).\n\n - hwrng: virtio - Avoid repeated init of completion\n (bsc#1051510).\n\n - i2c: Make i2c_unregister_device() NULL-aware\n (bsc#1108193).\n\n - ibmvnic: Enable GRO (bsc#1132227).\n\n - ibmvnic: Fix completion structure initialization\n (bsc#1131659).\n\n - ibmvnic: Fix netdev feature clobbering during a reset\n (bsc#1132227).\n\n - iio: adc: at91: disable adc channel interrupt in timeout\n case (bsc#1051510).\n\n - iio: adc: fix warning in Qualcomm PM8xxx HK/XOADC driver\n (bsc#1051510).\n\n - iio: ad_sigma_delta: select channel when reading\n register (bsc#1051510).\n\n - iio: core: fix a possible circular locking dependency\n (bsc#1051510).\n\n - iio: cros_ec: Fix the maths for gyro scale calculation\n (bsc#1051510).\n\n - iio: dac: mcp4725: add missing powerdown bits in store\n eeprom (bsc#1051510).\n\n - iio: Fix scan mask selection (bsc#1051510).\n\n - iio/gyro/bmg160: Use millidegrees for temperature scale\n (bsc#1051510).\n\n - iio: gyro: mpu3050: fix chip ID reading (bsc#1051510).\n\n - Input: introduce KEY_ASSISTANT (bsc#1051510).\n\n - Input: snvs_pwrkey - initialize necessary driver data\n before enabling IRQ (bsc#1051510).\n\n - Input: synaptics-rmi4 - write config register values to\n the right offset (bsc#1051510).\n\n - intel_idle: add support for Jacobsville (jsc#SLE-5394).\n\n - intel_th: msu: Fix single mode with IOMMU (bsc#1051510).\n\n - intel_th: pci: Add Comet Lake support (bsc#1051510).\n\n - io: accel: kxcjk1013: restore the range after resume\n (bsc#1051510).\n\n - iommu/amd: Set exclusion range correctly (bsc#1130425).\n\n - iommu/vt-d: Do not request page request irq under\n dmar_global_lock (bsc#1135006).\n\n - iommu/vt-d: Make kernel parameter igfx_off work with\n vIOMMU (bsc#1135007).\n\n - iommu/vt-d: Set intel_iommu_gfx_mapped correctly\n (bsc#1135008).\n\n - ip6_tunnel: fix ip6 tunnel lookup in collect_md mode\n (git-fixes).\n\n - ipmi: Fix I2C client removal in the SSIF driver\n (bsc#1108193).\n\n - ipmi:ssif: compare block number correctly for multi-part\n return messages (bsc#1051510).\n\n - ipmi_ssif: Remove duplicate NULL check (bsc#1108193).\n\n - ipv4: Return error for RTA_VIA attribute\n (networking-stable-19_03_07).\n\n - ipv6: Fix dangling pointer when ipv6 fragment\n (git-fixes).\n\n - ipv6: propagate genlmsg_reply return code\n (networking-stable-19_02_24).\n\n - ipv6: Return error for RTA_VIA attribute\n (networking-stable-19_03_07).\n\n - ipv6: sit: reset ip header pointer in ipip6_rcv\n (git-fixes).\n\n - ipvlan: disallow userns cap_net_admin to change global\n mode/flags (networking-stable-19_03_15).\n\n - ipvs: remove IPS_NAT_MASK check to fix passive FTP\n (git-fixes).\n\n - It's wrong to add len to sector_nr in raid10 reshape\n twice (git-fixes).\n\n - iw_cxgb4: cq/qp mask depends on bar2 pages in a host\n page (bsc#1127371).\n\n - iwiwifi: fix bad monitor buffer register addresses\n (bsc#1129770).\n\n - iwlwifi: fix send hcmd timeout recovery flow\n (bsc#1129770).\n\n - jbd2: clear dirty flag when revoking a buffer from an\n older transaction (bsc#1131167).\n\n - jbd2: fix compile warning when using JBUFFER_TRACE\n (bsc#1131168).\n\n - kABI: restore icmp_send (kabi).\n\n - kabi/severities: add cxgb4 and cxgb4vf shared data to\n the whitelis (bsc#1127372)\n\n - kABI workaround for removed usb_interface.pm_usage_cnt\n field (bsc#1051510).\n\n - kABI workaround for snd_seq_kernel_client_enqueue() API\n changes (bsc#1051510).\n\n - kbuild: modversions: Fix relative CRC byte order\n interpretation (bsc#1131290).\n\n - kbuild: strip whitespace in cmd_record_mcount findstring\n (bsc#1065729).\n\n - kcm: switch order of device registration to fix a crash\n (bnc#1130527).\n\n - kernel/sysctl.c: add missing range check in\n do_proc_dointvec_minmax_conv (bsc#1051510).\n\n - kernel/sysctl.c: fix out-of-bounds access when setting\n file-max (bsc#1051510).\n\n - kernfs: do not set dentry->d_fsdata (boo#1133115).\n\n - KEYS: always initialize keyring_index_key::desc_len\n (bsc#1051510).\n\n - KEYS: user: Align the payload buffer (bsc#1051510).\n\n - KVM: Call kvm_arch_memslots_updated() before updating\n memslots (bsc#1132563).\n\n - KVM: Fix kABI for AMD SMAP Errata workaround\n (bsc#1133149).\n\n - KVM: Fix UAF in nested posted interrupt processing\n (bsc#1134199).\n\n - KVM: nVMX: Apply addr size mask to effective address for\n VMX instructions (bsc#1132561).\n\n - KVM: nVMX: Clear reserved bits of #DB exit qualification\n (bsc#1134200).\n\n - KVM: nVMX: Ignore limit checks on VMX instructions using\n flat segments (bsc#1132564).\n\n - KVM: nVMX: restore host state in nested_vmx_vmexit for\n VMFail (bsc#1134201).\n\n - KVM: nVMX: Sign extend displacements of VMX instr's mem\n operands (bsc#1132562).\n\n - KVM: PPC: Book3S HV: Fix race between\n kvm_unmap_hva_range and MMU mode switch (bsc#1061840).\n\n - KVM: SVM: Workaround errata#1096 (insn_len maybe zero on\n SMAP violation) (bsc#1133149).\n\n - KVM: VMX: Compare only a single byte for VMCS'\n 'launched' in vCPU-run (bsc#1132555).\n\n - KVM: VMX: Zero out *all* general purpose registers after\n VM-Exit (bsc#1134202).\n\n - KVM: x86: Always use 32-bit SMRAM save state for 32-bit\n kernels (bsc#1134203).\n\n - KVM: x86: Do not clear EFER during SMM transitions for\n 32-bit vCPU (bsc#1134204).\n\n - KVM: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD\n hosts (bsc#1114279).\n\n - KVM: x86/mmu: Detect MMIO generation wrap in any address\n space (bsc#1132570).\n\n - KVM: x86/mmu: Do not cache MMIO accesses while memslots\n are in flux (bsc#1132571).\n\n - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID\n (bsc#1111331).\n\n - KVM: x86: svm: make sure NMI is injected after\n nmi_singlestep (bsc#1134205).\n\n - leds: avoid races with workqueue (bsc#1051510).\n\n - leds: pca9532: fix a potential NULL pointer dereference\n (bsc#1051510).\n\n - lib: add crc64 calculation routines (bsc#1130972).\n\n - libata: fix using DMA buffers on stack (bsc#1051510).\n\n - lib: do not depend on linux headers being installed\n (bsc#1130972).\n\n - lightnvm: if LUNs are already allocated fix return\n (bsc#1085535).\n\n - linux/kernel.h: Use parentheses around argument in\n u64_to_user_ptr() (bsc#1051510).\n\n - Linux v5.0-rc7: bcm2835 MMC issues (bsc#1070872).\n\n - locking/atomics, asm-generic: Move some macros from\n <linux/bitops.h> to a new <linux/bits.h> file\n (bsc#1111331).\n\n - lpfc: validate command in\n lpfc_sli4_scmd_to_wqidx_distr() (bsc#1129138).\n\n - mac80211: do not call driver wake_tx_queue op during\n reconfig (bsc#1051510).\n\n - md: batch flush requests (bsc#1119680).\n\n - md: Fix failed allocation of md_register_thread\n (git-fixes).\n\n - md/raid1: do not clear bitmap bits on interrupted\n recovery (git-fixes).\n\n - md/raid5: fix 'out of memory' during raid cache recovery\n (git-fixes).\n\n - media: cx18: update *pos correctly in cx18_read_pos()\n (bsc#1051510).\n\n - media: cx23885: check allocation return (bsc#1051510).\n\n - media: davinci-isif: avoid uninitialized variable use\n (bsc#1051510).\n\n - media: ivtv: update *pos correctly in ivtv_read_pos()\n (bsc#1051510).\n\n - media: mt9m111: set initial frame size other than 0x0\n (bsc#1051510).\n\n - media: mtk-jpeg: Correct return type for mem2mem buffer\n helpers (bsc#1051510).\n\n - media: mx2_emmaprp: Correct return type for mem2mem\n buffer helpers (bsc#1051510).\n\n - media: ov2659: fix unbalanced mutex_lock/unlock\n (bsc#1051510).\n\n - media: pvrusb2: Prevent a buffer overflow (bsc#1129770).\n\n - media: s5p-g2d: Correct return type for mem2mem buffer\n helpers (bsc#1051510).\n\n - media: s5p-jpeg: Correct return type for mem2mem buffer\n helpers (bsc#1051510).\n\n - media: serial_ir: Fix use-after-free in\n serial_ir_init_module (bsc#1051510).\n\n - media: sh_veu: Correct return type for mem2mem buffer\n helpers (bsc#1051510).\n\n - media: tw5864: Fix possible NULL pointer dereference in\n tw5864_handle_frame (bsc#1051510).\n\n - media: vivid: use vfree() instead of kfree() for\n dev->bitmap_cap (bsc#1051510).\n\n - media: wl128x: Fix an error code in\n fm_download_firmware() (bsc#1051510).\n\n - media: wl128x: prevent two potential buffer overflows\n (bsc#1051510).\n\n - mISDN: hfcpci: Test both vendor & device ID for Digium\n HFC4S (bsc#1051510).\n\n - missing barriers in some of unix_sock ->addr and ->path\n accesses (networking-stable-19_03_15).\n\n - mmc: core: fix possible use after free of host\n (bsc#1051510).\n\n - mmc: davinci: remove extraneous __init annotation\n (bsc#1051510).\n\n - mmc: sdhci: Fix data command CRC error handling\n (bsc#1051510).\n\n - mmc: sdhci: Handle auto-command errors (bsc#1051510).\n\n - mmc: sdhci: Rename SDHCI_ACMD12_ERR and\n SDHCI_INT_ACMD12ERR (bsc#1051510).\n\n - mmc: tmio_mmc_core: do not claim spurious interrupts\n (bsc#1051510).\n\n - mm/debug.c: fix __dump_page when mapping->host is not\n set (bsc#1131934).\n\n - mm/huge_memory.c: fix modifying of page protection by\n insert_pfn_pmd() (bsc#1126740).\n\n - mm/page_isolation.c: fix a wrong flag in\n set_migratetype_isolate() (bsc#1131935).\n\n - mm/vmalloc: fix size check for\n remap_vmalloc_range_partial() (bsc#1133825).\n\n - mpls: Return error for RTA_GATEWAY attribute\n (networking-stable-19_03_07).\n\n - mt7601u: bump supported EEPROM version (bsc#1051510).\n\n - mtd: docg3: fix a possible memory leak of mtd->name\n (bsc#1051510).\n\n - mtd: docg3: Fix passing zero to 'PTR_ERR' warning in\n doc_probe_device (bsc#1051510).\n\n - mtd: nand: omap: Fix comment in platform data using\n wrong Kconfig symbol (bsc#1051510).\n\n - mtd: part: fix incorrect format specifier for an\n unsigned long long (bsc#1051510).\n\n - mtd: spi-nor: intel-spi: Avoid crossing 4K address\n boundary on read/write (bsc#1129770).\n\n - mwifiex: do not advertise IBSS features without FW\n support (bsc#1129770).\n\n - mwifiex: Fix mem leak in mwifiex_tm_cmd (bsc#1051510).\n\n - mwifiex: prevent an array overflow (bsc#1051510).\n\n - mwl8k: Fix rate_idx underflow (bsc#1051510).\n\n - net: Add header for usage of fls64()\n (networking-stable-19_02_20).\n\n - net: Add __icmp_send helper\n (networking-stable-19_03_07).\n\n - net: avoid false positives in untrusted gso validation\n (git-fixes).\n\n - net: avoid skb_warn_bad_offload on IS_ERR (git-fixes).\n\n - net: avoid use IPCB in cipso_v4_error\n (networking-stable-19_03_07).\n\n - net: bridge: add vlan_tunnel to bridge port policies\n (git-fixes).\n\n - net: bridge: fix per-port af_packet sockets (git-fixes).\n\n - net: bridge: multicast: use rcu to access port list from\n br_multicast_start_querier (git-fixes).\n\n - net: datagram: fix unbounded loop in\n __skb_try_recv_datagram() (git-fixes).\n\n - net: Do not allocate page fragments that are not skb\n aligned (networking-stable-19_02_20).\n\n - net: dsa: legacy: do not unmask port bitmaps\n (git-fixes).\n\n - net: dsa: mv88e6xxx: Fix u64 statistics\n (networking-stable-19_03_07).\n\n - netfilter: bridge: ebt_among: add missing match size\n checks (git-fixes).\n\n - netfilter: bridge: ebt_among: add more missing match\n size checks (git-fixes).\n\n - netfilter: bridge: set skb transport_header before\n entering NF_INET_PRE_ROUTING (git-fixes).\n\n - netfilter: drop template ct when conntrack is skipped\n (git-fixes).\n\n - netfilter: ip6t_MASQUERADE: add dependency on conntrack\n module (git-fixes).\n\n - netfilter: ipset: Missing nfnl_lock()/nfnl_unlock() is\n added to ip_set_net_exit() (git-fixes).\n\n - netfilter: ipv6: fix use-after-free Write in\n nf_nat_ipv6_manip_pkt (git-fixes).\n\n - netfilter: nf_socket: Fix out of bounds access in\n nf_sk_lookup_slow_v(4,6) (git-fixes).\n\n - netfilter: x_tables: avoid out-of-bounds reads in\n xt_request_find_(match|target) (git-fixes).\n\n - netfilter: x_tables: fix int overflow in\n xt_alloc_table_info() (git-fixes).\n\n - net: Fix for_each_netdev_feature on Big endian\n (networking-stable-19_02_20).\n\n - net: fix IPv6 prefix route residue\n (networking-stable-19_02_20).\n\n - net: Fix untag for vlan packets without ethernet header\n (git-fixes).\n\n - net: Fix vlan untag for bridge and vlan_dev with\n reorder_hdr off (git-fixes).\n\n - net/hsr: Check skb_put_padto() return value (git-fixes).\n\n - net: hsr: fix memory leak in hsr_dev_finalize()\n (networking-stable-19_03_15).\n\n - net/hsr: fix possible crash in add_timer()\n (networking-stable-19_03_15).\n\n - net/ibmvnic: Update carrier state after link state\n change (bsc#1135100).\n\n - net/ibmvnic: Update MAC address settings after adapter\n reset (bsc#1134760).\n\n - netlabel: fix out-of-bounds memory accesses\n (networking-stable-19_03_07).\n\n - netlink: fix nla_put_(u8,u16,u32) for KASAN (git-fixes).\n\n - net/mlx5e: Do not overwrite pedit action when multiple\n pedit used (networking-stable-19_02_24).\n\n - net: nfc: Fix NULL dereference on nfc_llcp_build_tlv\n fails (networking-stable-19_03_07).\n\n - net/packet: fix 4gb buffer limit due to overflow check\n (networking-stable-19_02_24).\n\n - net/packet: Set __GFP_NOWARN upon allocation in\n alloc_pg_vec (git-fixes).\n\n - net_sched: acquire RTNL in tc_action_net_exit()\n (git-fixes).\n\n - net_sched: fix two more memory leaks in cls_tcindex\n (networking-stable-19_02_24).\n\n - net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for\n tables > 255 (networking-stable-19_03_15).\n\n - net: sit: fix memory leak in sit_init_net()\n (networking-stable-19_03_07).\n\n - net: sit: fix UBSAN Undefined behaviour in check_6rd\n (networking-stable-19_03_15).\n\n - net: socket: set sock->sk to NULL after calling\n proto_ops::release() (networking-stable-19_03_07).\n\n - net: validate untrusted gso packets without csum offload\n (networking-stable-19_02_20).\n\n - net/x25: fix a race in x25_bind()\n (networking-stable-19_03_15).\n\n - net/x25: fix use-after-free in x25_device_event()\n (networking-stable-19_03_15).\n\n - net/x25: reset state in x25_connect()\n (networking-stable-19_03_15).\n\n - net: xfrm: use preempt-safe this_cpu_read() in\n ipcomp_alloc_tfms() (git-fixes).\n\n - NFC: nci: Add some bounds checking in\n nci_hci_cmd_received() (bsc#1051510).\n\n - NFS: Add missing encode / decode sequence_maxsz to v4.2\n operations (git-fixes).\n\n - nfsd4: catch some false session retries (git-fixes).\n\n - nfsd4: fix cached replies to solo SEQUENCE compounds\n (git-fixes).\n\n - NFS: Do not recoalesce on error in\n nfs_pageio_complete_mirror() (git-fixes).\n\n - NFS: Do not use page_file_mapping after removing the\n page (git-fixes).\n\n - NFS: Fix an I/O request leakage in nfs_do_recoalesce\n (git-fixes).\n\n - NFS: Fix a soft lockup in the delegation recovery code\n (git-fixes).\n\n - NFS: Fix a typo in nfs_init_timeout_values()\n (git-fixes).\n\n - NFS: Fix dentry revalidation on NFSv4 lookup\n (bsc#1132618).\n\n - NFS: Fix I/O request leakages (git-fixes).\n\n - NFS: fix mount/umount race in nlmclnt (git-fixes).\n\n - NFS/pnfs: Bulk destroy of layouts needs to be safe\n w.r.t. umount (git-fixes).\n\n - NFSv4.1 do not free interrupted slot on open\n (git-fixes).\n\n - NFSv4.1: Reinitialise sequence results before\n retransmitting a request (git-fixes).\n\n - NFSv4/flexfiles: Fix invalid deref in\n FF_LAYOUT_DEVID_NODE() (git-fixes).\n\n - nvme: add proper discard setup for the multipath device\n (bsc#1114638).\n\n - nvme: fix the dangerous reference of namespaces list\n (bsc#1131673).\n\n - nvme: make sure ns head inherits underlying device\n limits (bsc#1131673).\n\n - nvme-multipath: avoid crash on invalid subsystem cntlid\n enumeration (bsc#1129273).\n\n - nvme-multipath: split bios with the ns_head bio_set\n before submitting (bsc#1103259, bsc#1131673).\n\n - nvme: only reconfigure discard if necessary\n (bsc#1114638).\n\n - ocfs2: fix inode bh swapping mixup in\n ocfs2_reflink_inodes_lock (bsc#1131169).\n\n - ocfs2: turn on OCFS2_FS_STATS setting(bsc#1134393) We\n need to turn on OCFS2_FS_STATS kernel configuration\n setting, to fix bsc#1134393.\n\n - omapfb: add missing of_node_put after\n of_device_is_available (bsc#1051510).\n\n - openvswitch: add seqadj extension when NAT is used\n (bsc#1051510).\n\n - openvswitch: fix flow actions reallocation\n (bsc#1051510).\n\n - packet: validate msg_namelen in send directly\n (git-fixes).\n\n - PCI: Add function 1 DMA alias quirk for Marvell 9170\n SATA controller (bsc#1051510).\n\n - PCI: designware-ep: Read-only registers need\n DBI_RO_WR_EN to be writable (bsc#1051510).\n\n - PCI: pciehp: Convert to threaded IRQ (bsc#1133005).\n\n - PCI: pciehp: Ignore Link State Changes after powering\n off a slot (bsc#1133005).\n\n - phy: sun4i-usb: Make sure to disable PHY0 passby for\n peripheral mode (bsc#1051510).\n\n - phy: sun4i-usb: Support set_mode to USB_HOST for non-OTG\n PHYs (bsc#1051510).\n\n - platform/x86: alienware-wmi: printing the wrong error\n code (bsc#1051510).\n\n - platform/x86: dell-rbtn: Add missing #include\n (bsc#1051510).\n\n - platform/x86: intel_pmc_ipc: adding error handling\n (bsc#1051510).\n\n - platform/x86: intel_punit_ipc: Revert 'Fix resource\n ioremap warning' (bsc#1051510).\n\n - platform/x86: pmc_atom: Drop __initconst on dmi table\n (bsc#1051510).\n\n - platform/x86: sony-laptop: Fix unintentional\n fall-through (bsc#1051510).\n\n - powerpc/64: Call setup_barrier_nospec() from\n setup_arch() (bsc#1131107).\n\n - powerpc/64: Disable the speculation barrier from the\n command line (bsc#1131107).\n\n - powerpc64/ftrace: Include ftrace.h needed for\n enable/disable calls (bsc#1088804, git-fixes).\n\n - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific\n (bsc#1131107).\n\n - powerpc/64s: Add new security feature flags for count\n cache flush (bsc#1131107).\n\n - powerpc/64s: Add support for software count cache flush\n (bsc#1131107).\n\n - powerpc/64s: Fix logic when handling unknown CPU\n features (bsc#1055117).\n\n - powerpc/64s: Fix page table fragment refcount race vs\n speculative references (bsc#1131326, bsc#1108937).\n\n - powerpc/asm: Add a patch_site macro & helpers for\n patching instructions (bsc#1131107).\n\n - powerpc: avoid -mno-sched-epilog on GCC 4.9 and newer\n (bsc#1065729).\n\n - powerpc: consolidate -mno-sched-epilog into FTRACE flags\n (bsc#1065729).\n\n - powerpc: Fix 32-bit KVM-PR lockup and host crash with\n MacOS guest (bsc#1061840).\n\n - powerpc/fsl: Fix spectre_v2 mitigations reporting\n (bsc#1131107).\n\n - powerpc/hugetlb: Handle mmap_min_addr correctly in\n get_unmapped_area callback (bsc#1131900).\n\n - powerpc/kvm: Save and restore host AMR/IAMR/UAMOR\n (bsc#1061840).\n\n - powerpc/mm: Add missing tracepoint for tlbie\n (bsc#1055117, git-fixes).\n\n - powerpc/mm: Check secondary hash page table\n (bsc#1065729).\n\n - powerpc/mm: Fix page table dump to work on Radix\n (bsc#1055186, git-fixes).\n\n - powerpc/mm/hash: Handle mmap_min_addr correctly in\n get_unmapped_area topdown search (bsc#1131900).\n\n - powerpc/mm/radix: Display if mappings are exec or not\n (bsc#1055186, git-fixes).\n\n - powerpc/mm/radix: Prettify mapped memory range print out\n (bsc#1055186, git-fixes).\n\n - powerpc/numa: document topology_updates_enabled, disable\n by default (bsc#1133584).\n\n - powerpc/numa: improve control of topology updates\n (bsc#1133584).\n\n - powerpc/perf: Fix unit_sel/cache_sel checks\n (bsc#1053043).\n\n - powerpc/perf: Remove l2 bus events from HW cache event\n array (bsc#1053043).\n\n - powerpc/powernv/cpuidle: Init all present cpus for deep\n states (bsc#1055121).\n\n - powerpc/powernv: Do not reprogram SLW image on every KVM\n guest entry/exit (bsc#1061840).\n\n - powerpc/powernv/ioda2: Remove redundant free of TCE\n pages (bsc#1061840).\n\n - powerpc/powernv/ioda: Allocate indirect TCE levels of\n cached userspace addresses on demand (bsc#1061840).\n\n - powerpc/powernv/ioda: Fix locked_vm counting for memory\n used by IOMMU tables (bsc#1061840).\n\n - powerpc/powernv: Make opal log only readable by root\n (bsc#1065729).\n\n - powerpc/powernv: Query firmware for count cache flush\n settings (bsc#1131107).\n\n - powerpc/powernv: Remove never used pnv_power9_force_smt4\n (bsc#1061840).\n\n - powerpc/pseries: Query hypervisor for count cache flush\n settings (bsc#1131107).\n\n - powerpc/security: Fix spectre_v2 reporting\n (bsc#1131107).\n\n - powerpc/speculation: Support 'mitigations=' cmdline\n option (bsc#1112178).\n\n - powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64\n (bsc#1131587).\n\n - powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies\n across Y2038 (bsc#1131587).\n\n - proc/kcore: do not bounds check against address 0\n (bsc#1051510).\n\n - proc: revalidate kernel thread inodes to root:root\n (bsc#1051510).\n\n - proc/sysctl: fix return error for\n proc_doulongvec_minmax() (bsc#1051510).\n\n - pwm: Fix deadlock warning when removing PWM device\n (bsc#1051510).\n\n - pwm: meson: Consider 128 a valid pre-divider\n (bsc#1051510).\n\n - pwm: meson: Do not disable PWM when setting duty\n repeatedly (bsc#1051510).\n\n - pwm: meson: Use the spin-lock only to protect register\n modifications (bsc#1051510).\n\n - pwm: tiehrpwm: Update shadow register for disabling PWMs\n (bsc#1051510).\n\n - qla2xxx: allow irqbalance control in non-MQ mode\n (bsc#1128979).\n\n - qla2xxx: always allocate qla_tgt_wq (bsc#1131451).\n\n - qmi_wwan: add Olicard 600 (bsc#1051510).\n\n - qmi_wwan: Add support for Quectel EG12/EM12\n (networking-stable-19_03_07).\n\n - RAS/CEC: Check the correct variable in the debugfs error\n handling (bsc#1085535).\n\n - ravb: Decrease TxFIFO depth of Q3 and Q2 to one\n (networking-stable-19_03_15).\n\n - rdma/cxgb4: Add support for 64Byte cqes (bsc#1127371).\n\n - rdma/cxgb4: Add support for kernel mode SRQ's\n (bsc#1127371).\n\n - rdma/cxgb4: Add support for srq functions & structs\n (bsc#1127371).\n\n - rdma/cxgb4: fix some info leaks (bsc#1127371).\n\n - RDMA/cxgb4: Make c4iw_poll_cq_one() easier to analyze\n (bsc#1127371).\n\n - rdma/cxgb4: Remove a set-but-not-used variable\n (bsc#1127371).\n\n - RDMA/iw_cxgb4: Drop __GFP_NOFAIL (bsc#1127371).\n\n - rds: fix refcount bug in rds_sock_addref (git-fixes).\n\n - rds: tcp: atomically purge entries from\n rds_tcp_conn_list during netns delete (git-fixes).\n\n - Re-export snd_cards for kABI compatibility\n (bsc#1051510).\n\n - regulator: tps65086: Fix tps65086_ldoa1_ranges for\n selector 0xB (bsc#1051510).\n\n - Revert 'ALSA: seq: Protect in-kernel ioctl calls with\n mutex' (bsc#1051510).\n\n - Revert 'block: unexport DISK_EVENT_MEDIA_CHANGE for\n legacy/fringe drivers' (bsc#1110946, bsc#1119843).\n\n - Revert 'drm/sun4i: rgb: Change the pixel clock\n validation check (bnc#1113722)' \n\n - Revert 'ide: unexport DISK_EVENT_MEDIA_CHANGE for ide-gd\n and ide-cd' (bsc#1110946).\n\n - Revert 'tty: pty: Fix race condition between\n release_one_tty and pty_write' (bsc#1051510).\n\n - ring-buffer: Check if memory is available before\n allocation (bsc#1132531).\n\n - route: set the deleted fnhe fnhe_daddr to 0 in\n ip_del_fnhe to fix a race (networking-stable-19_03_15).\n\n - rt2x00: do not increment sequence number while\n re-transmitting (bsc#1051510).\n\n - rtlwifi: rtl8723ae: Fix missing break in switch\n statement (bsc#1051510).\n\n - rxrpc: Do not release call mutex on error pointer\n (git-fixes).\n\n - rxrpc: Do not treat call aborts as conn aborts\n (git-fixes).\n\n - rxrpc: Fix client call queueing, waiting for channel\n (networking-stable-19_03_15).\n\n - rxrpc: Fix Tx ring annotation after initial Tx failure\n (git-fixes).\n\n - s390/dasd: fix panic for failed online processing\n (bsc#1132589).\n\n - s390/pkey: move pckmo subfunction available checks away\n from module init (bsc#1128544).\n\n - s390/speculation: Support 'mitigations=' cmdline option\n (bsc#1112178).\n\n - sc16is7xx: missing unregister/delete driver on error in\n sc16is7xx_init() (bsc#1051510).\n\n - sc16is7xx: move label 'err_spi' to correct section\n (bsc#1051510).\n\n - sc16is7xx: put err_spi and err_i2c into correct #ifdef\n (bsc#1051510).\n\n - scripts: override locale from environment when running\n recordmcount.pl (bsc#1134354).\n\n - scsi: libsas: allocate sense buffer for bsg queue\n (bsc#1131467).\n\n - scsi: qla2xxx: Add new FC-NVMe enable BIT to enable\n FC-NVMe feature (bsc#1130579).\n\n - scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show\n (bsc#1132044).\n\n - sctp: call gso_reset_checksum when computing checksum in\n sctp_gso_segment (networking-stable-19_02_24).\n\n - sctp: only update outstanding_bytes for transmitted\n queue when doing prsctp_prune (git-fixes).\n\n - sctp: set frag_point in sctp_setsockopt_maxseg\n correctly` (git-fixes).\n\n - selinux: use kernel linux/socket.h for genheaders and\n mdp (bsc#1134810).\n\n - serial: 8250_pxa: honor the port number from devicetree\n (bsc#1051510).\n\n - serial: ar933x_uart: Fix build failure with disabled\n console (bsc#1051510).\n\n - serial: max310x: Fix to avoid potential NULL pointer\n dereference (bsc#1051510).\n\n - serial: sh-sci: Fix setting SCSCR_TIE while transferring\n data (bsc#1051510).\n\n - serial: uartps: console_setup() can't be placed to init\n section (bsc#1051510).\n\n - sit: check if IPv6 enabled before calling\n ip6_err_gen_icmpv6_unreach()\n (networking-stable-19_02_24).\n\n - SoC: imx-sgtl5000: add missing put_device()\n (bsc#1051510).\n\n - soc: qcom: gsbi: Fix error handling in gsbi_probe()\n (bsc#1051510).\n\n - soc/tegra: fuse: Fix illegal free of IO base address\n (bsc#1051510).\n\n - soc/tegra: pmc: Drop locking from\n tegra_powergate_is_powered() (bsc#1051510).\n\n - spi: a3700: Clear DATA_OUT when performing a read\n (bsc#1051510).\n\n - spi: bcm2835aux: fix driver to not allow 65535 (=-1)\n cs-gpios (bsc#1051510).\n\n - spi: bcm2835aux: setup gpio-cs to output and correct\n level during setup (bsc#1051510).\n\n - spi: bcm2835aux: warn in dmesg that native cs is not\n really supported (bsc#1051510).\n\n - spi: rspi: Fix sequencer reset during initialization\n (bsc#1051510).\n\n - ssb: Fix possible NULL pointer dereference in\n ssb_host_pcmcia_exit (bsc#1051510).\n\n - staging: comedi: ni_usb6501: Fix possible double-free of\n ->usb_rx_buf (bsc#1051510).\n\n - staging: comedi: ni_usb6501: Fix use of uninitialized\n mutex (bsc#1051510).\n\n - staging: comedi: vmk80xx: Fix possible double-free of\n ->usb_rx_buf (bsc#1051510).\n\n - staging: comedi: vmk80xx: Fix use of uninitialized\n semaphore (bsc#1051510).\n\n - staging: iio: ad7192: Fix ad7193 channel address\n (bsc#1051510).\n\n - staging: rtl8188eu: Fix potential NULL pointer\n dereference of kcalloc (bsc#1051510).\n\n - staging: rtl8712: uninitialized memory in\n read_bbreg_hdl() (bsc#1051510).\n\n - staging: vt6655: Fix interrupt race condition on device\n start up (bsc#1051510).\n\n - staging: vt6655: Remove vif check from vnt_interrupt\n (bsc#1051510).\n\n - stm class: Fix an endless loop in channel allocation\n (bsc#1051510).\n\n - stm class: Fix channel free in stm output free path\n (bsc#1051510).\n\n - stm class: Prevent division by zero (bsc#1051510).\n\n - sunrpc/cache: handle missing listeners better\n (bsc#1126221).\n\n - sunrpc: fix 4 more call sites that were using stack\n memory with a scatterlist (git-fixes).\n\n - supported.conf: Add openvswitch to kernel-default-base\n (bsc#1124839).\n\n - supported.conf: Add vxlan to kernel-default-base\n (bsc#1132083).\n\n - supported.conf: dw_mmc-bluefield is not needed in\n kernel-default-base (bsc#1131574).\n\n - svm/avic: Fix invalidate logical APIC id entry\n (bsc#1132726).\n\n - svm: Fix AVIC DFR and LDR handling (bsc#1132558).\n\n - sysctl: handle overflow for file-max (bsc#1051510).\n\n - tcp: fix TCP_REPAIR_QUEUE bound checking (git-fixes).\n\n - tcp: tcp_v4_err() should be more careful\n (networking-stable-19_02_20).\n\n - thermal/int340x_thermal: Add additional UUIDs\n (bsc#1051510).\n\n - thermal/int340x_thermal: fix mode setting (bsc#1051510).\n\n - tipc: fix race condition causing hung sendto\n (networking-stable-19_03_07).\n\n - tpm: Fix the type of the return value in\n calc_tpm2_event_size() (bsc#1082555).\n\n - tracing: Fix a memory leak by early error exit in\n trace_pid_write() (bsc#1133702).\n\n - tracing: Fix buffer_ref pipe ops (bsc#1133698).\n\n - tracing/hrtimer: Fix tracing bugs by taking all clock\n bases and modes into account (bsc#1132527).\n\n - tty: atmel_serial: fix a potential NULL pointer\n dereference (bsc#1051510).\n\n - tty: increase the default flip buffer limit to 2*640K\n (bsc#1051510).\n\n - tty: pty: Fix race condition between release_one_tty and\n pty_write (bsc#1051510).\n\n - tty: vt.c: Fix TIOCL_BLANKSCREEN console blanking if\n blankinterval == 0 (bsc#1051510).\n\n - tun: fix blocking read (networking-stable-19_03_07).\n\n - tun: remove unnecessary memory barrier\n (networking-stable-19_03_07).\n\n - UAS: fix alignment of scatter/gather segments\n (bsc#1129770).\n\n - udf: Fix crash on IO error during truncate\n (bsc#1131175).\n\n - usb: cdc-acm: fix unthrottle races (bsc#1051510).\n\n - usb: chipidea: Grab the (legacy) USB PHY by phandle\n first (bsc#1051510).\n\n - usb: core: Fix bug caused by duplicate interface PM\n usage counter (bsc#1051510).\n\n - usb: core: Fix unterminated string returned by\n usb_string() (bsc#1051510).\n\n - usb: dwc3: Fix default lpm_nyet_threshold value\n (bsc#1051510).\n\n - usb: f_fs: Avoid crash due to out-of-scope stack ptr\n access (bsc#1051510).\n\n - usb: gadget: net2272: Fix net2272_dequeue()\n (bsc#1051510).\n\n - usb: gadget: net2280: Fix net2280_dequeue()\n (bsc#1051510).\n\n - usb: gadget: net2280: Fix overrun of OUT messages\n (bsc#1051510).\n\n - usb: host: xhci-rcar: Add XHCI_TRUST_TX_LENGTH quirk\n (bsc#1051510).\n\n - usb: mtu3: fix EXTCON dependency (bsc#1051510).\n\n - usb: serial: cp210x: add new device id (bsc#1051510).\n\n - usb: serial: cp210x: fix GPIO in autosuspend\n (bsc#1120902).\n\n - usb: serial: f81232: fix interrupt worker not stop\n (bsc#1051510).\n\n - usb: serial: fix unthrottle races (bsc#1051510).\n\n - usb: serial: ftdi_sio: add additional NovaTech products\n (bsc#1051510).\n\n - usb: serial: option: add Olicard 600 (bsc#1051510).\n\n - usb: serial: option: add support for Quectel EM12\n (bsc#1051510).\n\n - usb-storage: Set virt_boundary_mask to avoid SG\n overflows (bsc#1051510).\n\n - usb: u132-hcd: fix resource leak (bsc#1051510).\n\n - usb: usb251xb: fix to avoid potential NULL pointer\n dereference (bsc#1051510).\n\n - usb: usbip: fix isoc packet num validation in get_pipe\n (bsc#1051510).\n\n - usb: w1 ds2490: Fix bug caused by improper use of\n altsetting array (bsc#1051510).\n\n - usb: yurex: Fix protection fault after device removal\n (bsc#1051510).\n\n - vfio/mdev: Avoid release parent reference during error\n path (bsc#1051510).\n\n - vfio/mdev: Fix aborting mdev child device removal if one\n fails (bsc#1051510).\n\n - vfio_pci: Enable memory accesses before calling\n pci_map_rom (bsc#1051510).\n\n - vfio/pci: use correct format characters (bsc#1051510).\n\n - vfs: allow dedupe of user owned read-only files\n (bsc#1133778, bsc#1132219).\n\n - vfs: avoid problematic remapping requests into partial\n EOF block (bsc#1133850, bsc#1132219).\n\n - vfs: dedupe: extract helper for a single dedup\n (bsc#1133769, bsc#1132219).\n\n - vfs: dedupe should return EPERM if permission is not\n granted (bsc#1133779, bsc#1132219).\n\n - vfs: exit early from zero length remap operations\n (bsc#1132411, bsc#1132219).\n\n - vfs: export vfs_dedupe_file_range_one() to modules\n (bsc#1133772, bsc#1132219).\n\n - vfs: limit size of dedupe (bsc#1132397, bsc#1132219).\n\n - vfs: rename clone_verify_area to remap_verify_area\n (bsc#1133852, bsc#1132219).\n\n - vfs: skip zero-length dedupe requests (bsc#1133851,\n bsc#1132219).\n\n - vfs: swap names of (do,vfs)_clone_file_range()\n (bsc#1133774, bsc#1132219).\n\n - vfs: vfs_clone_file_prep_inodes should return EINVAL for\n a clone from beyond EOF (bsc#1133780, bsc#1132219).\n\n - vhost/vsock: fix reset orphans race with close timeout\n (bsc#1051510).\n\n - video: fbdev: Set pixclock = 0 in goldfishfb\n (bsc#1051510).\n\n - virtio-blk: limit number of hw queues by nr_cpu_ids\n (bsc#1051510).\n\n - virtio: Honour 'may_reduce_num' in\n vring_create_virtqueue (bsc#1051510).\n\n - virtio_pci: fix a NULL pointer reference in vp_del_vqs\n (bsc#1051510).\n\n - vsock/virtio: fix kernel panic after device hot-unplug\n (bsc#1051510).\n\n - vsock/virtio: fix kernel panic from\n virtio_transport_reset_no_sock (bsc#1051510).\n\n - vsock/virtio: reset connected sockets on device removal\n (bsc#1051510).\n\n - vxlan: test dev->flags & IFF_UP before calling\n netif_rx() (networking-stable-19_02_20).\n\n - wil6210: check NULL pointer in\n _wil_cfg80211_merge_extra_ies (bsc#1051510).\n\n - wlcore: Fix memory leak in case wl12xx_fetch_firmware\n failure (bsc#1051510).\n\n - x86/cpu: Sanitize FAM6_ATOM naming (bsc#1111331).\n\n - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests\n (bsc#1111331).\n\n - x86/kvm/hyper-v: avoid spurious pending stimer on vCPU\n init (bsc#1132572).\n\n - x86/kvm/vmx: Add MDS protection when L1D Flush is not\n active (bsc#1111331).\n\n - x86/MCE/AMD, EDAC/mce_amd: Add new error descriptions\n for some SMCA bank types (bsc#1128415).\n\n - x86/MCE/AMD, EDAC/mce_amd: Add new McaTypes for CS, PSP,\n and SMU units (bsc#1128415).\n\n - x86/MCE/AMD, EDAC/mce_amd: Add new MP5, NBIO, and PCIE\n SMCA bank types (bsc#1128415).\n\n - x86/mce/AMD, EDAC/mce_amd: Enumerate Reserved SMCA bank\n type (bsc#1128415).\n\n - x86/mce/AMD: Pass the bank number to\n smca_get_bank_type() (bsc#1128415).\n\n - x86/MCE: Fix kABI for new AMD bank names (bsc#1128415).\n\n - x86/mce: Handle varying MCA bank counts (bsc#1128415).\n\n - x86/msr-index: Cleanup bit defines (bsc#1111331).\n\n - x86/PCI: Fixup RTIT_BAR of Intel Denverton Trace Hub\n (bsc#1120318).\n\n - x86/speculation: Consolidate CPU whitelists\n (bsc#1111331).\n\n - x86/speculation/mds: Add basic bug infrastructure for\n MDS (bsc#1111331).\n\n - x86/speculation/mds: Add BUG_MSBDS_ONLY (bsc#1111331).\n\n - x86/speculation/mds: Add mds_clear_cpu_buffers()\n (bsc#1111331).\n\n - x86/speculation/mds: Add mds=full,nosmt cmdline option\n (bsc#1111331).\n\n - x86/speculation/mds: Add mitigation control for MDS\n (bsc#1111331).\n\n - x86/speculation/mds: Add mitigation mode VMWERV\n (bsc#1111331).\n\n - x86/speculation/mds: Add 'mitigations=' support for MDS\n (bsc#1111331).\n\n - x86/speculation/mds: Add SMT warning message\n (bsc#1111331).\n\n - x86/speculation/mds: Add sysfs reporting for MDS\n (bsc#1111331).\n\n - x86/speculation/mds: Clear CPU buffers on exit to user\n (bsc#1111331).\n\n - x86/speculation/mds: Conditionally clear CPU buffers on\n idle entry (bsc#1111331).\n\n - x86/speculation/mds: Print SMT vulnerable on MSBDS with\n mitigations off (bsc#1111331).\n\n - x86/speculation: Move arch_smt_update() call to after\n mitigation decisions (bsc#1111331).\n\n - x86/speculation: Prevent deadlock on ssb_state::lock\n (bsc#1114279).\n\n - x86/speculation: Simplify the CPU bug detection logic\n (bsc#1111331).\n\n - x86/speculation: Support 'mitigations=' cmdline option\n (bsc#1112178).\n\n - x86/tsc: Force inlining of cyc2ns bits (bsc#1052904).\n\n - xen-netback: do not populate the hash cache on XenBus\n disconnect (networking-stable-19_03_07).\n\n - xen-netback: fix occasional leak of grant ref mappings\n under memory pressure (networking-stable-19_03_07).\n\n - xen: Prevent buffer overflow in privcmd ioctl\n (bsc#1065600).\n\n - xfrm: do not call rcu_read_unlock when afinfo is NULL in\n xfrm_get_tos (git-fixes).\n\n - xfrm: Fix ESN sequence number handling for IPsec GSO\n packets (git-fixes).\n\n - xfrm: fix rcu_read_unlock usage in xfrm_local_error\n (git-fixes).\n\n - xfrm: Fix stack-out-of-bounds read on socket policy\n lookup (git-fixes).\n\n - xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM)\n (git-fixes).\n\n - xfrm: Return error on unknown encap_type in init_state\n (git-fixes).\n\n - xfs: add the ability to join a held buffer to a\n defer_ops (bsc#1133674).\n\n - xfs: allow xfs_lock_two_inodes to take different\n EXCL/SHARED modes (bsc#1132370, bsc#1132219).\n\n - xfs: call xfs_qm_dqattach before performing reflink\n operations (bsc#1132368, bsc#1132219).\n\n - xfs: cap the length of deduplication requests\n (bsc#1132373, bsc#1132219).\n\n - xfs: clean up xfs_reflink_remap_blocks call site\n (bsc#1132413, bsc#1132219).\n\n - xfs: detect and fix bad summary counts at mount\n (bsc#1114427).\n\n - xfs: fix data corruption w/ unaligned dedupe ranges\n (bsc#1132405, bsc#1132219).\n\n - xfs: fix data corruption w/ unaligned reflink ranges\n (bsc#1132407, bsc#1132219).\n\n - xfs: fix pagecache truncation prior to reflink\n (bsc#1132412, bsc#1132219).\n\n - xfs: fix reporting supported extra file attributes for\n statx() (bsc#1133529).\n\n - xfs: flush removing page cache in xfs_reflink_remap_prep\n (bsc#1132414, bsc#1132219).\n\n - xfs: hold xfs_buf locked between shortform->leaf\n conversion and the addition of an attribute\n (bsc#1133675).\n\n - xfs: kill meaningless variable 'zero' (bsc#1106011).\n\n - xfs: only grab shared inode locks for source file during\n reflink (bsc#1132372, bsc#1132219).\n\n - xfs: prepare xfs_break_layouts() for another layout type\n (bsc#1106011).\n\n - xfs: prepare xfs_break_layouts() to be called with\n XFS_MMAPLOCK_EXCL (bsc#1106011).\n\n - xfs: refactor clonerange preparation into a separate\n helper (bsc#1132402, bsc#1132219).\n\n - xfs: refactor xfs_trans_roll (bsc#1133667).\n\n - xfs: reflink find shared should take a transaction\n (bsc#1132226, bsc#1132219).\n\n - xfs: reflink should break pnfs leases before sharing\n blocks (bsc#1132369, bsc#1132219).\n\n - xfs: remove dest file's post-eof preallocations before\n reflinking (bsc#1132365, bsc#1132219).\n\n - xfs: remove the ip argument to xfs_defer_finish\n (bsc#1133672).\n\n - xfs: remove xfs_zero_range (bsc#1106011).\n\n - xfs: rename xfs_defer_join to xfs_defer_ijoin\n (bsc#1133668).\n\n - xfs: update ctime and remove suid before cloning files\n (bsc#1132404, bsc#1132219).\n\n - xfs: zero posteof blocks when cloning above eof\n (bsc#1132403, bsc#1132219).\n\n - xhci: Do not let USB3 ports stuck in polling state\n prevent suspend (bsc#1051510).\n\n - xhci: Fix port resume done detection for SS ports with\n LPM enabled (bsc#1051510).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052904\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1053043\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055117\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055121\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1063638\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1070872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1083647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1085535\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1085536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1088804\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1097583\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1097584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1097585\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1097586\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1097587\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1097588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103259\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106011\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1108193\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1108838\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1108937\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110946\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111331\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112128\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114638\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119680\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1122767\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1122776\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124839\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1126221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1126704\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1126740\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1127175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1127371\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1127372\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1127374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1128052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1128415\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1128544\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1128979\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129138\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129273\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129497\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129770\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1130195\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1130425\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1130527\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1130567\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1130579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1130972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131168\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131171\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131173\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131174\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131176\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131177\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131179\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131180\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131290\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131326\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131335\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131336\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131416\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131442\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131451\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131467\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131488\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131574\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131587\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131659\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131848\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131851\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131934\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131935\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132044\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132083\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132219\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132226\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132227\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132368\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132372\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132373\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132397\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132403\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132407\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132411\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132413\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132414\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132527\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132531\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132563\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132564\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132570\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132571\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132572\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132618\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132681\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132828\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132943\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133005\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133149\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133176\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133486\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133529\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133668\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133672\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133674\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133675\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133698\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133702\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133731\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133769\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133774\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133778\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133779\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133780\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133850\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133851\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133852\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134199\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134200\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134201\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134202\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134203\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134204\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134205\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134459\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134537\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134651\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134760\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134810\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134813\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134848\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135007\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135008\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/support/kb/doc/?id=7023736\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/16\");\n script_set_a