The remote host is missing an update for the 'linux-lts-trusty' package(s) announced via the USN-3207-2 advisory. It fixes vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS and provides corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
OpenVAS | Ubuntu: Security Advisory (USN-3206-1) | 22 Feb 201700:00 | – | openvas |
OpenVAS | Ubuntu: Security Advisory (USN-3207-1) | 22 Feb 201700:00 | – | openvas |
OpenVAS | Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2016-1089) | 23 Jan 202000:00 | – | openvas |
OpenVAS | CentOS Update for kernel CESA-2017:0293 centos6 | 23 Feb 201700:00 | – | openvas |
OpenVAS | Fedora Update for kernel FEDORA-2017-f519ebb3c4 | 2 Mar 201700:00 | – | openvas |
OpenVAS | CentOS Update for kernel CESA-2017:0386_01 centos7 | 7 Mar 201700:00 | – | openvas |
OpenVAS | RedHat Update for kernel RHSA-2017:0294-01 | 3 Mar 201700:00 | – | openvas |
OpenVAS | RedHat Update for kernel RHSA-2017:0293-01 | 3 Mar 201700:00 | – | openvas |
OpenVAS | Fedora Update for kernel FEDORA-2017-4b9f61c68d | 2 Mar 201700:00 | – | openvas |
OpenVAS | CentOS Update for kernel CESA-2017:0294 centos7 | 23 Feb 201700:00 | – | openvas |
Source | Link |
---|---|
ubuntu | www.ubuntu.com/security/notices/USN-3207-2 |
# SPDX-FileCopyrightText: 2017 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.843065");
script_cve_id("CVE-2016-7910", "CVE-2016-7911", "CVE-2017-6074");
script_tag(name:"creation_date", value:"2017-02-22 14:15:06 +0000 (Wed, 22 Feb 2017)");
script_version("2024-02-02T05:06:06+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:06 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"9.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-02-10 00:53:37 +0000 (Fri, 10 Feb 2023)");
script_name("Ubuntu: Security Advisory (USN-3207-2)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2017 Greenbone AG");
script_family("Ubuntu Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU12\.04\ LTS");
script_xref(name:"Advisory-ID", value:"USN-3207-2");
script_xref(name:"URL", value:"https://ubuntu.com/security/notices/USN-3207-2");
script_tag(name:"summary", value:"The remote host is missing an update for the 'linux-lts-trusty' package(s) announced via the USN-3207-2 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"USN-3207-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu
12.04 LTS.
It was discovered that a use-after-free vulnerability existed in the block
device layer of the Linux kernel. A local attacker could use this to cause
a denial of service (system crash) or possibly gain administrative
privileges. (CVE-2016-7910)
Dmitry Vyukov discovered a use-after-free vulnerability in the
sys_ioprio_get() function in the Linux kernel. A local attacker could use
this to cause a denial of service (system crash) or possibly gain
administrative privileges. (CVE-2016-7911)
Andrey Konovalov discovered a use-after-free vulnerability in the DCCP
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash) or possibly gain administrative
privileges. (CVE-2017-6074)");
script_tag(name:"affected", value:"'linux-lts-trusty' package(s) on Ubuntu 12.04.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "UBUNTU12.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"linux-image-3.13.0-110-generic", ver:"3.13.0-110.157~precise1", rls:"UBUNTU12.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"linux-image-3.13.0-110-generic-lpae", ver:"3.13.0-110.157~precise1", rls:"UBUNTU12.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"linux-image-generic-lpae-lts-trusty", ver:"3.13.0.110.101", rls:"UBUNTU12.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"linux-image-generic-lts-trusty", ver:"3.13.0.110.101", rls:"UBUNTU12.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo