ID OPENVAS:1361412562310843228 Type openvas Reporter Copyright (C) 2017 Greenbone Networks GmbH Modified 2019-03-13T00:00:00
Description
The remote host is missing an update for the
###############################################################################
# OpenVAS Vulnerability Test
#
# Ubuntu Update for linux USN-3344-1
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.843228");
script_version("$Revision: 14140 $");
script_tag(name:"last_modification", value:"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $");
script_tag(name:"creation_date", value:"2017-06-30 05:12:37 +0200 (Fri, 30 Jun 2017)");
script_cve_id("CVE-2017-1000363", "CVE-2017-7487", "CVE-2017-8890", "CVE-2017-9074",
"CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242");
script_tag(name:"cvss_base", value:"7.2");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_tag(name:"qod_type", value:"package");
script_name("Ubuntu Update for linux USN-3344-1");
script_tag(name:"summary", value:"The remote host is missing an update for the 'linux'
package(s) announced via the referenced advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"USN 3328-1 fixed a vulnerability in the
Linux kernel. However, that fix introduced regressions for some Java
applications. This update addresses the issue. We apologize for the
inconvenience. Roee Hay discovered that the parallel port printer driver in the
Linux kernel did not properly bounds check passed arguments. A local attacker
with write access to the kernel command line arguments could use this to execute
arbitrary code. (CVE-2017-1000363) A reference count bug was discovered in the
Linux kernel ipx protocol stack. A local attacker could exploit this flaw to
cause a denial of service or possibly other unspecified problems.
(CVE-2017-7487) It was discovered that a double-free vulnerability existed in
the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial
of service (system crash). (CVE-2017-8890) Andrey Konovalov discovered an IPv6
out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker
could cause a denial of service or potentially other unspecified problems.
(CVE-2017-9074) Andrey Konovalov discovered a flaw in the handling of
inheritance in the Linux kernel's IPv6 stack. A local user could exploit this
issue to cause a denial of service or possibly other unspecified problems.
(CVE-2017-9075) It was discovered that dccp v6 in the Linux kernel mishandled
inheritance. A local attacker could exploit this issue to cause a denial of
service or potentially other unspecified problems. (CVE-2017-9076) It was
discovered that the transmission control protocol (tcp) v6 in the Linux kernel
mishandled inheritance. A local attacker could exploit this issue to cause a
denial of service or potentially other unspecified problems. (CVE-2017-9077) It
was discovered that the IPv6 stack in the Linux kernel was performing its over
write consistency check after the data was actually overwritten. A local
attacker could exploit this flaw to cause a denial of service (system crash).
(CVE-2017-9242)");
script_tag(name:"affected", value:"linux on Ubuntu 16.04 LTS");
script_tag(name:"solution", value:"Please Install the Updated Packages.");
script_xref(name:"USN", value:"3344-1");
script_xref(name:"URL", value:"http://www.ubuntu.com/usn/usn-3344-1/");
script_tag(name:"solution_type", value:"VendorFix");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2017 Greenbone Networks GmbH");
script_family("Ubuntu Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU16\.04 LTS");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
if(release == "UBUNTU16.04 LTS")
{
if ((res = isdpkgvuln(pkg:"linux-image-4.4.0-1018-gke", ver:"4.4.0-1018.18", rls:"UBUNTU16.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"linux-image-4.4.0-1022-aws", ver:"4.4.0-1022.31", rls:"UBUNTU16.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"linux-image-4.4.0-1061-raspi2", ver:"4.4.0-1061.69", rls:"UBUNTU16.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"linux-image-4.4.0-1063-snapdragon", ver:"4.4.0-1063.68", rls:"UBUNTU16.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"linux-image-4.4.0-83-generic", ver:"4.4.0-83.106", rls:"UBUNTU16.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"linux-image-4.4.0-83-generic-lpae", ver:"4.4.0-83.106", rls:"UBUNTU16.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"linux-image-4.4.0-83-lowlatency", ver:"4.4.0-83.106", rls:"UBUNTU16.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"linux-image-4.4.0-83-powerpc-e500mc", ver:"4.4.0-83.106", rls:"UBUNTU16.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"linux-image-4.4.0-83-powerpc-smp", ver:"4.4.0-83.106", rls:"UBUNTU16.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"linux-image-4.4.0-83-powerpc64-emb", ver:"4.4.0-83.106", rls:"UBUNTU16.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"linux-image-4.4.0-83-powerpc64-smp", ver:"4.4.0-83.106", rls:"UBUNTU16.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"linux-image-aws", ver:"4.4.0.1022.25", rls:"UBUNTU16.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"linux-image-generic", ver:"4.4.0.83.89", rls:"UBUNTU16.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"linux-image-generic-lpae", ver:"4.4.0.83.89", rls:"UBUNTU16.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"linux-image-gke", ver:"4.4.0.1018.20", rls:"UBUNTU16.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"linux-image-lowlatency", ver:"4.4.0.83.89", rls:"UBUNTU16.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"linux-image-powerpc-e500mc", ver:"4.4.0.83.89", rls:"UBUNTU16.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"linux-image-powerpc-smp", ver:"4.4.0.83.89", rls:"UBUNTU16.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"linux-image-powerpc64-emb", ver:"4.4.0.83.89", rls:"UBUNTU16.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"linux-image-powerpc64-smp", ver:"4.4.0.83.89", rls:"UBUNTU16.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"linux-image-raspi2", ver:"4.4.0.1061.62", rls:"UBUNTU16.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"linux-image-snapdragon", ver:"4.4.0.1063.56", rls:"UBUNTU16.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
{"id": "OPENVAS:1361412562310843228", "type": "openvas", "bulletinFamily": "scanner", "title": "Ubuntu Update for linux USN-3344-1", "description": "The remote host is missing an update for the ", "published": "2017-06-30T00:00:00", "modified": "2019-03-13T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843228", "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "references": ["http://www.ubuntu.com/usn/usn-3344-1/", "3344-1"], "cvelist": ["CVE-2017-9074", "CVE-2017-9242", "CVE-2017-9075", "CVE-2017-7487", "CVE-2017-9076", "CVE-2017-1000363", "CVE-2017-9077", "CVE-2017-8890"], "lastseen": "2019-05-29T18:34:22", "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "virtuozzo", "idList": ["VZA-2017-043", "VZA-2017-045", "VZA-2017-046", "VZA-2017-047", "VZA-2017-044", "VZA-2017-042"]}, {"type": "nessus", "idList": ["UBUNTU_USN-3344-1.NASL", "UBUNTU_USN-3334-1.NASL", "UBUNTU_USN-3330-1.NASL", "PHOTONOS_PHSA-2017-0019.NASL", "UBUNTU_USN-3328-1.NASL", "UBUNTU_USN-3331-1.NASL", "UBUNTU_USN-3345-1.NASL", "UBUNTU_USN-3329-1.NASL", "UBUNTU_USN-3344-2.NASL", "UBUNTU_USN-3332-1.NASL"]}, {"type": "ubuntu", "idList": ["USN-3344-1", "USN-3344-2", "USN-3342-2", "USN-3345-1", "USN-3343-1", "USN-3343-2", "USN-3342-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310843215", "OPENVAS:1361412562310843209", "OPENVAS:1361412562310843216", "OPENVAS:1361412562310843231", "OPENVAS:1361412562310843222", "OPENVAS:1361412562310843213", "OPENVAS:1361412562310872761", "OPENVAS:1361412562310843234", "OPENVAS:1361412562310843217", "OPENVAS:1361412562310872729"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:CAC337307F043175ACEEE3B0FD0416FF", "CFOUNDRY:5EEA2226D4FCA4D50B918305E55569E8"]}, {"type": "f5", "idList": ["F5:K61223103", "F5:K02236463", "F5:K02613439", "F5:K61429540", "F5:K54170502"]}, {"type": "cve", "idList": ["CVE-2017-1000363", "CVE-2017-7487", "CVE-2017-9077", "CVE-2017-9076", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-8890", "CVE-2017-9242"]}, {"type": "fedora", "idList": ["FEDORA:B704D609623F", "FEDORA:464D56087B08", "FEDORA:F02346079D15", "FEDORA:8C2C4605E539"]}, {"type": "amazon", "idList": ["ALAS-2017-846"]}, {"type": "android", "idList": ["ANDROID:CVE-2017-8890"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:1513-1"]}, {"type": "myhack58", "idList": ["MYHACK58:62201787113", "MYHACK58:62201787108"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20170802-01-LINUX"]}, {"type": "seebug", "idList": ["SSV:93207"]}, {"type": "debian", "idList": ["DEBIAN:DLA-993-1:71AF5"]}], "modified": "2019-05-29T18:34:22", "rev": 2}, "score": {"value": 7.5, "vector": "NONE", "modified": "2019-05-29T18:34:22", "rev": 2}, "vulnersScore": 7.5}, "pluginID": "1361412562310843228", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-3344-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843228\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-30 05:12:37 +0200 (Fri, 30 Jun 2017)\");\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\",\n \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3344-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN 3328-1 fixed a vulnerability in the\n Linux kernel. However, that fix introduced regressions for some Java\n applications. This update addresses the issue. We apologize for the\n inconvenience. Roee Hay discovered that the parallel port printer driver in the\n Linux kernel did not properly bounds check passed arguments. A local attacker\n with write access to the kernel command line arguments could use this to execute\n arbitrary code. (CVE-2017-1000363) A reference count bug was discovered in the\n Linux kernel ipx protocol stack. A local attacker could exploit this flaw to\n cause a denial of service or possibly other unspecified problems.\n (CVE-2017-7487) It was discovered that a double-free vulnerability existed in\n the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial\n of service (system crash). (CVE-2017-8890) Andrey Konovalov discovered an IPv6\n out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker\n could cause a denial of service or potentially other unspecified problems.\n (CVE-2017-9074) Andrey Konovalov discovered a flaw in the handling of\n inheritance in the Linux kernel's IPv6 stack. A local user could exploit this\n issue to cause a denial of service or possibly other unspecified problems.\n (CVE-2017-9075) It was discovered that dccp v6 in the Linux kernel mishandled\n inheritance. A local attacker could exploit this issue to cause a denial of\n service or potentially other unspecified problems. (CVE-2017-9076) It was\n discovered that the transmission control protocol (tcp) v6 in the Linux kernel\n mishandled inheritance. A local attacker could exploit this issue to cause a\n denial of service or potentially other unspecified problems. (CVE-2017-9077) It\n was discovered that the IPv6 stack in the Linux kernel was performing its over\n write consistency check after the data was actually overwritten. A local\n attacker could exploit this flaw to cause a denial of service (system crash).\n (CVE-2017-9242)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3344-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3344-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1018-gke\", ver:\"4.4.0-1018.18\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1022-aws\", ver:\"4.4.0-1022.31\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1061-raspi2\", ver:\"4.4.0-1061.69\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1063-snapdragon\", ver:\"4.4.0-1063.68\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-83-generic\", ver:\"4.4.0-83.106\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-83-generic-lpae\", ver:\"4.4.0-83.106\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-83-lowlatency\", ver:\"4.4.0-83.106\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-83-powerpc-e500mc\", ver:\"4.4.0-83.106\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-83-powerpc-smp\", ver:\"4.4.0-83.106\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-83-powerpc64-emb\", ver:\"4.4.0-83.106\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-83-powerpc64-smp\", ver:\"4.4.0-83.106\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"4.4.0.1022.25\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.4.0.83.89\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.4.0.83.89\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-gke\", ver:\"4.4.0.1018.20\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.4.0.83.89\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"4.4.0.83.89\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"4.4.0.83.89\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"4.4.0.83.89\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"4.4.0.83.89\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.4.0.1061.62\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-snapdragon\", ver:\"4.4.0.1063.56\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "Ubuntu Local Security Checks"}
{"virtuozzo": [{"lastseen": "2019-11-05T11:27:55", "bulletinFamily": "unix", "cvelist": ["CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-8890"], "description": "The cumulative Virtuozzo ReadyKernel patch updated with security fixes and a bug fix. The patch applies to Virtuozzo kernel 3.10.0-514.16.1.vz7.30.10 (Virtuozzo 7.0.4).\n**Vulnerability id:** CVE-2017-9077\nThe tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n**Vulnerability id:** CVE-2017-9076\nThe IPv6 DCCP implementation in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n**Vulnerability id:** CVE-2017-9075\nThe sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n**Vulnerability id:** CVE-2017-9074\nThe IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls.\n\n**Vulnerability id:** CVE-2017-8890\nThe inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n", "edition": 1, "modified": "2017-06-02T00:00:00", "published": "2017-06-02T00:00:00", "id": "VZA-2017-045", "href": "https://help.virtuozzo.com/customer/portal/articles/2816867", "title": "Kernel security update: CVE-2017-9077 and other; Virtuozzo ReadyKernel patch 22.0 for Virtuozzo 7.0.4", "type": "virtuozzo", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-05T11:27:46", "bulletinFamily": "unix", "cvelist": ["CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-8890"], "description": "The cumulative Virtuozzo ReadyKernel patch updated with security fixes. The patch applies to Virtuozzo kernel 3.10.0-327.36.1.vz7.20.18 (Virtuozzo 7.0.3).\n**Vulnerability id:** CVE-2017-9077\nThe tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n**Vulnerability id:** CVE-2017-9076\nThe IPv6 DCCP implementation in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n**Vulnerability id:** CVE-2017-9075\nThe sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n**Vulnerability id:** CVE-2017-9074\nThe IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls.\n\n**Vulnerability id:** CVE-2017-8890\nThe inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n", "edition": 1, "modified": "2017-06-02T00:00:00", "published": "2017-06-02T00:00:00", "id": "VZA-2017-044", "href": "https://help.virtuozzo.com/customer/portal/articles/2816866", "title": "Kernel security update: CVE-2017-9077 and other; Virtuozzo ReadyKernel patch 22.0 for Virtuozzo 7.0.3", "type": "virtuozzo", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-05T11:27:52", "bulletinFamily": "unix", "cvelist": ["CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-8890"], "description": "This update provides a new kernel 2.6.32-042stab123.4 for Virtuozzo 6.0. The new kernel is based on the Red Hat Enterprise Linux 6.9 kernel 2.6.32-696.el6 and provides security fixes as well as stability bug fixes.\n**Vulnerability id:** CVE-2017-9077\nThe tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n**Vulnerability id:** CVE-2017-9076\nThe IPv6 DCCP implementation in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n**Vulnerability id:** CVE-2017-9075\nThe sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n**Vulnerability id:** CVE-2017-9074\nThe IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls.\n\n**Vulnerability id:** CVE-2017-8890\nThe inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n**Vulnerability id:** PSBM-59962\nImproved isolation for neighbor table settings. (The fix added to the 042stab120.19 kernel was incomplete.)\n\n", "edition": 1, "modified": "2017-06-13T00:00:00", "published": "2017-06-13T00:00:00", "id": "VZA-2017-047", "href": "https://help.virtuozzo.com/customer/portal/articles/2822597", "title": "Kernel security update: CVE-2017-9077 and other; new kernel 2.6.32-042stab123.4, Virtuozzo 6.0 Update 12 Hotfix 10 (6.0.12-3677)", "type": "virtuozzo", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-05T11:27:46", "bulletinFamily": "unix", "cvelist": ["CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-8890"], "description": "This update provides a new kernel 2.6.32-042stab123.4 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0. The new kernel is based on the Red Hat Enterprise Linux 6.9 kernel 2.6.32-696.el6 and provides security fixes as well as stability bug fixes.\n**Vulnerability id:** CVE-2017-9077\nThe tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n**Vulnerability id:** CVE-2017-9076\nThe IPv6 DCCP implementation in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n**Vulnerability id:** CVE-2017-9075\nThe sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n**Vulnerability id:** CVE-2017-9074\nThe IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls.\n\n**Vulnerability id:** CVE-2017-8890\nThe inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n**Vulnerability id:** PSBM-59962\nImproved isolation for neighbor table settings. (The fix added to the 042stab120.19 kernel was incomplete.)\n\n", "edition": 1, "modified": "2017-06-13T00:00:00", "published": "2017-06-13T00:00:00", "id": "VZA-2017-046", "href": "https://help.virtuozzo.com/customer/portal/articles/2822595", "title": "Kernel security update: CVE-2017-9077 and other; new kernel 2.6.32-042stab123.4 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0", "type": "virtuozzo", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-05T11:27:53", "bulletinFamily": "unix", "cvelist": ["CVE-2017-9074", "CVE-2017-9075", "CVE-2016-8646", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-8890"], "description": "The cumulative Virtuozzo ReadyKernel patch updated with security fixes. The patch applies to Virtuozzo kernel 3.10.0-327.36.1.vz7.18.7 (Virtuozzo 7.0.1).\n**Vulnerability id:** CVE-2017-9077\nThe tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n**Vulnerability id:** CVE-2017-9076\nThe IPv6 DCCP implementation in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n**Vulnerability id:** CVE-2017-9075\nThe sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n**Vulnerability id:** CVE-2017-9074\nThe IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls.\n\n**Vulnerability id:** CVE-2017-8890\nThe inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n**Vulnerability id:** CVE-2016-8646\nA vulnerability was found in the Linux kernel. An unprivileged local user could trigger oops in shash_async_export() by attempting to force the in-kernel hashing algorithms into decrypting an empty data set.\n\n", "edition": 1, "modified": "2017-06-02T00:00:00", "published": "2017-06-02T00:00:00", "id": "VZA-2017-043", "href": "https://help.virtuozzo.com/customer/portal/articles/2816865", "title": "Kernel security update: CVE-2017-9077 and other; Virtuozzo ReadyKernel patch 22.0 for Virtuozzo 7.0.1", "type": "virtuozzo", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-05T11:28:15", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7895", "CVE-2017-9074", "CVE-2017-7645", "CVE-2017-9075", "CVE-2016-8646", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-8890"], "description": "The cumulative Virtuozzo ReadyKernel patch updated with security fixes. The patch applies to Virtuozzo kernel 3.10.0-327.18.2.vz7.15.2 (Virtuozzo 7.0.0).\n**Vulnerability id:** CVE-2017-7645\nThe NFS2/3 RPC client could send long arguments to nfsd server. These encoded arguments are stored in an array of memory pages, and accessed via various pointer variables. Arbitrarily long arguments could make these pointers point outside the array, thus causing out-of-bounds memory access. A remote user/program could use this flaw to crash the kernel resulting in DoS.\n\n**Vulnerability id:** CVE-2017-7895\nThe NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly have unspecified other impact via crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.\n\n**Vulnerability id:** CVE-2017-9077\nThe tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n**Vulnerability id:** CVE-2017-9076\nThe IPv6 DCCP implementation in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n**Vulnerability id:** CVE-2017-9075\nThe sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n**Vulnerability id:** CVE-2017-9074\nThe IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls.\n\n**Vulnerability id:** CVE-2017-8890\nThe inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n**Vulnerability id:** CVE-2016-8646\nA vulnerability was found in the Linux kernel. An unprivileged local user could trigger oops in shash_async_export() by attempting to force the in-kernel hashing algorithms into decrypting an empty data set.\n\n**Vulnerability id:** PSBM-65826\nIf the sctp module was loaded on the host, a privileged user inside a container could cause a kernel crash by triggering a NULL pointer dererefence in the sctp_endpoint_destroy() function with a specially crafted sequence of system calls.\n\n**Vulnerability id:** PSBM-65345\nA privileged user inside a container could cause a kernel crash by triggering a BUG_ON in the unregister_netdevice_many() function with a specially crafted sequence of system calls.\n\n", "edition": 1, "modified": "2017-06-02T00:00:00", "published": "2017-06-02T00:00:00", "id": "VZA-2017-042", "href": "https://help.virtuozzo.com/customer/portal/articles/2816864", "title": "Important kernel security update: CVE-2017-7645 and other; Virtuozzo ReadyKernel patch 22.0 for Virtuozzo 7.0.0", "type": "virtuozzo", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:33:02", "bulletinFamily": "software", "cvelist": ["CVE-2017-9074", "CVE-2017-9242", "CVE-2017-9075", "CVE-2017-7487", "CVE-2017-9076", "CVE-2017-1000363", "CVE-2017-9077", "CVE-2017-8890"], "description": "# \n\n# Severity\n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n\n# Description\n\nUSN-3344-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS.\n\nUSN 3334-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. We apologize for the inconvenience.\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. ([CVE-2017-1000363](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-1000363>))\n\nA reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems. ([CVE-2017-7487](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7487>))\n\nIt was discovered that a double-free vulnerability existed in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). ([CVE-2017-8890](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-8890>))\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel\u2019s IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. ([CVE-2017-9074](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9074>))\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel\u2019s IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems. ([CVE-2017-9075](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9075>))\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. ([CVE-2017-9076](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9076>))\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. ([CVE-2017-9077](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9077>))\n\nIt was discovered that the IPv6 stack in the Linux kernel was performing its over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash). ([CVE-2017-9242](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9242>))\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Cloud Foundry BOSH stemcells are vulnerable, including: \n * 3312.x versions prior to 3312.3\n * 3363.x versions prior to 3363.27\n * 3421.x versions prior to 3421.11\n * All other stemcells not listed.\n\n# Mitigation\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH stemcells: \n * Upgrade 3312.x versions prior to 3312.3\n * Upgrade 3363.x versions prior to 3363.27\n * Upgrade 3421.x versions prior to 3421.11\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io>).\n\n# References\n\n * [USN-3344-2](<http://www.ubuntu.com/usn/usn-3344-2/>)\n * [CVE-2017-1000363](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-1000363>)\n * [CVE-2017-7487](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7487>)\n * [CVE-2017-8890](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-8890>)\n * [CVE-2017-9074](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9074>)\n * [CVE-2017-9075](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9075>)\n * [CVE-2017-9076](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9076>)\n * [CVE-2017-9077](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9077>)\n * [CVE-2017-9242](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9242>)\n", "edition": 6, "modified": "2017-07-05T00:00:00", "published": "2017-07-05T00:00:00", "id": "CFOUNDRY:5EEA2226D4FCA4D50B918305E55569E8", "href": "https://www.cloudfoundry.org/blog/usn-3344-2/", "title": "USN-3344-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:43", "bulletinFamily": "software", "cvelist": ["CVE-2017-9074", "CVE-2017-9242", "CVE-2017-9075", "CVE-2017-1000364", "CVE-2017-7487", "CVE-2017-9076", "CVE-2017-1000363", "CVE-2017-9077", "CVE-2017-8890"], "description": "# \n\n# Severity\n\nHigh\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n\n# Description\n\nIt was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges ([CVE-2017-1000364](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-1000364>))\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. ([CVE-2017-1000363](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-1000363>))\n\nA reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems. ([CVE-2017-7487](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7487>))\n\nA double free bug was discovered in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). ([CVE-2017-8890](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-8890>))\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel\u2019s IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. ([CVE-2017-9074](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9074>))\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel\u2019s IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems. ([CVE-2017-9075](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9075>))\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. ([CVE-2017-9076](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9076>))\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. ([CVE-2017-9077](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9077>))\n\nIt was discovered that the IPv6 stack was doing over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash). ([CVE-2017-9242](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9242>))\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is high unless otherwise noted._\n\n * Cloud Foundry BOSH stemcells are vulnerable, including: \n * 3263.x versions prior to 3263.28\n * 3312.x versions prior to 3312.29\n * 3363.x versions prior to 3363.26\n * 3421.x versions prior to 3421.9\n * All other stemcells not listed.\n\n# Mitigation\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH stemcells: \n * Upgrade 3263.x versions prior to 3263.28\n * Upgrade 3312.x versions prior to 3312.29\n * Upgrade 3363.x versions prior to 3363.26\n * Upgrade 3421.x versions prior to 3421.9\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io>).\n\n# References\n\n * [USN-3334-1](<http://www.ubuntu.com/usn/usn-3334-1/>)\n * [CVE-2017-1000364](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-1000364>)\n * [CVE-2017-1000363](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-1000363>)\n * [CVE-2017-7487](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7487>)\n * [CVE-2017-8890](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-8890>)\n * [CVE-2017-9074](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9074>)\n * [CVE-2017-9075](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9075>)\n * [CVE-2017-9076](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9076>)\n * [CVE-2017-9077](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9077>)\n * [CVE-2017-9242](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9242>)\n", "edition": 6, "modified": "2017-06-21T00:00:00", "published": "2017-06-21T00:00:00", "id": "CFOUNDRY:CAC337307F043175ACEEE3B0FD0416FF", "href": "https://www.cloudfoundry.org/blog/usn-3334-1/", "title": "USN-3334-1: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:36:34", "bulletinFamily": "unix", "cvelist": ["CVE-2017-9074", "CVE-2017-9242", "CVE-2017-9075", "CVE-2017-7487", "CVE-2017-9076", "CVE-2017-1000363", "CVE-2017-9077", "CVE-2017-8890"], "description": "USN 3328-1 fixed a vulnerability in the Linux kernel. However, that \nfix introduced regressions for some Java applications. This update \naddresses the issue. We apologize for the inconvenience.\n\nRoee Hay discovered that the parallel port printer driver in the Linux \nkernel did not properly bounds check passed arguments. A local attacker \nwith write access to the kernel command line arguments could use this to \nexecute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol \nstack. A local attacker could exploit this flaw to cause a denial of \nservice or possibly other unspecified problems. (CVE-2017-7487)\n\nIt was discovered that a double-free vulnerability existed in the IPv4 \nstack of the Linux kernel. An attacker could use this to cause a denial of \nservice (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux \nkernel's IPv6 stack. A local attacker could cause a denial of service or \npotentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the \nLinux kernel's IPv6 stack. A local user could exploit this issue to cause a \ndenial of service or possibly other unspecified problems. (CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. \nA local attacker could exploit this issue to cause a denial of service or \npotentially other unspecified problems. (CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the \nLinux kernel mishandled inheritance. A local attacker could exploit this \nissue to cause a denial of service or potentially other unspecified \nproblems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack in the Linux kernel was performing \nits over write consistency check after the data was actually overwritten. A \nlocal attacker could exploit this flaw to cause a denial of service (system \ncrash). (CVE-2017-9242)", "edition": 7, "modified": "2017-06-29T00:00:00", "published": "2017-06-29T00:00:00", "id": "USN-3344-1", "href": "https://ubuntu.com/security/notices/USN-3344-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:34:28", "bulletinFamily": "unix", "cvelist": ["CVE-2017-9074", "CVE-2017-9242", "CVE-2017-9075", "CVE-2017-7487", "CVE-2017-9076", "CVE-2017-1000363", "CVE-2017-9077", "CVE-2017-8890"], "description": "USN-3344-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu \n14.04 LTS.\n\nUSN 3334-1 fixed a vulnerability in the Linux kernel. However, that \nfix introduced regressions for some Java applications. This update \naddresses the issue. We apologize for the inconvenience.\n\nRoee Hay discovered that the parallel port printer driver in the Linux \nkernel did not properly bounds check passed arguments. A local attacker \nwith write access to the kernel command line arguments could use this to \nexecute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol \nstack. A local attacker could exploit this flaw to cause a denial of \nservice or possibly other unspecified problems. (CVE-2017-7487)\n\nIt was discovered that a double-free vulnerability existed in the IPv4 \nstack of the Linux kernel. An attacker could use this to cause a denial of \nservice (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux \nkernel's IPv6 stack. A local attacker could cause a denial of service or \npotentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the \nLinux kernel's IPv6 stack. A local user could exploit this issue to cause a \ndenial of service or possibly other unspecified problems. (CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. \nA local attacker could exploit this issue to cause a denial of service or \npotentially other unspecified problems. (CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the \nLinux kernel mishandled inheritance. A local attacker could exploit this \nissue to cause a denial of service or potentially other unspecified \nproblems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack in the Linux kernel was performing \nits over write consistency check after the data was actually overwritten. A \nlocal attacker could exploit this flaw to cause a denial of service (system \ncrash). (CVE-2017-9242)", "edition": 6, "modified": "2017-06-29T00:00:00", "published": "2017-06-29T00:00:00", "id": "USN-3344-2", "href": "https://ubuntu.com/security/notices/USN-3344-2", "title": "Linux kernel (Xenial HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:23:01", "bulletinFamily": "unix", "cvelist": ["CVE-2017-9074", "CVE-2017-9242", "CVE-2017-9075", "CVE-2017-9150", "CVE-2017-9076", "CVE-2017-1000363", "CVE-2017-9077", "CVE-2017-8890"], "description": "USN 3324-1 fixed a vulnerability in the Linux kernel. However, that \nfix introduced regressions for some Java applications. This update \naddresses the issue. We apologize for the inconvenience.\n\nRoee Hay discovered that the parallel port printer driver in the Linux \nkernel did not properly bounds check passed arguments. A local attacker \nwith write access to the kernel command line arguments could use this to \nexecute arbitrary code. (CVE-2017-1000363)\n\nIt was discovered that a double-free vulnerability existed in the IPv4 \nstack of the Linux kernel. An attacker could use this to cause a denial of \nservice (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux \nkernel's IPv6 stack. A local attacker could cause a denial of service or \npotentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the \nLinux kernel's IPv6 stack. A local user could exploit this issue to cause a \ndenial of service or possibly other unspecified problems. (CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. \nA local attacker could exploit this issue to cause a denial of service or \npotentially other unspecified problems. (CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the \nLinux kernel mishandled inheritance. A local attacker could exploit this \nissue to cause a denial of service or potentially other unspecified \nproblems. (CVE-2017-9077)\n\nJann Horn discovered that bpf in Linux kernel does not restrict the output \nof the print_bpf_insn function. A local attacker could use this to obtain \nsensitive address information. (CVE-2017-9150)\n\nIt was discovered that the IPv6 stack in the Linux kernel was performing \nits over write consistency check after the data was actually overwritten. A \nlocal attacker could exploit this flaw to cause a denial of service (system \ncrash). (CVE-2017-9242)", "edition": 7, "modified": "2017-06-29T00:00:00", "published": "2017-06-29T00:00:00", "id": "USN-3345-1", "href": "https://ubuntu.com/security/notices/USN-3345-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:36:10", "bulletinFamily": "unix", "cvelist": ["CVE-2017-9074", "CVE-2017-9242", "CVE-2014-9940", "CVE-2017-0605", "CVE-2017-9075", "CVE-2017-7294", "CVE-2017-9076", "CVE-2017-1000363", "CVE-2017-9077", "CVE-2017-8890"], "description": "USN 3335-1 fixed a vulnerability in the Linux kernel. However, that \nfix introduced regressions for some Java applications. This update \naddresses the issue. We apologize for the inconvenience.\n\nIt was discovered that a use-after-free vulnerability in the core voltage \nregulator driver of the Linux kernel. A local attacker could use this to \ncause a denial of service or possibly execute arbitrary code. \n(CVE-2014-9940)\n\nIt was discovered that a buffer overflow existed in the trace subsystem in \nthe Linux kernel. A privileged local attacker could use this to execute \narbitrary code. (CVE-2017-0605)\n\nRoee Hay discovered that the parallel port printer driver in the Linux \nkernel did not properly bounds check passed arguments. A local attacker \nwith write access to the kernel command line arguments could use this to \nexecute arbitrary code. (CVE-2017-1000363)\n\nLi Qiang discovered that an integer overflow vulnerability existed in the \nDirect Rendering Manager (DRM) driver for VMWare devices in the Linux \nkernel. A local attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2017-7294)\n\nIt was discovered that a double-free vulnerability existed in the IPv4 \nstack of the Linux kernel. An attacker could use this to cause a denial of \nservice (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux \nkernel's IPv6 stack. A local attacker could cause a denial of service or \npotentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the \nLinux kernel's IPv6 stack. A local user could exploit this issue to cause a \ndenial of service or possibly other unspecified problems. (CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. \nA local attacker could exploit this issue to cause a denial of service or \npotentially other unspecified problems. (CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the \nLinux kernel mishandled inheritance. A local attacker could exploit this \nissue to cause a denial of service or potentially other unspecified \nproblems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack in the Linux kernel was performing \nits over write consistency check after the data was actually overwritten. A \nlocal attacker could exploit this flaw to cause a denial of service (system \ncrash). (CVE-2017-9242)", "edition": 6, "modified": "2017-06-29T00:00:00", "published": "2017-06-29T00:00:00", "id": "USN-3343-1", "href": "https://ubuntu.com/security/notices/USN-3343-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-08T23:34:02", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5577", "CVE-2017-9074", "CVE-2017-9242", "CVE-2017-9075", "CVE-2017-7294", "CVE-2017-7374", "CVE-2017-9076", "CVE-2017-1000363", "CVE-2017-9077", "CVE-2017-8890"], "description": "USN 3326-1 fixed a vulnerability in the Linux kernel. However, that \nfix introduced regressions for some Java applications. This update \naddresses the issue. We apologize for the inconvenience.\n\nIt was discovered that a use-after-free flaw existed in the filesystem \nencryption subsystem in the Linux kernel. A local attacker could use this \nto cause a denial of service (system crash). (CVE-2017-7374)\n\nRoee Hay discovered that the parallel port printer driver in the Linux \nkernel did not properly bounds check passed arguments. A local attacker \nwith write access to the kernel command line arguments could use this to \nexecute arbitrary code. (CVE-2017-1000363)\n\nIngo Molnar discovered that the VideoCore DRM driver in the Linux kernel \ndid not return an error after detecting certain overflows. A local attacker \ncould exploit this issue to cause a denial of service (OOPS). \n(CVE-2017-5577)\n\nLi Qiang discovered that an integer overflow vulnerability existed in the \nDirect Rendering Manager (DRM) driver for VMWare devices in the Linux \nkernel. A local attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2017-7294)\n\nIt was discovered that a double-free vulnerability existed in the IPv4 \nstack of the Linux kernel. An attacker could use this to cause a denial of \nservice (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux \nkernel's IPv6 stack. A local attacker could cause a denial of service or \npotentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the \nLinux kernel's IPv6 stack. A local user could exploit this issue to cause a \ndenial of service or possibly other unspecified problems. (CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. \nA local attacker could exploit this issue to cause a denial of service or \npotentially other unspecified problems. (CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the \nLinux kernel mishandled inheritance. A local attacker could exploit this \nissue to cause a denial of service or potentially other unspecified \nproblems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack in the Linux kernel was performing \nits over write consistency check after the data was actually overwritten. A \nlocal attacker could exploit this flaw to cause a denial of service (system \ncrash). (CVE-2017-9242)", "edition": 7, "modified": "2017-06-29T00:00:00", "published": "2017-06-29T00:00:00", "id": "USN-3342-1", "href": "https://ubuntu.com/security/notices/USN-3342-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:35:17", "bulletinFamily": "unix", "cvelist": ["CVE-2017-9074", "CVE-2017-9242", "CVE-2014-9940", "CVE-2017-0605", "CVE-2017-9075", "CVE-2017-7294", "CVE-2017-9076", "CVE-2017-1000363", "CVE-2017-9077", "CVE-2017-8890"], "description": "USN 3343-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu \n12.04 ESM.\n\nUSN 3335-2 fixed a vulnerability in the Linux kernel. However, that \nfix introduced regressions for some Java applications. This update \naddresses the issue. We apologize for the inconvenience.\n\nIt was discovered that a use-after-free vulnerability in the core voltage \nregulator driver of the Linux kernel. A local attacker could use this to \ncause a denial of service or possibly execute arbitrary code. \n(CVE-2014-9940)\n\nIt was discovered that a buffer overflow existed in the trace subsystem in \nthe Linux kernel. A privileged local attacker could use this to execute \narbitrary code. (CVE-2017-0605)\n\nRoee Hay discovered that the parallel port printer driver in the Linux \nkernel did not properly bounds check passed arguments. A local attacker \nwith write access to the kernel command line arguments could use this to \nexecute arbitrary code. (CVE-2017-1000363)\n\nLi Qiang discovered that an integer overflow vulnerability existed in the \nDirect Rendering Manager (DRM) driver for VMWare devices in the Linux \nkernel. A local attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2017-7294)\n\nIt was discovered that a double-free vulnerability existed in the IPv4 \nstack of the Linux kernel. An attacker could use this to cause a denial of \nservice (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux \nkernel's IPv6 stack. A local attacker could cause a denial of service or \npotentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the \nLinux kernel's IPv6 stack. A local user could exploit this issue to cause a \ndenial of service or possibly other unspecified problems. (CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. \nA local attacker could exploit this issue to cause a denial of service or \npotentially other unspecified problems. (CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the \nLinux kernel mishandled inheritance. A local attacker could exploit this \nissue to cause a denial of service or potentially other unspecified \nproblems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack in the Linux kernel was performing \nits over write consistency check after the data was actually overwritten. A \nlocal attacker could exploit this flaw to cause a denial of service (system \ncrash). (CVE-2017-9242)", "edition": 7, "modified": "2017-06-29T00:00:00", "published": "2017-06-29T00:00:00", "id": "USN-3343-2", "href": "https://ubuntu.com/security/notices/USN-3343-2", "title": "Linux kernel (Trusty HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:43:43", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5577", "CVE-2017-9074", "CVE-2017-9242", "CVE-2017-9075", "CVE-2017-7294", "CVE-2017-7374", "CVE-2017-9076", "CVE-2017-1000363", "CVE-2017-9077", "CVE-2017-8890"], "description": "USN-3342-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10. \nThis update provides the corresponding updates for the Linux Hardware \nEnablement (HWE) kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS.\n\nUSN-3333-1 fixed a vulnerability in the Linux kernel. However, that \nfix introduced regressions for some Java applications. This update \naddresses the issue. We apologize for the inconvenience.\n\nIt was discovered that a use-after-free flaw existed in the filesystem \nencryption subsystem in the Linux kernel. A local attacker could use this \nto cause a denial of service (system crash). (CVE-2017-7374)\n\nRoee Hay discovered that the parallel port printer driver in the Linux \nkernel did not properly bounds check passed arguments. A local attacker \nwith write access to the kernel command line arguments could use this to \nexecute arbitrary code. (CVE-2017-1000363)\n\nIngo Molnar discovered that the VideoCore DRM driver in the Linux kernel \ndid not return an error after detecting certain overflows. A local attacker \ncould exploit this issue to cause a denial of service (OOPS). \n(CVE-2017-5577)\n\nLi Qiang discovered that an integer overflow vulnerability existed in the \nDirect Rendering Manager (DRM) driver for VMWare devices in the Linux \nkernel. A local attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2017-7294)\n\nIt was discovered that a double-free vulnerability existed in the IPv4 \nstack of the Linux kernel. An attacker could use this to cause a denial of \nservice (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux \nkernel's IPv6 stack. A local attacker could cause a denial of service or \npotentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the \nLinux kernel's IPv6 stack. A local user could exploit this issue to cause a \ndenial of service or possibly other unspecified problems. (CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. \nA local attacker could exploit this issue to cause a denial of service or \npotentially other unspecified problems. (CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the \nLinux kernel mishandled inheritance. A local attacker could exploit this \nissue to cause a denial of service or potentially other unspecified \nproblems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack in the Linux kernel was performing \nits over write consistency check after the data was actually overwritten. A \nlocal attacker could exploit this flaw to cause a denial of service (system \ncrash). (CVE-2017-9242)", "edition": 6, "modified": "2017-06-29T00:00:00", "published": "2017-06-29T00:00:00", "id": "USN-3342-2", "href": "https://ubuntu.com/security/notices/USN-3342-2", "title": "Linux kernel (HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:34:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9074", "CVE-2017-9242", "CVE-2017-9075", "CVE-2017-7487", "CVE-2017-9076", "CVE-2017-1000363", "CVE-2017-9077", "CVE-2017-8890"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-06-30T00:00:00", "id": "OPENVAS:1361412562310843231", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843231", "type": "openvas", "title": "Ubuntu Update for linux-lts-xenial USN-3344-2", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-xenial USN-3344-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843231\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-30 05:13:28 +0200 (Fri, 30 Jun 2017)\");\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\",\n \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-xenial USN-3344-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-xenial'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3344-1 fixed vulnerabilities in the\n Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding\n updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for\n Ubuntu 14.04 LTS. USN 3334-1 fixed a vulnerability in the Linux kernel. However,\n that fix introduced regressions for some Java applications. This update\n addresses the issue. We apologize for the inconvenience. Roee Hay discovered\n that the parallel port printer driver in the Linux kernel did not properly\n bounds check passed arguments. A local attacker with write access to the kernel\n command line arguments could use this to execute arbitrary code.\n (CVE-2017-1000363) A reference count bug was discovered in the Linux kernel ipx\n protocol stack. A local attacker could exploit this flaw to cause a denial of\n service or possibly other unspecified problems. (CVE-2017-7487) It was\n discovered that a double-free vulnerability existed in the IPv4 stack of the\n Linux kernel. An attacker could use this to cause a denial of service (system\n crash). (CVE-2017-8890) Andrey Konovalov discovered an IPv6 out-of-bounds read\n error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of\n service or potentially other unspecified problems. (CVE-2017-9074) Andrey\n Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's\n IPv6 stack. A local user could exploit this issue to cause a denial of service\n or possibly other unspecified problems. (CVE-2017-9075) It was discovered that\n dccp v6 in the Linux kernel mishandled inheritance. A local attacker could\n exploit this issue to cause a denial of service or potentially other unspecified\n problems. (CVE-2017-9076) It was discovered that the transmission control\n protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker\n could exploit this issue to cause a denial of service or potentially other\n unspecified problems. (CVE-2017-9077) It was discovered that the IPv6 stack in\n the Linux kernel was performing its over write consistency check after the data\n was actually overwritten. A local attacker could exploit this flaw to cause a\n denial of service (system crash). (CVE-2017-9242)\");\n script_tag(name:\"affected\", value:\"linux-lts-xenial on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3344-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3344-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-83-generic\", ver:\"4.4.0-83.106~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-83-generic-lpae\", ver:\"4.4.0-83.106~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-83-lowlatency\", ver:\"4.4.0-83.106~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-83-powerpc-e500mc\", ver:\"4.4.0-83.106~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-83-powerpc-smp\", ver:\"4.4.0-83.106~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-83-powerpc64-emb\", ver:\"4.4.0-83.106~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-83-powerpc64-smp\", ver:\"4.4.0-83.106~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae-lts-xenial\", ver:\"4.4.0.83.68\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lts-xenial\", ver:\"4.4.0.83.68\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency-lts-xenial\", ver:\"4.4.0.83.68\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc-lts-xenial\", ver:\"4.4.0.83.68\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp-lts-xenial\", ver:\"4.4.0.83.68\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb-lts-xenial\", ver:\"4.4.0.83.68\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp-lts-xenial\", ver:\"4.4.0.83.68\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9074", "CVE-2017-9242", "CVE-2017-9075", "CVE-2017-1000364", "CVE-2017-7487", "CVE-2017-9076", "CVE-2017-1000363", "CVE-2017-9077", "CVE-2017-8890"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-06-20T00:00:00", "id": "OPENVAS:1361412562310843209", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843209", "type": "openvas", "title": "Ubuntu Update for linux USN-3328-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-3328-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843209\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-20 06:58:38 +0200 (Tue, 20 Jun 2017)\");\n script_cve_id(\"CVE-2017-1000364\", \"CVE-2017-1000363\", \"CVE-2017-7487\", \"CVE-2017-8890\",\n \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\",\n \"CVE-2017-9242\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3328-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the stack guard page\n for processes in the Linux kernel was not sufficiently large enough to prevent\n overlapping with the heap. An attacker could leverage this with another\n vulnerability to execute arbitrary code and gain administrative privileges\n (CVE-2017-1000364) Roee Hay discovered that the parallel port printer driver in\n the Linux kernel did not properly bounds check passed arguments. A local\n attacker with write access to the kernel command line arguments could use this\n to execute arbitrary code. (CVE-2017-1000363) A reference count bug was\n discovered in the Linux kernel ipx protocol stack. A local attacker could\n exploit this flaw to cause a denial of service or possibly other unspecified\n problems. (CVE-2017-7487) A double free bug was discovered in the IPv4 stack of\n the Linux kernel. An attacker could use this to cause a denial of service\n (system crash). (CVE-2017-8890) Andrey Konovalov discovered an IPv6\n out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker\n could cause a denial of service or potentially other unspecified problems.\n (CVE-2017-9074) Andrey Konovalov discovered a flaw in the handling of\n inheritance in the Linux kernel's IPv6 stack. A local user could exploit this\n issue to cause a denial of service or possibly other unspecified problems.\n (CVE-2017-9075) It was discovered that dccp v6 in the Linux kernel mishandled\n inheritance. A local attacker could exploit this issue to cause a denial of\n service or potentially other unspecified problems. (CVE-2017-9076) It was\n discovered that the transmission control protocol (tcp) v6 in the Linux kernel\n mishandled inheritance. A local attacker could exploit this issue to cause a\n denial of service or potentially other unspecified problems. (CVE-2017-9077) It\n was discovered that the IPv6 stack was doing over write consistency check after\n the data was actually overwritten. A local attacker could exploit this flaw to\n cause a denial of service (system crash). (CVE-2017-9242)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3328-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3328-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-81-generic\", ver:\"4.4.0-81.104\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-81-generic-lpae\", ver:\"4.4.0-81.104\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-81-lowlatency\", ver:\"4.4.0-81.104\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-81-powerpc-e500mc\", ver:\"4.4.0-81.104\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-81-powerpc-smp\", ver:\"4.4.0-81.104\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-81-powerpc64-emb\", ver:\"4.4.0-81.104\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-81-powerpc64-smp\", ver:\"4.4.0-81.104\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae-lts-utopic\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae-lts-vivid\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae-lts-wily\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae-lts-xenial\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lts-utopic\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lts-vivid\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lts-wily\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lts-xenial\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency-lts-utopic\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency-lts-vivid\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency-lts-wily\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency-lts-xenial\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc-lts-utopic\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc-lts-vivid\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc-lts-wily\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc-lts-xenial\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp-lts-utopic\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp-lts-vivid\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp-lts-wily\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp-lts-xenial\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb-lts-utopic\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb-lts-vivid\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb-lts-wily\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb-lts-xenial\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp-lts-utopic\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp-lts-vivid\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp-lts-wily\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp-lts-xenial\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-virtual\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-virtual-lts-utopic\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-virtual-lts-vivid\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-virtual-lts-wily\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-virtual-lts-xenial\", ver:\"4.4.0.81.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9074", "CVE-2017-9242", "CVE-2017-9075", "CVE-2017-1000364", "CVE-2017-7487", "CVE-2017-9076", "CVE-2017-1000363", "CVE-2017-9077", "CVE-2017-8890"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-06-20T00:00:00", "id": "OPENVAS:1361412562310843217", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843217", "type": "openvas", "title": "Ubuntu Update for linux-raspi2 USN-3332-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-raspi2 USN-3332-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843217\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-20 07:01:28 +0200 (Tue, 20 Jun 2017)\");\n script_cve_id(\"CVE-2017-1000364\", \"CVE-2017-1000363\", \"CVE-2017-7487\", \"CVE-2017-8890\",\n \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\",\n \"CVE-2017-9242\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-raspi2 USN-3332-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-raspi2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the stack guard page\n for processes in the Linux kernel was not sufficiently large enough to prevent\n overlapping with the heap. An attacker could leverage this with another\n vulnerability to execute arbitrary code and gain administrative privileges\n (CVE-2017-1000364) Roee Hay discovered that the parallel port printer driver in\n the Linux kernel did not properly bounds check passed arguments. A local\n attacker with write access to the kernel command line arguments could use this\n to execute arbitrary code. (CVE-2017-1000363) A reference count bug was\n discovered in the Linux kernel ipx protocol stack. A local attacker could\n exploit this flaw to cause a denial of service or possibly other unspecified\n problems. (CVE-2017-7487) A double free bug was discovered in the IPv4 stack of\n the Linux kernel. An attacker could use this to cause a denial of service\n (system crash). (CVE-2017-8890) Andrey Konovalov discovered an IPv6\n out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker\n could cause a denial of service or potentially other unspecified problems.\n (CVE-2017-9074) Andrey Konovalov discovered a flaw in the handling of\n inheritance in the Linux kernel's IPv6 stack. A local user could exploit this\n issue to cause a denial of service or possibly other unspecified problems.\n (CVE-2017-9075) It was discovered that dccp v6 in the Linux kernel mishandled\n inheritance. A local attacker could exploit this issue to cause a denial of\n service or potentially other unspecified problems. (CVE-2017-9076) It was\n discovered that the transmission control protocol (tcp) v6 in the Linux kernel\n mishandled inheritance. A local attacker could exploit this issue to cause a\n denial of service or potentially other unspecified problems. (CVE-2017-9077) It\n was discovered that the IPv6 stack was doing over write consistency check after\n the data was actually overwritten. A local attacker could exploit this flaw to\n cause a denial of service (system crash). (CVE-2017-9242)\");\n script_tag(name:\"affected\", value:\"linux-raspi2 on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3332-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3332-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1059-raspi2\", ver:\"4.4.0-1059.67\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.4.0.1059.60\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9074", "CVE-2017-9242", "CVE-2017-9075", "CVE-2017-1000364", "CVE-2017-7487", "CVE-2017-9076", "CVE-2017-1000363", "CVE-2017-9077", "CVE-2017-8890"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-06-20T00:00:00", "id": "OPENVAS:1361412562310843216", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843216", "type": "openvas", "title": "Ubuntu Update for linux-aws USN-3331-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-aws USN-3331-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843216\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-20 07:00:47 +0200 (Tue, 20 Jun 2017)\");\n script_cve_id(\"CVE-2017-1000364\", \"CVE-2017-1000363\", \"CVE-2017-7487\", \"CVE-2017-8890\",\n \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\",\n \"CVE-2017-9242\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-aws USN-3331-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-aws'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the stack guard page\n for processes in the Linux kernel was not sufficiently large enough to prevent\n overlapping with the heap. An attacker could leverage this with another\n vulnerability to execute arbitrary code and gain administrative privileges\n (CVE-2017-1000364) Roee Hay discovered that the parallel port printer driver in\n the Linux kernel did not properly bounds check passed arguments. A local\n attacker with write access to the kernel command line arguments could use this\n to execute arbitrary code. (CVE-2017-1000363) A reference count bug was\n discovered in the Linux kernel ipx protocol stack. A local attacker could\n exploit this flaw to cause a denial of service or possibly other unspecified\n problems. (CVE-2017-7487) A double free bug was discovered in the IPv4 stack of\n the Linux kernel. An attacker could use this to cause a denial of service\n (system crash). (CVE-2017-8890) Andrey Konovalov discovered an IPv6\n out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker\n could cause a denial of service or potentially other unspecified problems.\n (CVE-2017-9074) Andrey Konovalov discovered a flaw in the handling of\n inheritance in the Linux kernel's IPv6 stack. A local user could exploit this\n issue to cause a denial of service or possibly other unspecified problems.\n (CVE-2017-9075) It was discovered that dccp v6 in the Linux kernel mishandled\n inheritance. A local attacker could exploit this issue to cause a denial of\n service or potentially other unspecified problems. (CVE-2017-9076) It was\n discovered that the transmission control protocol (tcp) v6 in the Linux kernel\n mishandled inheritance. A local attacker could exploit this issue to cause a\n denial of service or potentially other unspecified problems. (CVE-2017-9077) It\n was discovered that the IPv6 stack was doing over write consistency check after\n the data was actually overwritten. A local attacker could exploit this flaw to\n cause a denial of service (system crash). (CVE-2017-9242)\");\n script_tag(name:\"affected\", value:\"linux-aws on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3331-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3331-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1020-aws\", ver:\"4.4.0-1020.29\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9074", "CVE-2017-9242", "CVE-2017-9075", "CVE-2017-1000364", "CVE-2017-7487", "CVE-2017-9076", "CVE-2017-1000363", "CVE-2017-9077", "CVE-2017-8890"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-06-20T00:00:00", "id": "OPENVAS:1361412562310843215", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843215", "type": "openvas", "title": "Ubuntu Update for linux-lts-xenial USN-3334-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-xenial USN-3334-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843215\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-20 07:00:28 +0200 (Tue, 20 Jun 2017)\");\n script_cve_id(\"CVE-2017-1000364\", \"CVE-2017-1000363\", \"CVE-2017-7487\", \"CVE-2017-8890\",\n \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\",\n \"CVE-2017-9242\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-xenial USN-3334-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-xenial'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the stack guard page\n for processes in the Linux kernel was not sufficiently large enough to prevent\n overlapping with the heap. An attacker could leverage this with another\n vulnerability to execute arbitrary code and gain administrative privileges\n (CVE-2017-1000364) Roee Hay discovered that the parallel port printer driver in\n the Linux kernel did not properly bounds check passed arguments. A local\n attacker with write access to the kernel command line arguments could use this\n to execute arbitrary code. (CVE-2017-1000363) A reference count bug was\n discovered in the Linux kernel ipx protocol stack. A local attacker could\n exploit this flaw to cause a denial of service or possibly other unspecified\n problems. (CVE-2017-7487) A double free bug was discovered in the IPv4 stack of\n the Linux kernel. An attacker could use this to cause a denial of service\n (system crash). (CVE-2017-8890) Andrey Konovalov discovered an IPv6\n out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker\n could cause a denial of service or potentially other unspecified problems.\n (CVE-2017-9074) Andrey Konovalov discovered a flaw in the handling of\n inheritance in the Linux kernel's IPv6 stack. A local user could exploit this\n issue to cause a denial of service or possibly other unspecified problems.\n (CVE-2017-9075) It was discovered that dccp v6 in the Linux kernel mishandled\n inheritance. A local attacker could exploit this issue to cause a denial of\n service or potentially other unspecified problems. (CVE-2017-9076) It was\n discovered that the transmission control protocol (tcp) v6 in the Linux kernel\n mishandled inheritance. A local attacker could exploit this issue to cause a\n denial of service or potentially other unspecified problems. (CVE-2017-9077) It\n was discovered that the IPv6 stack was doing over write consistency check after\n the data was actually overwritten. A local attacker could exploit this flaw to\n cause a denial of service (system crash). (CVE-2017-9242)\");\n script_tag(name:\"affected\", value:\"linux-lts-xenial on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3334-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3334-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-81-generic\", ver:\"4.4.0-81.104~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-81-generic-lpae\", ver:\"4.4.0-81.104~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-81-lowlatency\", ver:\"4.4.0-81.104~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-81-powerpc-e500mc\", ver:\"4.4.0-81.104~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-81-powerpc-smp\", ver:\"4.4.0-81.104~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-81-powerpc64-emb\", ver:\"4.4.0-81.104~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-81-powerpc64-smp\", ver:\"4.4.0-81.104~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae-lts-xenial\", ver:\"4.4.0.81.66\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lts-xenial\", ver:\"4.4.0.81.66\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency-lts-xenial\", ver:\"4.4.0.81.66\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc-lts-xenial\", ver:\"4.4.0.81.66\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp-lts-xenial\", ver:\"4.4.0.81.66\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb-lts-xenial\", ver:\"4.4.0.81.66\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp-lts-xenial\", ver:\"4.4.0.81.66\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-virtual-lts-xenial\", ver:\"4.4.0.81.66\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9074", "CVE-2017-9242", "CVE-2017-9075", "CVE-2017-1000364", "CVE-2017-7487", "CVE-2017-9076", "CVE-2017-1000363", "CVE-2017-9077", "CVE-2017-8890"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-06-20T00:00:00", "id": "OPENVAS:1361412562310843222", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843222", "type": "openvas", "title": "Ubuntu Update for linux-gke USN-3329-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-gke USN-3329-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843222\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-20 07:02:56 +0200 (Tue, 20 Jun 2017)\");\n script_cve_id(\"CVE-2017-1000364\", \"CVE-2017-1000363\", \"CVE-2017-7487\", \"CVE-2017-8890\",\n \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\",\n \"CVE-2017-9242\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-gke USN-3329-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-gke'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the stack guard page\n for processes in the Linux kernel was not sufficiently large enough to prevent\n overlapping with the heap. An attacker could leverage this with another\n vulnerability to execute arbitrary code and gain administrative privileges\n (CVE-2017-1000364) Roee Hay discovered that the parallel port printer driver in\n the Linux kernel did not properly bounds check passed arguments. A local\n attacker with write access to the kernel command line arguments could use this\n to execute arbitrary code. (CVE-2017-1000363) A reference count bug was\n discovered in the Linux kernel ipx protocol stack. A local attacker could\n exploit this flaw to cause a denial of service or possibly other unspecified\n problems. (CVE-2017-7487) A double free bug was discovered in the IPv4 stack of\n the Linux kernel. An attacker could use this to cause a denial of service\n (system crash). (CVE-2017-8890) Andrey Konovalov discovered an IPv6\n out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker\n could cause a denial of service or potentially other unspecified problems.\n (CVE-2017-9074) Andrey Konovalov discovered a flaw in the handling of\n inheritance in the Linux kernel's IPv6 stack. A local user could exploit this\n issue to cause a denial of service or possibly other unspecified problems.\n (CVE-2017-9075) It was discovered that dccp v6 in the Linux kernel mishandled\n inheritance. A local attacker could exploit this issue to cause a denial of\n service or potentially other unspecified problems. (CVE-2017-9076) It was\n discovered that the transmission control protocol (tcp) v6 in the Linux kernel\n mishandled inheritance. A local attacker could exploit this issue to cause a\n denial of service or potentially other unspecified problems. (CVE-2017-9077) It\n was discovered that the IPv6 stack was doing over write consistency check after\n the data was actually overwritten. A local attacker could exploit this flaw to\n cause a denial of service (system crash). (CVE-2017-9242)\");\n script_tag(name:\"affected\", value:\"linux-gke on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3329-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3329-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1016-gke\", ver:\"4.4.0-1016.16\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9074", "CVE-2017-9242", "CVE-2017-9075", "CVE-2017-1000364", "CVE-2017-7487", "CVE-2017-9076", "CVE-2017-1000363", "CVE-2017-9077", "CVE-2017-8890"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-06-20T00:00:00", "id": "OPENVAS:1361412562310843213", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843213", "type": "openvas", "title": "Ubuntu Update for linux-snapdragon USN-3330-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-snapdragon USN-3330-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843213\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-20 07:00:06 +0200 (Tue, 20 Jun 2017)\");\n script_cve_id(\"CVE-2017-1000364\", \"CVE-2017-1000363\", \"CVE-2017-7487\", \"CVE-2017-8890\",\n \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\",\n \"CVE-2017-9242\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-snapdragon USN-3330-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-snapdragon'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the stack guard page\n for processes in the Linux kernel was not sufficiently large enough to prevent\n overlapping with the heap. An attacker could leverage this with another\n vulnerability to execute arbitrary code and gain administrative privileges\n (CVE-2017-1000364) Roee Hay discovered that the parallel port printer driver in\n the Linux kernel did not properly bounds check passed arguments. A local\n attacker with write access to the kernel command line arguments could use this\n to execute arbitrary code. (CVE-2017-1000363) A reference count bug was\n discovered in the Linux kernel ipx protocol stack. A local attacker could\n exploit this flaw to cause a denial of service or possibly other unspecified\n problems. (CVE-2017-7487) A double free bug was discovered in the IPv4 stack of\n the Linux kernel. An attacker could use this to cause a denial of service\n (system crash). (CVE-2017-8890) Andrey Konovalov discovered an IPv6\n out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker\n could cause a denial of service or potentially other unspecified problems.\n (CVE-2017-9074) Andrey Konovalov discovered a flaw in the handling of\n inheritance in the Linux kernel's IPv6 stack. A local user could exploit this\n issue to cause a denial of service or possibly other unspecified problems.\n (CVE-2017-9075) It was discovered that dccp v6 in the Linux kernel mishandled\n inheritance. A local attacker could exploit this issue to cause a denial of\n service or potentially other unspecified problems. (CVE-2017-9076) It was\n discovered that the transmission control protocol (tcp) v6 in the Linux kernel\n mishandled inheritance. A local attacker could exploit this issue to cause a\n denial of service or potentially other unspecified problems. (CVE-2017-9077) It\n was discovered that the IPv6 stack was doing over write consistency check after\n the data was actually overwritten. A local attacker could exploit this flaw to\n cause a denial of service (system crash). (CVE-2017-9242)\");\n script_tag(name:\"affected\", value:\"linux-snapdragon on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3330-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3330-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1061-snapdragon\", ver:\"4.4.0-1061.66\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-snapdragon\", ver:\"4.4.0.1061.54\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9074", "CVE-2017-9242", "CVE-2017-9075", "CVE-2017-9150", "CVE-2017-9076", "CVE-2017-1000363", "CVE-2017-9077", "CVE-2017-8890"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-06-30T00:00:00", "id": "OPENVAS:1361412562310843234", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843234", "type": "openvas", "title": "Ubuntu Update for linux USN-3345-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-3345-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843234\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-30 05:15:13 +0200 (Fri, 30 Jun 2017)\");\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\",\n \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9150\", \"CVE-2017-9242\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3345-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN 3324-1 fixed a vulnerability in the\n Linux kernel. However, that fix introduced regressions for some Java\n applications. This update addresses the issue. We apologize for the\n inconvenience. Roee Hay discovered that the parallel port printer driver in the\n Linux kernel did not properly bounds check passed arguments. A local attacker\n with write access to the kernel command line arguments could use this to execute\n arbitrary code. (CVE-2017-1000363) It was discovered that a double-free\n vulnerability existed in the IPv4 stack of the Linux kernel. An attacker could\n use this to cause a denial of service (system crash). (CVE-2017-8890) Andrey\n Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6\n stack. A local attacker could cause a denial of service or potentially other\n unspecified problems. (CVE-2017-9074) Andrey Konovalov discovered a flaw in the\n handling of inheritance in the Linux kernel's IPv6 stack. A local user could\n exploit this issue to cause a denial of service or possibly other unspecified\n problems. (CVE-2017-9075) It was discovered that dccp v6 in the Linux kernel\n mishandled inheritance. A local attacker could exploit this issue to cause a\n denial of service or potentially other unspecified problems. (CVE-2017-9076) It\n was discovered that the transmission control protocol (tcp) v6 in the Linux\n kernel mishandled inheritance. A local attacker could exploit this issue to\n cause a denial of service or potentially other unspecified problems.\n (CVE-2017-9077) Jann Horn discovered that bpf in Linux kernel does not restrict\n the output of the print_bpf_insn function. A local attacker could use this to\n obtain sensitive address information. (CVE-2017-9150) It was discovered that the\n IPv6 stack in the Linux kernel was performing its over write consistency check\n after the data was actually overwritten. A local attacker could exploit this\n flaw to cause a denial of service (system crash). (CVE-2017-9242)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 17.04\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3345-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3345-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU17\\.04\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.10.0-1010-raspi2\", ver:\"4.10.0-1010.13\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.10.0-26-generic\", ver:\"4.10.0-26.30\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.10.0-26-generic-lpae\", ver:\"4.10.0-26.30\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.10.0-26-lowlatency\", ver:\"4.10.0-26.30\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.10.0.26.28\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.10.0.26.28\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.10.0.26.28\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.10.0.1010.12\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-8890"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-06-02T00:00:00", "id": "OPENVAS:1361412562310872729", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872729", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2017-6f06be3fe9", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2017-6f06be3fe9\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872729\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-02 07:03:01 +0200 (Fri, 02 Jun 2017)\");\n script_cve_id(\"CVE-2017-9077\", \"CVE-2017-9076\", \"CVE-2017-9075\", \"CVE-2017-9074\",\n \"CVE-2017-8890\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2017-6f06be3fe9\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-6f06be3fe9\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GN4PX5ETRQPJP63VP5LAWFVPRHWPGLBM\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.11.3~200.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-8890"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-06-14T00:00:00", "id": "OPENVAS:1361412562310872761", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872761", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2017-6554692044", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2017-6554692044\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872761\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-14 06:53:55 +0200 (Wed, 14 Jun 2017)\");\n script_cve_id(\"CVE-2017-9077\", \"CVE-2017-9076\", \"CVE-2017-9075\", \"CVE-2017-9074\",\n \"CVE-2017-8890\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2017-6554692044\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-6554692044\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UODZK3EP5PYYTVXAGMC26VIMRXBEFRQW\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.11.4~100.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-03-01T07:32:54", "description": "USN-3344-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu\n14.04 LTS.\n\nUSN 3334-1 fixed a vulnerability in the Linux kernel. However, that\nfix introduced regressions for some Java applications. This update\naddresses the issue. We apologize for the inconvenience.\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol\nstack. A local attacker could exploit this flaw to cause a denial of\nservice or possibly other unspecified problems. (CVE-2017-7487)\n\nIt was discovered that a double-free vulnerability existed in the IPv4\nstack of the Linux kernel. An attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack in the Linux kernel was\nperforming its over write consistency check after the data was\nactually overwritten. A local attacker could exploit this flaw to\ncause a denial of service (system crash). (CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 29, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-06-30T00:00:00", "title": "Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3344-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9074", "CVE-2017-9242", "CVE-2017-9075", "CVE-2017-7487", "CVE-2017-9076", "CVE-2017-1000363", "CVE-2017-9077", "CVE-2017-8890"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3344-2.NASL", "href": "https://www.tenable.com/plugins/nessus/101155", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3344-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101155);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3344-2\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3344-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-3344-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu\n14.04 LTS.\n\nUSN 3334-1 fixed a vulnerability in the Linux kernel. However, that\nfix introduced regressions for some Java applications. This update\naddresses the issue. We apologize for the inconvenience.\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol\nstack. A local attacker could exploit this flaw to cause a denial of\nservice or possibly other unspecified problems. (CVE-2017-7487)\n\nIt was discovered that a double-free vulnerability existed in the IPv4\nstack of the Linux kernel. An attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack in the Linux kernel was\nperforming its over write consistency check after the data was\nactually overwritten. A local attacker could exploit this flaw to\ncause a denial of service (system crash). (CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3344-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3344-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-83-generic\", pkgver:\"4.4.0-83.106~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-83-generic-lpae\", pkgver:\"4.4.0-83.106~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-83-lowlatency\", pkgver:\"4.4.0-83.106~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lpae-lts-xenial\", pkgver:\"4.4.0.83.68\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lts-xenial\", pkgver:\"4.4.0.83.68\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-lowlatency-lts-xenial\", pkgver:\"4.4.0.83.68\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-generic / linux-image-4.4-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T07:32:51", "description": "USN 3328-1 fixed a vulnerability in the Linux kernel. However, that\nfix introduced regressions for some Java applications. This update\naddresses the issue. We apologize for the inconvenience.\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol\nstack. A local attacker could exploit this flaw to cause a denial of\nservice or possibly other unspecified problems. (CVE-2017-7487)\n\nIt was discovered that a double-free vulnerability existed in the IPv4\nstack of the Linux kernel. An attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack in the Linux kernel was\nperforming its over write consistency check after the data was\nactually overwritten. A local attacker could exploit this flaw to\ncause a denial of service (system crash). (CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 29, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-06-30T00:00:00", "title": "Ubuntu 16.04 LTS : linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities (USN-3344-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9074", "CVE-2017-9242", "CVE-2017-9075", "CVE-2017-7487", "CVE-2017-9076", "CVE-2017-1000363", "CVE-2017-9077", "CVE-2017-8890"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "cpe:/o:canonical:ubuntu_linux:16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke"], "id": "UBUNTU_USN-3344-1.NASL", "href": "https://www.tenable.com/plugins/nessus/101154", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3344-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101154);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3344-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities (USN-3344-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN 3328-1 fixed a vulnerability in the Linux kernel. However, that\nfix introduced regressions for some Java applications. This update\naddresses the issue. We apologize for the inconvenience.\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol\nstack. A local attacker could exploit this flaw to cause a denial of\nservice or possibly other unspecified problems. (CVE-2017-7487)\n\nIt was discovered that a double-free vulnerability existed in the IPv4\nstack of the Linux kernel. An attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack in the Linux kernel was\nperforming its over write consistency check after the data was\nactually overwritten. A local attacker could exploit this flaw to\ncause a denial of service (system crash). (CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3344-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3344-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1018-gke\", pkgver:\"4.4.0-1018.18\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1022-aws\", pkgver:\"4.4.0-1022.31\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1061-raspi2\", pkgver:\"4.4.0-1061.69\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1063-snapdragon\", pkgver:\"4.4.0-1063.68\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-83-generic\", pkgver:\"4.4.0-83.106\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-83-generic-lpae\", pkgver:\"4.4.0-83.106\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-83-lowlatency\", pkgver:\"4.4.0-83.106\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-aws\", pkgver:\"4.4.0.1022.25\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic\", pkgver:\"4.4.0.83.89\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.4.0.83.89\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-gke\", pkgver:\"4.4.0.1018.20\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.4.0.83.89\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.4.0.1061.62\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-snapdragon\", pkgver:\"4.4.0.1063.56\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-aws / linux-image-4.4-generic / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T07:32:45", "description": "It was discovered that the stack guard page for processes in the Linux\nkernel was not sufficiently large enough to prevent overlapping with\nthe heap. An attacker could leverage this with another vulnerability\nto execute arbitrary code and gain administrative privileges\n(CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol\nstack. A local attacker could exploit this flaw to cause a denial of\nservice or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux\nkernel. An attacker could use this to cause a denial of service\n(system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency\ncheck after the data was actually overwritten. A local attacker could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 33, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-06-20T00:00:00", "title": "Ubuntu 16.04 LTS : linux-aws, linux-meta-aws vulnerabilities (USN-3331-1) (Stack Clash)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9074", "CVE-2017-9242", "CVE-2017-9075", "CVE-2017-1000364", "CVE-2017-7487", "CVE-2017-9076", "CVE-2017-1000363", "CVE-2017-9077", "CVE-2017-8890"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3331-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100929", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3331-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100929);\n script_version(\"3.14\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3331-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux-aws, linux-meta-aws vulnerabilities (USN-3331-1) (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the stack guard page for processes in the Linux\nkernel was not sufficiently large enough to prevent overlapping with\nthe heap. An attacker could leverage this with another vulnerability\nto execute arbitrary code and gain administrative privileges\n(CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol\nstack. A local attacker could exploit this flaw to cause a denial of\nservice or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux\nkernel. An attacker could use this to cause a denial of service\n(system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency\ncheck after the data was actually overwritten. A local attacker could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3331-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected linux-image-4.4-aws package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3331-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1020-aws\", pkgver:\"4.4.0-1020.29\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-aws\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T07:32:47", "description": "It was discovered that the stack guard page for processes in the Linux\nkernel was not sufficiently large enough to prevent overlapping with\nthe heap. An attacker could leverage this with another vulnerability\nto execute arbitrary code and gain administrative privileges\n(CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol\nstack. A local attacker could exploit this flaw to cause a denial of\nservice or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux\nkernel. An attacker could use this to cause a denial of service\n(system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency\ncheck after the data was actually overwritten. A local attacker could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 34, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-06-20T00:00:00", "title": "Ubuntu 14.04 LTS : linux-lts-xenial, linux-meta-lts-xenial vulnerabilities (USN-3334-1) (Stack Clash)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9074", "CVE-2017-9242", "CVE-2017-9075", "CVE-2017-1000364", "CVE-2017-7487", "CVE-2017-9076", "CVE-2017-1000363", "CVE-2017-9077", "CVE-2017-8890"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3334-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100932", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3334-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100932);\n script_version(\"3.15\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3334-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-xenial, linux-meta-lts-xenial vulnerabilities (USN-3334-1) (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the stack guard page for processes in the Linux\nkernel was not sufficiently large enough to prevent overlapping with\nthe heap. An attacker could leverage this with another vulnerability\nto execute arbitrary code and gain administrative privileges\n(CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol\nstack. A local attacker could exploit this flaw to cause a denial of\nservice or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux\nkernel. An attacker could use this to cause a denial of service\n(system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency\ncheck after the data was actually overwritten. A local attacker could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3334-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3334-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-81-generic\", pkgver:\"4.4.0-81.104~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-81-generic-lpae\", pkgver:\"4.4.0-81.104~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-81-lowlatency\", pkgver:\"4.4.0-81.104~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lpae-lts-xenial\", pkgver:\"4.4.0.81.66\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lts-xenial\", pkgver:\"4.4.0.81.66\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-lowlatency-lts-xenial\", pkgver:\"4.4.0.81.66\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-virtual-lts-xenial\", pkgver:\"4.4.0.81.66\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-generic / linux-image-4.4-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T07:32:46", "description": "It was discovered that the stack guard page for processes in the Linux\nkernel was not sufficiently large enough to prevent overlapping with\nthe heap. An attacker could leverage this with another vulnerability\nto execute arbitrary code and gain administrative privileges\n(CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol\nstack. A local attacker could exploit this flaw to cause a denial of\nservice or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux\nkernel. An attacker could use this to cause a denial of service\n(system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency\ncheck after the data was actually overwritten. A local attacker could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 33, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-06-20T00:00:00", "title": "Ubuntu 16.04 LTS : linux-meta-raspi2, linux-raspi2 vulnerabilities (USN-3332-1) (Stack Clash)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9074", "CVE-2017-9242", "CVE-2017-9075", "CVE-2017-1000364", "CVE-2017-7487", "CVE-2017-9076", "CVE-2017-1000363", "CVE-2017-9077", "CVE-2017-8890"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "cpe:/o:canonical:ubuntu_linux:16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2"], "id": "UBUNTU_USN-3332-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100930", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3332-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100930);\n script_version(\"3.14\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3332-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux-meta-raspi2, linux-raspi2 vulnerabilities (USN-3332-1) (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the stack guard page for processes in the Linux\nkernel was not sufficiently large enough to prevent overlapping with\nthe heap. An attacker could leverage this with another vulnerability\nto execute arbitrary code and gain administrative privileges\n(CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol\nstack. A local attacker could exploit this flaw to cause a denial of\nservice or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux\nkernel. An attacker could use this to cause a denial of service\n(system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency\ncheck after the data was actually overwritten. A local attacker could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3332-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-4.4-raspi2 and / or linux-image-raspi2\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3332-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1059-raspi2\", pkgver:\"4.4.0-1059.67\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.4.0.1059.60\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-raspi2 / linux-image-raspi2\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T07:32:43", "description": "It was discovered that the stack guard page for processes in the Linux\nkernel was not sufficiently large enough to prevent overlapping with\nthe heap. An attacker could leverage this with another vulnerability\nto execute arbitrary code and gain administrative privileges\n(CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol\nstack. A local attacker could exploit this flaw to cause a denial of\nservice or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux\nkernel. An attacker could use this to cause a denial of service\n(system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency\ncheck after the data was actually overwritten. A local attacker could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 32, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-06-20T00:00:00", "title": "Ubuntu 16.04 LTS : linux-gke, linux-meta-gke vulnerabilities (USN-3329-1) (Stack Clash)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9074", "CVE-2017-9242", "CVE-2017-9075", "CVE-2017-1000364", "CVE-2017-7487", "CVE-2017-9076", "CVE-2017-1000363", "CVE-2017-9077", "CVE-2017-8890"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-gke"], "id": "UBUNTU_USN-3329-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100927", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3329-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100927);\n script_version(\"3.13\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3329-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux-gke, linux-meta-gke vulnerabilities (USN-3329-1) (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the stack guard page for processes in the Linux\nkernel was not sufficiently large enough to prevent overlapping with\nthe heap. An attacker could leverage this with another vulnerability\nto execute arbitrary code and gain administrative privileges\n(CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol\nstack. A local attacker could exploit this flaw to cause a denial of\nservice or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux\nkernel. An attacker could use this to cause a denial of service\n(system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency\ncheck after the data was actually overwritten. A local attacker could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3329-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected linux-image-4.4-gke package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3329-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1016-gke\", pkgver:\"4.4.0-1016.16\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-gke\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T07:32:41", "description": "It was discovered that the stack guard page for processes in the Linux\nkernel was not sufficiently large enough to prevent overlapping with\nthe heap. An attacker could leverage this with another vulnerability\nto execute arbitrary code and gain administrative privileges\n(CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol\nstack. A local attacker could exploit this flaw to cause a denial of\nservice or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux\nkernel. An attacker could use this to cause a denial of service\n(system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency\ncheck after the data was actually overwritten. A local attacker could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 33, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-06-20T00:00:00", "title": "Ubuntu 16.04 LTS : linux, linux-meta vulnerabilities (USN-3328-1) (Stack Clash)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9074", "CVE-2017-9242", "CVE-2017-9075", "CVE-2017-1000364", "CVE-2017-7487", "CVE-2017-9076", "CVE-2017-1000363", "CVE-2017-9077", "CVE-2017-8890"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-wily", "cpe:/o:canonical:ubuntu_linux:16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic"], "id": "UBUNTU_USN-3328-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100926", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3328-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100926);\n script_version(\"3.14\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3328-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux, linux-meta vulnerabilities (USN-3328-1) (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the stack guard page for processes in the Linux\nkernel was not sufficiently large enough to prevent overlapping with\nthe heap. An attacker could leverage this with another vulnerability\nto execute arbitrary code and gain administrative privileges\n(CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol\nstack. A local attacker could exploit this flaw to cause a denial of\nservice or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux\nkernel. An attacker could use this to cause a denial of service\n(system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency\ncheck after the data was actually overwritten. A local attacker could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3328-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3328-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-81-generic\", pkgver:\"4.4.0-81.104\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-81-generic-lpae\", pkgver:\"4.4.0-81.104\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-81-lowlatency\", pkgver:\"4.4.0-81.104\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae-lts-utopic\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae-lts-vivid\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae-lts-wily\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae-lts-xenial\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lts-utopic\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lts-vivid\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lts-wily\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lts-xenial\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency-lts-utopic\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency-lts-vivid\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency-lts-wily\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency-lts-xenial\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-virtual\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-virtual-lts-utopic\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-virtual-lts-vivid\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-virtual-lts-wily\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-virtual-lts-xenial\", pkgver:\"4.4.0.81.87\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-generic / linux-image-4.4-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T07:32:45", "description": "It was discovered that the stack guard page for processes in the Linux\nkernel was not sufficiently large enough to prevent overlapping with\nthe heap. An attacker could leverage this with another vulnerability\nto execute arbitrary code and gain administrative privileges\n(CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol\nstack. A local attacker could exploit this flaw to cause a denial of\nservice or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux\nkernel. An attacker could use this to cause a denial of service\n(system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency\ncheck after the data was actually overwritten. A local attacker could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 33, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-06-20T00:00:00", "title": "Ubuntu 16.04 LTS : linux-meta-snapdragon, linux-snapdragon vulnerabilities (USN-3330-1) (Stack Clash)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9074", "CVE-2017-9242", "CVE-2017-9075", "CVE-2017-1000364", "CVE-2017-7487", "CVE-2017-9076", "CVE-2017-1000363", "CVE-2017-9077", "CVE-2017-8890"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon"], "id": "UBUNTU_USN-3330-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100928", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3330-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100928);\n script_version(\"3.14\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3330-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux-meta-snapdragon, linux-snapdragon vulnerabilities (USN-3330-1) (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the stack guard page for processes in the Linux\nkernel was not sufficiently large enough to prevent overlapping with\nthe heap. An attacker could leverage this with another vulnerability\nto execute arbitrary code and gain administrative privileges\n(CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol\nstack. A local attacker could exploit this flaw to cause a denial of\nservice or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux\nkernel. An attacker could use this to cause a denial of service\n(system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency\ncheck after the data was actually overwritten. A local attacker could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3330-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-4.4-snapdragon and / or\nlinux-image-snapdragon packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3330-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1061-snapdragon\", pkgver:\"4.4.0-1061.66\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-snapdragon\", pkgver:\"4.4.0.1061.54\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-snapdragon / linux-image-snapdragon\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T07:32:54", "description": "USN 3324-1 fixed a vulnerability in the Linux kernel. However, that\nfix introduced regressions for some Java applications. This update\naddresses the issue. We apologize for the inconvenience.\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nIt was discovered that a double-free vulnerability existed in the IPv4\nstack of the Linux kernel. An attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nJann Horn discovered that bpf in Linux kernel does not restrict the\noutput of the print_bpf_insn function. A local attacker could use this\nto obtain sensitive address information. (CVE-2017-9150)\n\nIt was discovered that the IPv6 stack in the Linux kernel was\nperforming its over write consistency check after the data was\nactually overwritten. A local attacker could exploit this flaw to\ncause a denial of service (system crash). (CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 29, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-06-30T00:00:00", "title": "Ubuntu 17.04 : linux, linux-raspi2 vulnerabilities (USN-3345-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9074", "CVE-2017-9242", "CVE-2017-9075", "CVE-2017-9150", "CVE-2017-9076", "CVE-2017-1000363", "CVE-2017-9077", "CVE-2017-8890"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "cpe:/o:canonical:ubuntu_linux:17.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic"], "id": "UBUNTU_USN-3345-1.NASL", "href": "https://www.tenable.com/plugins/nessus/101156", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3345-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101156);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9150\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3345-1\");\n\n script_name(english:\"Ubuntu 17.04 : linux, linux-raspi2 vulnerabilities (USN-3345-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN 3324-1 fixed a vulnerability in the Linux kernel. However, that\nfix introduced regressions for some Java applications. This update\naddresses the issue. We apologize for the inconvenience.\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nIt was discovered that a double-free vulnerability existed in the IPv4\nstack of the Linux kernel. An attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nJann Horn discovered that bpf in Linux kernel does not restrict the\noutput of the print_bpf_insn function. A local attacker could use this\nto obtain sensitive address information. (CVE-2017-9150)\n\nIt was discovered that the IPv6 stack in the Linux kernel was\nperforming its over write consistency check after the data was\nactually overwritten. A local attacker could exploit this flaw to\ncause a denial of service (system crash). (CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3345-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9150\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3345-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-1010-raspi2\", pkgver:\"4.10.0-1010.13\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-26-generic\", pkgver:\"4.10.0-26.30\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-26-generic-lpae\", pkgver:\"4.10.0-26.30\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-26-lowlatency\", pkgver:\"4.10.0-26.30\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-generic\", pkgver:\"4.10.0.26.28\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.10.0.26.28\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.10.0.26.28\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.10.0.1010.12\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.10-generic / linux-image-4.10-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:13:13", "description": "According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerabilities :\n\n - The tcp_v6_syn_recv_sock function in\n net/ipv6/tcp_ipv6.c in the Linux kernel mishandles\n inheritance, which allows local users to cause a denial\n of service or possibly have unspecified other impact\n via crafted system calls, a related issue to\n CVE-2017-8890. An unprivileged local user could use\n this flaw to induce kernel memory corruption on the\n system, leading to a crash. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.\n\n - The IPv6 DCCP implementation in the Linux kernel\n mishandles inheritance, which allows local users to\n cause a denial of service or possibly have unspecified\n other impact via crafted system calls, a related issue\n to CVE-2017-8890. An unprivileged local user could use\n this flaw to induce kernel memory corruption on the\n system, leading to a crash. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.\n\n - The sctp_v6_create_accept_sk function in\n net/sctp/ipv6.c in the Linux kernel mishandles\n inheritance, which allows local users to cause a denial\n of service or possibly have unspecified other impact\n via crafted system calls, a related issue to\n CVE-2017-8890. An unprivileged local user could use\n this flaw to induce kernel memory corruption on the\n system, leading to a crash. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.\n\n - The IPv6 fragmentation implementation in the Linux\n kernel through 4.11.1 does not consider that the\n nexthdr field may be associated with an invalid option,\n which allows local users to cause a denial of service\n (out-of-bounds read and BUG) or possibly have\n unspecified other impact via crafted socket and send\n system calls.\n\n - The inet_csk_clone_lock function in\n net/ipv4/inet_connection_sock.c in the Linux kernel\n allows attackers to cause a denial of service (double\n free) or possibly have unspecified other impact by\n leveraging use of the accept system call. An\n unprivileged local user could use this flaw to induce\n kernel memory corruption on the system, leading to a\n crash. Due to the nature of the flaw, privilege\n escalation cannot be fully ruled out, although we\n believe it is unlikely.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 36, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-06-05T00:00:00", "title": "Virtuozzo 7 : readykernel-patch (VZA-2017-044)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-8890"], "modified": "2017-06-05T00:00:00", "cpe": ["cpe:/o:virtuozzo:virtuozzo:7", "p-cpe:/a:virtuozzo:virtuozzo:readykernel"], "id": "VIRTUOZZO_VZA-2017-044.NASL", "href": "https://www.tenable.com/plugins/nessus/100600", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100600);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2017-8890\",\n \"CVE-2017-9074\",\n \"CVE-2017-9075\",\n \"CVE-2017-9076\",\n \"CVE-2017-9077\"\n );\n\n script_name(english:\"Virtuozzo 7 : readykernel-patch (VZA-2017-044)\");\n script_summary(english:\"Checks the readykernel output for the updated patch.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerabilities :\n\n - The tcp_v6_syn_recv_sock function in\n net/ipv6/tcp_ipv6.c in the Linux kernel mishandles\n inheritance, which allows local users to cause a denial\n of service or possibly have unspecified other impact\n via crafted system calls, a related issue to\n CVE-2017-8890. An unprivileged local user could use\n this flaw to induce kernel memory corruption on the\n system, leading to a crash. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.\n\n - The IPv6 DCCP implementation in the Linux kernel\n mishandles inheritance, which allows local users to\n cause a denial of service or possibly have unspecified\n other impact via crafted system calls, a related issue\n to CVE-2017-8890. An unprivileged local user could use\n this flaw to induce kernel memory corruption on the\n system, leading to a crash. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.\n\n - The sctp_v6_create_accept_sk function in\n net/sctp/ipv6.c in the Linux kernel mishandles\n inheritance, which allows local users to cause a denial\n of service or possibly have unspecified other impact\n via crafted system calls, a related issue to\n CVE-2017-8890. An unprivileged local user could use\n this flaw to induce kernel memory corruption on the\n system, leading to a crash. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.\n\n - The IPv6 fragmentation implementation in the Linux\n kernel through 4.11.1 does not consider that the\n nexthdr field may be associated with an invalid option,\n which allows local users to cause a denial of service\n (out-of-bounds read and BUG) or possibly have\n unspecified other impact via crafted socket and send\n system calls.\n\n - The inet_csk_clone_lock function in\n net/ipv4/inet_connection_sock.c in the Linux kernel\n allows attackers to cause a denial of service (double\n free) or possibly have unspecified other impact by\n leveraging use of the accept system call. An\n unprivileged local user could use this flaw to induce\n kernel memory corruption on the system, leading to a\n crash. Due to the nature of the flaw, privilege\n escalation cannot be fully ruled out, although we\n believe it is unlikely.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://help.virtuozzo.com/customer/portal/articles/2816866\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-20.18-20.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e718308f\");\n script_set_attribute(attribute:\"solution\", value:\"Update the readykernel patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:readykernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\", \"Host/readykernel-info\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"readykernel.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nrk_info = get_kb_item(\"Host/readykernel-info\");\nif (empty_or_null(rk_info)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\n\nchecks = make_list2(\n make_array(\n \"kernel\",\"vzkernel-3.10.0-327.36.1.vz7.20.18\",\n \"patch\",\"readykernel-patch-20.18-20.0-1.vl7\"\n )\n);\nreadykernel_execute_checks(checks:checks, severity:SECURITY_HOLE, release:\"Virtuozzo-7\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "f5": [{"lastseen": "2020-04-06T22:40:34", "bulletinFamily": "software", "cvelist": ["CVE-2017-9076", "CVE-2017-8890"], "description": "\nF5 Product Development has assigned ID 726409 (BIG-IP), ID 726441 (BIG-IQ and F5 iWorkflow), and ID 726433 (Enterprise Manager) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H02613439 on the **Diagnostics** > **Identified** > **Medium** page.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 14.x | 14.0.0 | 14.1.0 \n14.0.0.3 | Medium | [6.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H>) | Linux kernel \n13.x | 13.0.0 - 13.1.1 | 13.1.1.2 \n12.x | 12.1.0 - 12.1.4 | 12.1.4.1 \n11.x | 11.6.1 - 11.6.3 \n11.2.1 - 11.5.8 | 11.6.4 \n11.5.9 \nARX | 6.x | None | Not applicable | Not vulnerable2 | None | None \nEnterprise Manager | 3.x | 3.1.1 | None | Medium | [6.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H>) | Linux kernel \nBIG-IQ Centralized Management | 6.x | 6.0.0 - 6.1.0 | None | Medium | [6.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H>) | Linux kernel \n5.x | 5.0.0 - 5.4.0 | None \n4.x | 4.6.0 | None \nBIG-IQ Cloud and Orchestration | 1.x | 1.0.0 | None | Medium | [6.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H>) | Linux kernel \nF5 iWorkflow | 2.x | 2.1.0 - 2.3.0 | None | Medium | [6.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H>) | Linux kernel \nTraffix SDC | 5.x | None | Not applicable | Not vulnerable | None | None \n4.x | None | Not applicable \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\n2The specified products contain the affected code. However, F5 identifies the vulnerability status as Not vulnerable because the attacker cannot exploit the code in default, standard, or recommended configuration.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nTo mitigate this vulnerability, you should permit management access to F5 products only over a secure network and restrict command line/Configuration utility access for affected systems to only Administrative users. For more information, refer to [K13309: Restricting access to the Configuration utility by source IP address (11.x - 14.x)](<https://support.f5.com/csp/article/K13309>) and [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>).\n\n * [K54170502: Linux kernel vulnerability CVE-2017-8890](<https://support.f5.com/csp/article/K54170502>)\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9502: BIG-IP hotfix and point release matrix](<https://support.f5.com/csp/article/K9502>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2019-04-16T00:00:00", "published": "2018-07-03T02:52:00", "id": "F5:K02613439", "href": "https://support.f5.com/csp/article/K02613439", "title": "Linux kernel vulnerability CVE-2017-9076", "type": "f5", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-06T22:40:05", "bulletinFamily": "software", "cvelist": ["CVE-2017-9075", "CVE-2017-8890"], "description": "\nF5 Product Development has assigned ID 726409 (BIG-IP), ID 726441 (BIG-IQ/iWorkflow), ID 726433 (Enterprise Manager), and CPF-24925 and CPF-24926 (Traffix) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H02236463 on the **Diagnostics** > **Identified** > **Medium** page.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 14.x | 14.0.0 | 14.1.0 \n14.0.0.3 | Medium | [6.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H>) | Linux kernel \n13.x | 13.0.0 - 13.1.1 | 13.1.1.2 \n12.x | 12.1.0 - 12.1.4 | 12.1.4.1 \n11.x | 11.6.0 - 11.6.3 \n11.2.1 - 11.5.8 | 11.6.4 \n11.5.9 \nARX | 6.x | None | Not applicable | Not vulnerable | None | None \nEnterprise Manager | 3.x | 3.1.1 | None | Medium | [6.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H>) | Linux kernel \nBIG-IQ Centralized Management | 6.x | 6.0.0 - 6.1.0 | None | Medium | [6.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H>) | Linux kernel \n5.x | 5.0.0 - 5.4.0 | None \n4.x | 4.6.0 | None \nBIG-IQ Cloud and Orchestration | 1.x | 1.0.0 | None | Medium | [6.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H>) | Linux kernel \nF5 iWorkflow | 2.x | 2.1.0 - 2.3.0 | None | Medium | [6.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H>) | Linux kernel \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Medium | [6.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H>) | Linux kernel \n4.x | 4.4.0 | None \n \n1 The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nTo mitigate this vulnerability, you should permit management access to F5 products only over a secure network and restrict access for affected systems to only trusted users. For more information about implementing this on a BIG-IP system, refer to [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>).\n\n * [K54170502: Linux kernel vulnerability CVE-2017-8890](<https://support.f5.com/csp/article/K54170502>)\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2019-04-16T00:43:00", "published": "2018-07-03T01:03:00", "id": "F5:K02236463", "href": "https://support.f5.com/csp/article/K02236463", "title": "Linux kernel vulnerability CVE-2017-9075", "type": "f5", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-06T22:40:08", "bulletinFamily": "software", "cvelist": ["CVE-2017-9077", "CVE-2017-8890"], "description": "\nF5 Product Development has assigned ID 726409 (BIG-IP), ID 726441 (BIG-IQ), ID 726433 (Enterprise Manager), and IDs CPF-24925 and CPF-24926 (Traffix SDC) to this vulnerability. Additionally, [BIG-IP iHealth](<https://www.f5.com/services/support/support-offerings/big-ip-ihealth-diagnostic-tool>) may list Heuristic H61429540 on the **Diagnostics** > **Identified** > **Medium** page.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 14.x | 14.0.0 | 14.1.0 \n14.0.0.3 | Medium | [6.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H>) | Linux kernel \n13.x | 13.0.0 - 13.1.1 | 13.1.1.2 \n12.x | 12.1.0 - 12.1.4 | 12.1.4.1 \n11.x | 11.2.1 - 11.6.3 | 11.6.4 \n11.5.9 \nARX | 6.x | None | Not applicable | Not vulnerable | None | None \nEnterprise Manager | 3.x | 3.1.1 | None | Medium | [6.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H>) | Linux kernel \nBIG-IQ Centralized Management | 6.x | 6.0.0 - 6.1.0 | None | Medium | [6.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H>) | Linux kernel \n5.x | 5.0.0 - 5.4.0 | None \n4.x | 4.6.0 | None \nBIG-IQ Cloud and Orchestration | 1.x | 1.0.0 | None | Medium | [6.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H>) | Linux kernel \nF5 iWorkflow | 2.x | 2.1.0 - 2.3.0 | None | Medium | [6.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H>) | Linux kernel \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | Not applicable | Medium | [6.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H>) | None \n4.x | 4.4.0 | Not applicable \n \n1 The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nTo mitigate this vulnerability, you should permit management access to F5 products only over a secure network and restrict command line access for affected systems to trusted users. For more information, refer to [K13309: Restricting access to the Configuration utility by source IP address (11.x - 14.x)](<https://support.f5.com/csp/article/K13309>) and [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>).\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9502: BIG-IP hotfix and point release matrix](<https://support.f5.com/csp/article/K9502>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2019-04-16T00:20:00", "published": "2018-07-02T22:35:00", "id": "F5:K61429540", "href": "https://support.f5.com/csp/article/K61429540", "title": "Linux kernel vulnerability CVE-2017-9077", "type": "f5", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-06T22:39:36", "bulletinFamily": "software", "cvelist": ["CVE-2017-9074"], "description": "\nF5 Product Development has assigned ID 709256 (BIG-IP), ID 710329 (BIG-IQ), ID 710328 (Enterprise Manager), and ID 710329 (F5 iWorkflow) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H61223103 on the **Diagnostics** > **Identified** > **Medium** page.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) | 14.x | 14.0.0 | 14.1.0 \n14.0.0.3 | Medium | [5.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>) | Kernel \n13.x | 13.0.0 - 13.1.0 | 13.1.0.8 \n12.x | 12.1.0 - 12.1.3 | 12.1.3.3 \n11.x | 11.6.0 - 11.6.3 \n11.2.1 - 11.5.5 | 11.6.3.1 \n11.5.6 \nARX | 6.x | None | Not applicable | Not vulnerable | None | None \nEnterprise Manager | 3.x | 3.1.1 | None | Medium | [5.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>) | Kernel \nBIG-IQ Centralized Management | 6.x | 6.0.0 - 6.1.0 | None | Medium | [5.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>) | Kernel \n5.x | 5.0.0 - 5.4.0 | None \n4.x | 4.6.0 | None \nBIG-IQ Cloud and Orchestration | 1.x | 1.0.0 | None | Medium | [5.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>) | Kernel \nF5 iWorkflow | 2.x | 2.0.1 - 2.3.0 | None | Medium | [5.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>) | Kernel \nLineRate | 2.x | None | Not applicable | Not vulnerable | None | None \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Medium | [5.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>) | Kernel \n4.x | 4.0.5 - 4.4.0 | None \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>)\n * [K41942608: Overview of Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "edition": 1, "modified": "2020-01-24T21:19:00", "published": "2018-03-15T19:40:00", "id": "F5:K61223103", "href": "https://support.f5.com/csp/article/K61223103", "title": "Linux kernel vulnerability CVE-2017-9074", "type": "f5", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-09-13T21:51:38", "bulletinFamily": "software", "cvelist": ["CVE-2017-8890"], "description": "\nF5 Product Development has assigned ID CPF-24107, CPF-24108, and CPF-24109 (Traffix SDC) to this vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP AAM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP ASM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP DNS| None| 13.0.0 \n12.0.0 - 12.1.2| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1| Not vulnerable| None \nBIG-IP GTM| None| 11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP Link Controller| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP PEM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.1| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1| Not vulnerable| None \nBIG-IP WebSafe| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.2.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.2.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.2| Not vulnerable| None \nTraffix SDC| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| None| Medium| Linux kernel\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "edition": 1, "modified": "2017-07-18T00:13:00", "published": "2017-07-18T00:13:00", "id": "F5:K54170502", "href": "https://support.f5.com/csp/article/K54170502", "title": "Linux kernel vulnerability CVE-2017-8890", "type": "f5", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2021-02-02T06:36:31", "description": "Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partial control over the command line) can overflow the parport_nr array in the following code, by appending many (>LP_NO) 'lp=none' arguments to the command line.", "edition": 19, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-07-17T13:18:00", "title": "CVE-2017-1000363", "type": "cve", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000363"], "modified": "2018-10-30T16:25:00", "cpe": ["cpe:/o:linux:linux_kernel:4.12", "cpe:/o:debian:debian_linux:8.0"], "id": "CVE-2017-1000363", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000363", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.12:rc1:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:50", "description": "The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface.", "edition": 6, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-05-14T22:29:00", "title": "CVE-2017-7487", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7487"], "modified": "2017-11-04T01:29:00", "cpe": ["cpe:/o:linux:linux_kernel:4.11.1"], "id": "CVE-2017-7487", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7487", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:4.11.1:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:51", "description": "The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.", "edition": 7, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-05-19T07:29:00", "title": "CVE-2017-9076", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9076"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:linux:linux_kernel:4.11.1"], "id": "CVE-2017-9076", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9076", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:4.11.1:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:51", "description": "The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls.", "edition": 6, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-05-19T07:29:00", "title": "CVE-2017-9074", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9074"], "modified": "2018-11-30T21:33:00", "cpe": ["cpe:/o:linux:linux_kernel:4.11.1"], "id": "CVE-2017-9074", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9074", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:4.11.1:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:51", "description": "The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.", "edition": 7, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-05-19T07:29:00", "title": "CVE-2017-9075", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9075"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:linux:linux_kernel:4.11.1"], "id": "CVE-2017-9075", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9075", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:4.11.1:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:51", "description": "The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.", "edition": 6, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-05-27T01:29:00", "title": "CVE-2017-9242", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9242"], "modified": "2018-01-05T02:31:00", "cpe": ["cpe:/o:linux:linux_kernel:4.11.3"], "id": "CVE-2017-9242", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9242", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:4.11.3:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:51", "description": "The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.", "edition": 6, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-05-10T16:29:00", "title": "CVE-2017-8890", "type": "cve", "cwe": ["CWE-415"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8890"], "modified": "2018-08-30T16:52:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/o:linux:linux_kernel:4.10.15", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2017-8890", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8890", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.10.15:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:51", "description": "The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.", "edition": 7, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-05-19T14:29:00", "title": "CVE-2017-9077", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9077"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:linux:linux_kernel:4.11.1"], "id": "CVE-2017-9077", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9077", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:4.11.1:*:*:*:*:*:*:*"]}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077"], "description": "The kernel meta package ", "modified": "2017-06-13T19:58:48", "published": "2017-06-13T19:58:48", "id": "FEDORA:464D56087B08", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: kernel-4.11.4-100.fc24", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077"], "description": "The kernel meta package ", "modified": "2017-06-01T05:13:39", "published": "2017-06-01T05:13:39", "id": "FEDORA:F02346079D15", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: kernel-4.11.3-200.fc25", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-8890", "CVE-2017-9059", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077"], "description": "The kernel meta package ", "modified": "2017-05-27T02:53:51", "published": "2017-05-27T02:53:51", "id": "FEDORA:8C2C4605E539", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: kernel-4.10.17-100.fc24", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-8890", "CVE-2017-9059", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077"], "description": "The kernel meta package ", "modified": "2017-05-26T04:07:33", "published": "2017-05-26T04:07:33", "id": "FEDORA:B704D609623F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: kernel-4.10.17-200.fc25", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2020-11-10T12:36:01", "bulletinFamily": "unix", "cvelist": ["CVE-2017-9059", "CVE-2017-9074", "CVE-2017-9242", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-8890"], "description": "**Issue Overview:**\n\nModule reference leak due to improper shut down of callback channel on umount: \nThe NFSv4 implementation in the Linux kernel through 4.11.1 allows local users to cause a denial of service (resource consumption) by leveraging improper channel callback shutdown when unmounting an NFSv4 filesystem, aka a \"module reference and kernel daemon\" leak. ([CVE-2017-9059 __](<https://access.redhat.com/security/cve/CVE-2017-9059>))\n\nIncorrect overwrite check in __ip6_append_data(): \nThe __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls. ([CVE-2017-9242 __](<https://access.redhat.com/security/cve/CVE-2017-9242>))\n\nDouble free in the inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c: \nThe inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. ([CVE-2017-8890 __](<https://access.redhat.com/security/cve/CVE-2017-8890>))\n\nnet: tcp_v6_syn_recv_sock function mishandles inheritance: \nThe tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to [CVE-2017-8890 __](<https://access.redhat.com/security/cve/CVE-2017-8890>). An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. ([CVE-2017-9077 __](<https://access.redhat.com/security/cve/CVE-2017-9077>))\n\nnet: IPv6 DCCP implementation mishandles inheritance \nThe IPv6 DCCP implementation in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to [CVE-2017-8890 __](<https://access.redhat.com/security/cve/CVE-2017-8890>). An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. ([CVE-2017-9076 __](<https://access.redhat.com/security/cve/CVE-2017-9076>))\n\nnet: sctp_v6_create_accept_sk function mishandles inheritance: \nThe sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to [CVE-2017-8890 __](<https://access.redhat.com/security/cve/CVE-2017-8890>). An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.([CVE-2017-9075 __](<https://access.redhat.com/security/cve/CVE-2017-9075>))\n\nnet: IPv6 fragmentation implementation of nexthdr field may be associated with an invalid option: \nThe IPv6 fragmentation implementation in the Linux kernel does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. ([CVE-2017-9074 __](<https://access.redhat.com/security/cve/CVE-2017-9074>))\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n kernel-devel-4.9.32-15.41.amzn1.i686 \n kernel-debuginfo-4.9.32-15.41.amzn1.i686 \n kernel-tools-devel-4.9.32-15.41.amzn1.i686 \n kernel-debuginfo-common-i686-4.9.32-15.41.amzn1.i686 \n kernel-tools-4.9.32-15.41.amzn1.i686 \n kernel-4.9.32-15.41.amzn1.i686 \n kernel-tools-debuginfo-4.9.32-15.41.amzn1.i686 \n perf-4.9.32-15.41.amzn1.i686 \n perf-debuginfo-4.9.32-15.41.amzn1.i686 \n kernel-headers-4.9.32-15.41.amzn1.i686 \n \n noarch: \n kernel-doc-4.9.32-15.41.amzn1.noarch \n \n src: \n kernel-4.9.32-15.41.amzn1.src \n \n x86_64: \n kernel-tools-devel-4.9.32-15.41.amzn1.x86_64 \n kernel-tools-debuginfo-4.9.32-15.41.amzn1.x86_64 \n kernel-headers-4.9.32-15.41.amzn1.x86_64 \n kernel-debuginfo-common-x86_64-4.9.32-15.41.amzn1.x86_64 \n kernel-debuginfo-4.9.32-15.41.amzn1.x86_64 \n kernel-4.9.32-15.41.amzn1.x86_64 \n perf-debuginfo-4.9.32-15.41.amzn1.x86_64 \n kernel-devel-4.9.32-15.41.amzn1.x86_64 \n kernel-tools-4.9.32-15.41.amzn1.x86_64 \n perf-4.9.32-15.41.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2017-06-22T19:10:00", "published": "2017-06-22T19:10:00", "id": "ALAS-2017-846", "href": "https://alas.aws.amazon.com/ALAS-2017-846.html", "title": "Medium: kernel", "type": "amazon", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2017-06-08T20:14:12", "bulletinFamily": "unix", "cvelist": ["CVE-2017-9074", "CVE-2017-7645", "CVE-2017-9075", "CVE-2017-9150", "CVE-2017-7487", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-8890"], "description": "The openSUSE Leap 42.2 kernel was updated to 4.4.70 to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885).\n - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bnc#1040069).\n - CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bnc#1039883).\n - CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel\n did not consider that the nexthdr field may be associated with an\n invalid option, which allowed local users to cause a denial of service\n (out-of-bounds read and BUG) or possibly have unspecified other impact\n via crafted socket and send system calls (bnc#1039882).\n - CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the\n Linux kernel mishandled reference counts, which allowed local users to\n cause a denial of service (use-after-free) or possibly have unspecified\n other impact via a failed SIOCGIFADDR ioctl call for an IPX interface\n (bnc#1038879).\n - CVE-2017-8890: The inet_csk_clone_lock function in\n net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to\n cause a denial of service (double free) or possibly have unspecified\n other impact by leveraging use of the accept system call (bnc#1038544).\n - CVE-2017-9150: The do_check function in kernel/bpf/verifier.c in the\n Linux kernel did not make the allow_ptr_leaks value available for\n restricting the output of the print_bpf_insn function, which allowed\n local users to obtain sensitive address information via crafted bpf\n system calls (bnc#1040279).\n - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux\n kernel allowed remote attackers to cause a denial of service (system\n crash) via a long RPC reply, related to net/sunrpc/svc.c,\n fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. (bsc#1034670)\n\n The following non-security bugs were fixed:\n\n - 9p: fix a potential acl leak (4.4.68 stable queue).\n - acpi / APEI: Add missing synchronize_rcu() on NOTIFY_SCI removal\n (bsc#1031717).\n - acpi / scan: Drop support for force_remove (bnc#1029607).\n - ahci: disable correct irq for dummy ports (bsc#1040125).\n - alsa: hda - Fix deadlock of controller device lock at unbinding (4.4.68\n stable queue).\n - arm: 8452/3: PJ4: make coprocessor access sequences buildable in Thumb2\n mode (4.4.68 stable queue).\n - arm: OMAP5 / DRA7: Fix HYP mode boot for thumb2 build (4.4.68 stable\n queue).\n - asoc: rt5640: use msleep() for long delays (bsc#1031717).\n - asoc: sti: Fix error handling if of_clk_get() fails (bsc#1031717).\n - blacklist 61e8a0d5a027 powerpc/pci: Fix endian bug in fixed PHB\n numbering (bsc#989311)\n - block: get rid of blk_integrity_revalidate() (4.4.68 stable queue).\n - bna: avoid writing uninitialized data into hw registers (bsc#966321\n FATE#320156).\n - bnxt_en: allocate enough space for ->ntp_fltr_bmap (bsc#1020412\n FATE#321671).\n - bpf, arm64: fix jit branch offset related to ldimm64 (4.4.68 stable\n queue).\n - brcmfmac: Ensure pointer correctly set if skb data location changes\n (4.4.68 stable queue).\n - brcmfmac: Make skb header writable before use (4.4.68 stable queue).\n - brcmfmac: restore stopping netdev queue when bus clogs up (bsc#1031717).\n - btrfs: add a flags field to btrfs_fs_info (bsc#1012452).\n - btrfs: add ASSERT for block group's memory leak (bsc#1012452).\n - btrfs: add btrfs_trans_handle->fs_info pointer (bsc#1012452).\n - btrfs: add bytes_readonly to the spaceinfo at once (bsc#1012452).\n - btrfs: add check to sysfs handler of label (bsc#1012452).\n - btrfs: add dynamic debug support (bsc#1012452).\n - btrfs: add error handling for extent buffer in print tree (bsc#1012452).\n - btrfs: add missing bytes_readonly attribute file in sysfs (bsc#1012452).\n - btrfs: add missing check for writeback errors on fsync (bsc#1012452).\n - btrfs: add more validation checks for superblock (bsc#1012452).\n - btrfs: Add ratelimit to btrfs printing (bsc#1012452).\n - btrfs: add read-only check to sysfs handler of features (bsc#1012452).\n - btrfs: add semaphore to synchronize direct IO writes with fsync\n (bsc#1012452).\n - btrfs: add tracepoint for adding block groups (bsc#1012452).\n - btrfs: add tracepoints for flush events (bsc#1012452).\n - btrfs: add validadtion checks for chunk loading (bsc#1012452).\n - btrfs: add write protection to SET_FEATURES ioctl (bsc#1012452).\n - btrfs: allow balancing to dup with multi-device (bsc#1012452).\n - btrfs: always reserve metadata for delalloc extents (bsc#1012452).\n - btrfs: always use trans-&gt;block_rsv for orphans (bsc#1012452).\n - btrfs: avoid blocking open_ctree from cleaner_kthread (bsc#1012452).\n - btrfs: avoid deadlocks during reservations in btrfs_truncate_block\n (bsc#1012452).\n - btrfs: avoid overflowing f_bfree (bsc#1012452).\n - btrfs: btrfs_abort_transaction, drop root parameter (bsc#1012452).\n - btrfs: __btrfs_buffered_write: Pass valid file offset when releasing\n delalloc space (bsc#1012452).\n - btrfs: btrfs_check_super_valid: Allow 4096 as stripesize (bsc#1012452).\n - btrfs: btrfs_debug should consume fs_info when DEBUG is not defined\n (bsc#1012452).\n - btrfs: btrfs_relocate_chunk pass extent_root to btrfs_end_transaction\n (bsc#1012452).\n - btrfs: build fixup for qgroup_account_snapshot (bsc#1012452).\n - btrfs: change BUG_ON()'s to ASSERT()'s in backref_cache_cleanup()\n (bsc#1012452).\n - btrfs: change delayed reservation fallback behavior (bsc#1012452).\n - btrfs: change how we calculate the global block rsv (bsc#1012452).\n - btrfs: check btree node's nritems (bsc#1012452).\n - btrfs: check if extent buffer is aligned to sectorsize (bsc#1012452).\n - btrfs: check inconsistence between chunk and block group (bsc#1012452).\n - btrfs: clarify do_chunk_alloc()'s return value (bsc#1012452).\n - btrfs: clean the old superblocks before freeing the device (bsc#1012452).\n - btrfs: clean up and optimize __check_raid_min_device() (bsc#1012452).\n - btrfs: cleanup assigning next active device with a check (bsc#1012452).\n - btrfs: cleanup BUG_ON in merge_bio (bsc#1012452).\n - btrfs: Cleanup compress_file_range() (bsc#1012452).\n - btrfs: cleanup error handling in extent_write_cached_pages (bsc#1012452).\n - btrfs: clear uptodate flags of pages in sys_array eb (bsc#1012452).\n - btrfs: clone: use vmalloc only as fallback for nodesize bufer\n (bsc#1012452).\n - btrfs: convert nodesize macros to static inlines (bsc#1012452).\n - btrfs: convert printk(KERN_* to use pr_* calls (bsc#1012452).\n - btrfs: convert pr_* to btrfs_* where possible (bsc#1012452).\n - btrfs: convert send's verbose_printk to btrfs_debug (bsc#1012452).\n - btrfs: copy_to_sk drop unused root parameter (bsc#1012452).\n - btrfs: create a helper function to read the disk super (bsc#1012452).\n - btrfs: create example debugfs file only in debugging build (bsc#1012452).\n - btrfs: create helper btrfs_find_device_by_user_input() (bsc#1012452).\n - btrfs: create helper function __check_raid_min_devices() (bsc#1012452).\n - btrfs: detect corruption when non-root leaf has zero item (bsc#1012452).\n - btrfs: divide btrfs_update_reserved_bytes() into two functions\n (bsc#1012452).\n - btrfs: do not background blkdev_put() (bsc#1012452).\n - btrfs: do not bother kicking async if there's nothing to reclaim\n (bsc#1012452).\n - btrfs: do not BUG_ON() in btrfs_orphan_add (bsc#1012452).\n - btrfs: do not create empty block group if we have allocated data\n (bsc#1012452).\n - btrfs: do not decrease bytes_may_use when replaying extents\n (bsc#1012452).\n - btrfs: do not do nocow check unless we have to (bsc#1012452).\n - btrfs: do not do unnecessary delalloc flushes when relocating\n (bsc#1012452).\n - btrfs: do not force mounts to wait for cleaner_kthread to delete one or\n more subvolumes (bsc#1012452).\n - btrfs: do not wait for unrelated IO to finish before relocation\n (bsc#1012452).\n - btrfs: do not WARN() in btrfs_transaction_abort() for IO errors\n (bsc#1035866).\n - btrfs: end transaction if we abort when creating uuid root (bsc#1012452).\n - btrfs: enhance btrfs_find_device_by_user_input() to check device path\n (bsc#1012452).\n - btrfs: error out if generic_bin_search get invalid arguments\n (bsc#1012452).\n - btrfs: expand cow_file_range() to support in-band dedup and\n subpage-blocksize (bsc#1012452).\n - btrfs: extend btrfs_set_extent_delalloc and its friends to support\n in-band dedupe and subpage size patchset (bsc#1012452).\n - btrfs: fill relocation block rsv after allocation (bsc#1012452).\n - btrfs: fix an integer overflow check (bsc#1012452).\n - btrfs: fix a possible umount deadlock (bsc#1012452).\n - btrfs: fix btrfs_no_printk stub helper (bsc#1012452).\n - btrfs: Fix BUG_ON condition in scrub_setup_recheck_block() (bsc#1012452).\n - btrfs: fix BUG_ON in btrfs_mark_buffer_dirty (bsc#1012452).\n - btrfs: fix BUG_ON in btrfs_submit_compressed_write (bsc#1012452).\n - btrfs: fix callers of btrfs_block_rsv_migrate (bsc#1012452).\n - btrfs: fix check_direct_IO() for non-iovec iterators (bsc#1012452).\n - btrfs: fix check_shared for fiemap ioctl (bsc#1037177).\n - btrfs: fix crash when tracepoint arguments are freed by wq callbacks\n (bsc#1012452).\n - btrfs: fix data loss after truncate when using the no-holes feature\n (bsc#1036214).\n - btrfs: fix deadlock in delayed_ref_async_start (bsc#1012452).\n - btrfs: fix delalloc reservation amount tracepoint (bsc#1012452).\n - btrfs: fix disk_i_size update bug when fallocate() fails (bsc#1012452).\n - btrfs: fix divide error upon chunk's stripe_len (bsc#1012452).\n - btrfs: fix double free of fs root (bsc#1012452).\n - btrfs: fix eb memory leak due to readpage failure (bsc#1012452).\n - btrfs: fix em leak in find_first_block_group (bsc#1012452).\n - btrfs: fix emptiness check for dirtied extent buffers at check_leaf()\n (bsc#1012452).\n - btrfs: fix error handling in map_private_extent_buffer (bsc#1012452).\n - btrfs: fix error return code in btrfs_init_test_fs() (bsc#1012452).\n - btrfs: fix free space calculation in dump_space_info() (bsc#1012452).\n - btrfs: fix fsfreeze hang caused by delayed iputs deal (bsc#1012452).\n - btrfs: fix fspath error deallocation (bsc#1012452).\n - btrfs: fix int32 overflow in shrink_delalloc() (bsc#1012452).\n - btrfs: Fix integer overflow when calculating bytes_per_bitmap\n (bsc#1012452).\n - btrfs: fix invalid dereference in btrfs_retry_endio (bsc#1040395).\n - btrfs: fix lock dep warning, move scratch dev out of device_list_mutex\n and uuid_mutex (bsc#1012452).\n - btrfs: fix lock dep warning move scratch super outside of chunk_mutex\n (bsc#1012452).\n - btrfs: fix __MAX_CSUM_ITEMS (bsc#1012452).\n - btrfs: fix memory leak during RAID 5/6 device replacement (bsc#1012452).\n - btrfs: fix memory leak of block group cache (bsc#1012452).\n - btrfs: fix memory leak of reloc_root (bsc#1012452).\n - btrfs: fix mixed block count of available space (bsc#1012452).\n - btrfs: fix one bug that process may endlessly wait for ticket in\n wait_reserve_ticket() (bsc#1012452).\n - btrfs: fix panic in balance due to EIO (bsc#1012452).\n - btrfs: fix race between block group relocation and nocow writes\n (bsc#1012452).\n - btrfs: fix race between device replace and block group removal\n (bsc#1012452).\n - btrfs: fix race between device replace and chunk allocation\n (bsc#1012452).\n - btrfs: fix race between device replace and discard (bsc#1012452).\n - btrfs: fix race between device replace and read repair (bsc#1012452).\n - btrfs: fix race between fsync and direct IO writes for prealloc extents\n (bsc#1012452).\n - btrfs: fix race between readahead and device replace/removal\n (bsc#1012452).\n - btrfs: fix race setting block group back to RW mode during device\n replace (bsc#1012452).\n - btrfs: fix race setting block group readonly during device replace\n (bsc#1012452).\n - btrfs: fix read_node_slot to return errors (bsc#1012452).\n - btrfs: fix release reserved extents trace points (bsc#1012452).\n - btrfs: fix segmentation fault when doing dio read (bsc#1040425).\n - btrfs: Fix slab accounting flags (bsc#1012452).\n - btrfs: fix unexpected return value of fiemap (bsc#1012452).\n - btrfs: fix unprotected assignment of the left cursor for device replace\n (bsc#1012452).\n - btrfs: fix WARNING in btrfs_select_ref_head() (bsc#1012452).\n - btrfs: flush_space: treat return value of do_chunk_alloc properly\n (bsc#1012452).\n - btrfs: Force stripesize to the value of sectorsize (bsc#1012452).\n - btrfs: free sys_array eb as soon as possible (bsc#1012452).\n - btrfs: GFP_NOFS does not GFP_HIGHMEM (bsc#1012452).\n - btrfs: Handle uninitialised inode eviction (bsc#1012452).\n - btrfs: hide test-only member under ifdef (bsc#1012452).\n - btrfs: improve check_node to avoid reading corrupted nodes (bsc#1012452).\n - btrfs: introduce BTRFS_MAX_ITEM_SIZE (bsc#1012452).\n - btrfs: introduce device delete by devid (bsc#1012452).\n - btrfs: introduce raid-type to error-code table, for minimum device\n constraint (bsc#1012452).\n - btrfs: introduce ticketed enospc infrastructure (bsc#1012452).\n - btrfs: introduce tickets_id to determine whether asynchronous metadata\n reclaim work makes progress (bsc#1012452).\n - btrfs: ioctl: reorder exclusive op check in RM_DEV (bsc#1012452).\n - btrfs: kill BUG_ON in do_relocation (bsc#1012452).\n - btrfs: kill BUG_ON in run_delayed_tree_ref (bsc#1012452).\n - btrfs: kill BUG_ON()'s in btrfs_mark_extent_written (bsc#1012452).\n - btrfs: kill invalid ASSERT() in process_all_refs() (bsc#1012452).\n - btrfs: kill the start argument to read_extent_buffer_pages (bsc#1012452).\n - btrfs: kill unused writepage_io_hook callback (bsc#1012452).\n - btrfs: make find_workspace always succeed (bsc#1012452).\n - btrfs: make find_workspace warn if there are no workspaces (bsc#1012452).\n - btrfs: make mapping-&gt;writeback_index point to the last written page\n (bsc#1012452).\n - btrfs: make state preallocation more speculative in __set_extent_bit\n (bsc#1012452).\n - btrfs: make sure device is synced before return (bsc#1012452).\n - btrfs: make use of btrfs_find_device_by_user_input() (bsc#1012452).\n - btrfs: make use of btrfs_scratch_superblocks() in btrfs_rm_device()\n (bsc#1012452).\n - btrfs: memset to avoid stale content in btree leaf (bsc#1012452).\n - btrfs: memset to avoid stale content in btree node block (bsc#1012452).\n - btrfs: move error handling code together in ctree.h (bsc#1012452).\n - btrfs: optimize check for stale device (bsc#1012452).\n - btrfs: parent_start initialization cleanup (bsc#1012452).\n - btrfs: pass correct args to btrfs_async_run_delayed_refs() (bsc#1012452).\n - btrfs: pass number of devices to btrfs_check_raid_min_devices\n (bsc#1012452).\n - btrfs: pass the right error code to the btrfs_std_error (bsc#1012452).\n - btrfs: preallocate compression workspaces (bsc#1012452).\n - btrfs: Ratelimit "no csum found" info message (bsc#1012452).\n - btrfs: refactor btrfs_dev_replace_start for reuse (bsc#1012452).\n - btrfs: Refactor btrfs_lock_cluster() to kill compiler warning\n (bsc#1012452).\n - btrfs: remove BUG() in raid56 (bsc#1012452).\n - btrfs: remove BUG_ON in start_transaction (bsc#1012452).\n - btrfs: remove BUG_ON()'s in btrfs_map_block (bsc#1012452).\n - btrfs: remove build fixup for qgroup_account_snapshot (bsc#1012452).\n - btrfs: remove save_error_info() (bsc#1012452).\n - btrfs: remove unnecessary btrfs_mark_buffer_dirty in split_leaf\n (bsc#1012452).\n - btrfs: remove unused function btrfs_assert() (bsc#1012452).\n - btrfs: rename and document compression workspace members (bsc#1012452).\n - btrfs: rename btrfs_find_device_by_user_input (bsc#1012452).\n - btrfs: rename btrfs_std_error to btrfs_handle_fs_error (bsc#1012452).\n - btrfs: rename __check_raid_min_devices (bsc#1012452).\n - btrfs: rename flags for vol args v2 (bsc#1012452).\n - btrfs: reorg btrfs_close_one_device() (bsc#1012452).\n - btrfs: Replace -ENOENT by -ERANGE in btrfs_get_acl() (bsc#1012452).\n - btrfs: reuse existing variable in scrub_stripe, reduce stack usage\n (bsc#1012452).\n - btrfs: s_bdev is not null after missing replace (bsc#1012452).\n - btrfs: scrub: Set bbio to NULL before calling btrfs_map_block\n (bsc#1012452).\n - btrfs: send: silence an integer overflow warning (bsc#1012452).\n - btrfs: send: use temporary variable to store allocation size\n (bsc#1012452).\n - btrfs: send: use vmalloc only as fallback for clone_roots (bsc#1012452).\n - btrfs: send: use vmalloc only as fallback for clone_sources_tmp\n (bsc#1012452).\n - btrfs: send: use vmalloc only as fallback for read_buf (bsc#1012452).\n - btrfs: send: use vmalloc only as fallback for send_buf (bsc#1012452).\n - btrfs: Simplify conditions about compress while mapping btrfs flags to\n inode flags (bsc#1012452).\n - btrfs: sink gfp parameter to clear_extent_bits (bsc#1012452).\n - btrfs: sink gfp parameter to clear_extent_dirty (bsc#1012452).\n - btrfs: sink gfp parameter to clear_record_extent_bits (bsc#1012452).\n - btrfs: sink gfp parameter to convert_extent_bit (bsc#1012452).\n - btrfs: sink gfp parameter to set_extent_bits (bsc#1012452).\n - btrfs: sink gfp parameter to set_extent_defrag (bsc#1012452).\n - btrfs: sink gfp parameter to set_extent_delalloc (bsc#1012452).\n - btrfs: sink gfp parameter to set_extent_new (bsc#1012452).\n - btrfs: sink gfp parameter to set_record_extent_bits (bsc#1012452).\n - btrfs: skip commit transaction if we do not have enough pinned bytes\n (bsc#1037186).\n - btrfs: subpage-blocksize: Rate limit scrub error message (bsc#1012452).\n - btrfs: switch to common message helpers in open_ctree, adjust messages\n (bsc#1012452).\n - btrfs: sysfs: protect reading label by lock (bsc#1012452).\n - btrfs: trace pinned extents (bsc#1012452).\n - btrfs: track transid for delayed ref flushing (bsc#1012452).\n - btrfs: uapi/linux/btrfs.h migration, document subvol flags (bsc#1012452).\n - btrfs: uapi/linux/btrfs.h migration, move balance flags (bsc#1012452).\n - btrfs: uapi/linux/btrfs.h migration, move BTRFS_LABEL_SIZE (bsc#1012452).\n - btrfs: uapi/linux/btrfs.h migration, move feature flags (bsc#1012452).\n - btrfs: uapi/linux/btrfs.h migration, move struct\n btrfs_ioctl_defrag_range_args (bsc#1012452).\n - btrfs: uapi/linux/btrfs.h migration, qgroup limit flags (bsc#1012452).\n - btrfs: uapi/linux/btrfs_tree.h migration, item types and defines\n (bsc#1012452).\n - btrfs: uapi/linux/btrfs_tree.h, use __u8 and __u64 (bsc#1012452).\n - btrfs: unsplit printed strings (bsc#1012452).\n - btrfs: untangle gotos a bit in __clear_extent_bit (bsc#1012452).\n - btrfs: untangle gotos a bit in convert_extent_bit (bsc#1012452).\n - btrfs: untangle gotos a bit in __set_extent_bit (bsc#1012452).\n - btrfs: update btrfs_space_info's bytes_may_use timely (bsc#1012452).\n - btrfs: Use correct format specifier (bsc#1012452).\n - btrfs: use correct offset for reloc_inode in\n prealloc_file_extent_cluster() (bsc#1012452).\n - btrfs: use dynamic allocation for root item in create_subvol\n (bsc#1012452).\n - btrfs: use existing device constraints table btrfs_raid_array\n (bsc#1012452).\n - btrfs: use FLUSH_LIMIT for relocation in reserve_metadata_bytes\n (bsc#1012452).\n - btrfs: use fs_info directly (bsc#1012452).\n - btrfs: use new error message helper in qgroup_account_snapshot\n (bsc#1012452).\n - btrfs: use root when checking need_async_flush (bsc#1012452).\n - btrfs: use the correct struct for BTRFS_IOC_LOGICAL_INO (bsc#1012452).\n - btrfs: Use __u64 in exported linux/btrfs.h (bsc#1012452).\n - btrfs: warn_on for unaccounted spaces (bsc#1012452).\n - ceph: check i_nlink while converting a file handle to dentry\n (bsc#1039864).\n - ceph: Check that the new inode size is within limits in ceph_fallocate()\n (bsc#1037969).\n - ceph: Correctly return NXIO errors from ceph_llseek (git-fixes).\n - ceph: fix file open flags on ppc64 (bsc#1022266).\n - ceph: fix memory leak in __ceph_setxattr() (bsc#1036763).\n - cifs: backport prepath matching fix (bsc#799133).\n - clk: Make x86/ conditional on CONFIG_COMMON_CLK (4.4.68 stable queue).\n - cpupower: Fix turbo frequency reporting for pre-Sandy Bridge cores\n (4.4.68 stable queue).\n - crypto: algif_aead - Require setkey before accept(2) (bsc#1031717).\n - crypto: sha-mb - Fix load failure (bsc#1037384).\n - dell-laptop: Adds support for keyboard backlight timeout AC settings\n (bsc#1013561).\n - Disable CONFIG_POWER_SUPPLY_DEBUG in debug kernel (bsc#1031500).\n - dmaengine: dw: fix typo in Kconfig (bsc#1031717).\n - dm: fix dm_target_io leak if clone_bio() returns an error (bsc#1040125).\n - dm-mpath: fix race window in do_end_io() (bsc#1011044).\n - dm round robin: do not use this_cpu_ptr() without having preemption\n disabled (bsc#1040125).\n - dm verity fec: fix block calculation (bsc#1040125).\n - dm verity fec: fix bufio leaks (bsc#1040125).\n - dm verity fec: limit error correction recursion (bsc#1040125).\n - drivers: base: dma-mapping: Fix typo in dmam_alloc_non_coherent comments\n (bsc#1031717).\n - drivers/tty: 8250: only call fintek_8250_probe when doing port I/O\n (bsc#1031717).\n - drm/i915: Disable tv output on i9x5gm (bsc#1039700).\n - drm/i915: Do not touch NULL sg on i915_gem_object_get_pages_gtt() error\n (bsc#1031717).\n - drm/i915: Fix mismatched INIT power domain disabling during suspend\n (bsc#1031717).\n - drm/i915: Nuke debug messages from the pipe update critical section\n (bsc#1031717).\n - drm/i915: Program iboost settings for HDMI/DVI on SKL (bsc#1031717).\n - drm/i915: relax uncritical udelay_range() (bsc#1031717).\n - drm/i915: relax uncritical udelay_range() settings (bsc#1031717).\n - drm/i915: Use pagecache write to prepopulate shmemfs from pwrite-ioctl\n (bsc#1040463).\n - drm/ttm: fix use-after-free races in vm fault handling (4.4.68 stable\n queue).\n - e1000e: Do not return uninitialized stats (bug#1034635).\n - enic: set skb->hash type properly (bsc#922871 fate#318754).\n - f2fs: fix bad prefetchw of NULL page (bsc#1012829).\n - f2fs: sanity check segment count (4.4.68 stable queue).\n - fnic: Return 'DID_IMM_RETRY' if rport is not ready (bsc#1035920).\n - fs/block_dev: always invalidate cleancache in invalidate_bdev()\n (git-fixes).\n - fs: fix data invalidation in the cleancache during direct IO (git-fixes).\n - fs/xattr.c: zero out memory copied to userspace in getxattr (git-fixes).\n - ftrace: Make ftrace_location_range() global (FATE#322421).\n - ibmvnic: Add set_link_state routine for setting adapter link state\n (fate#322021, bsc#1031512).\n - ibmvnic: Allocate zero-filled memory for sub crqs (fate#322021,\n bsc#1031512).\n - ibmvnic: Check for driver reset first in ibmvnic_xmit (fate#322021,\n bsc#1038297).\n - ibmvnic: Cleanup failure path in ibmvnic_open (fate#322021, bsc#1031512).\n - ibmvnic: Clean up tx pools when closing (fate#322021, bsc#1038297).\n - ibmvnic: Continue skb processing after skb completion error\n (fate#322021, bsc#1038297).\n - ibmvnic: Correct crq and resource releasing (fate#322021, bsc#1031512).\n - ibmvnic: Create init and release routines for the bounce buffer\n (fate#322021, bsc#1031512).\n - ibmvnic: Create init and release routines for the rx pool (fate#322021,\n bsc#1031512).\n - ibmvnic: Create init and release routines for the tx pool (fate#322021,\n bsc#1031512).\n - ibmvnic: Create init/release routines for stats token (fate#322021,\n bsc#1031512).\n - ibmvnic: Delete napi's when releasing driver resources (fate#322021,\n bsc#1038297).\n - ibmvnic: Disable irq prior to close (fate#322021, bsc#1031512).\n - ibmvnic: Do not disable IRQ after scheduling tasklet (fate#322021,\n bsc#1031512).\n - ibmvnic: Fix ibmvnic_change_mac_addr struct format (fate#322021,\n bsc#1031512).\n - ibmvnic: fix missing unlock on error in __ibmvnic_reset() (fate#322021,\n bsc#1038297, Fixes: ed651a10875f).\n - ibmvnic: Fixup atomic API usage (fate#322021, bsc#1031512).\n - ibmvnic: Free skb's in cases of failure in transmit (fate#322021,\n bsc#1031512).\n - ibmvnic: Insert header on VLAN tagged received frame (fate#322021,\n bsc#1031512).\n - ibmvnic: Merge the two release_sub_crq_queue routines (fate#322021,\n bsc#1031512).\n - ibmvnic: Move initialization of sub crqs to ibmvnic_init (fate#322021,\n bsc#1031512).\n - ibmvnic: Move initialization of the stats token to ibmvnic_open\n (fate#322021, bsc#1031512).\n - ibmvnic: Move queue restarting in ibmvnic_tx_complete (fate#322021,\n bsc#1038297).\n - ibmvnic: Move resource initialization to its own routine (fate#322021,\n bsc#1038297).\n - ibmvnic: Only retrieve error info if present (fate#322021, bsc#1031512).\n - ibmvnic: Record SKB RX queue during poll (fate#322021, bsc#1038297).\n - ibmvnic: Remove debugfs support (fate#322021, bsc#1031512).\n - ibmvnic: Remove inflight list (fate#322021, bsc#1031512).\n - ibmvnic: Remove unused bouce buffer (fate#322021, bsc#1031512).\n - ibmvnic: Replace is_closed with state field (fate#322021, bsc#1038297).\n - ibmvnic: Report errors when failing to release sub-crqs (fate#322021,\n bsc#1031512).\n - ibmvnic: Set real number of rx queues (fate#322021, bsc#1031512).\n - ibmvnic: Split initialization of scrqs to its own routine (fate#322021,\n bsc#1031512).\n - ibmvnic: Unmap longer term buffer before free (fate#322021, bsc#1031512).\n - ibmvnic: Updated reset handling (fate#322021, bsc#1038297).\n - ibmvnic: Update main crq initialization and release (fate#322021,\n bsc#1031512).\n - ibmvnic: Validate napi exist before disabling them (fate#322021,\n bsc#1031512).\n - ibmvnic: Wait for any pending scrqs entries at driver close\n (fate#322021, bsc#1038297).\n - ibmvnic: Whitespace correction in release_rx_pools (fate#322021,\n bsc#1038297).\n - iio: hid-sensor: Store restore poll and hysteresis on S3 (bsc#1031717).\n - iio: Workaround for kABI breakage by 4.4.67 iio hid-sensor changes\n (stable-4.4.67).\n - infiniband: avoid dereferencing uninitialized dst on error path\n (git-fixes).\n - iommu/arm-smmu: Disable stalling faults for all endpoints (bsc#1038843).\n - iommu/dma: Respect IOMMU aperture when allocating (bsc#1038842).\n - iommu/exynos: Block SYSMMU while invalidating FLPD cache (bsc#1038848).\n - iommu: Handle default domain attach failure (bsc#1038846).\n - iommu/vt-d: Do not over-free page table directories (bsc#1038847).\n - ipv4, ipv6: ensure raw socket message is big enough to hold an IP header\n (4.4.68 stable queue).\n - ipv6: initialize route null entry in addrconf_init() (4.4.68 stable\n queue).\n - ipv6: reorder ip6_route_dev_notifier after ipv6_dev_notf (4.4.68 stable\n queue).\n - isa: Call isa_bus_init before dependent ISA bus drivers register\n (bsc#1031717).\n - iw_cxgb4: Guard against null cm_id in dump_ep/qp (bsc#1026570).\n - KABI: Hide new include in arch/powerpc/kernel/process.c (fate#322421).\n - kABI: move and hide new cxgbi device owner field (bsc#1018885).\n - kABI: protect cgroup include in kernel/kthread (kabi).\n - kABI: protect struct mnt_namespace (kabi).\n - kABI: protect struct snd_fw_async_midi_port (kabi).\n - kprobes/x86: Fix kernel panic when certain exception-handling addresses\n are probed (4.4.68 stable queue).\n - kvm: better MWAIT emulation for guests (bsc#1031142).\n - kvm: nVMX: do not leak PML full vmexit to L1 (4.4.68 stable queue).\n - kvm: nVMX: initialize PML fields in vmcs02 (4.4.68 stable queue).\n - leds: ktd2692: avoid harmless maybe-uninitialized warning (4.4.68 stable\n queue).\n - libata-scsi: Fixup ata_gen_passthru_sense() (bsc#1040125).\n - lib/mpi: mpi_read_raw_data(): fix nbits calculation (bsc#1003581).\n - lib/mpi: mpi_read_raw_data(): purge redundant clearing of nbits\n (bsc#1003581).\n - lib/mpi: mpi_read_raw_from_sgl(): do not include leading zero SGEs in\n nbytes (bsc#1003581).\n - lib/mpi: mpi_read_raw_from_sgl(): fix nbits calculation (bsc#1003581).\n - lib/mpi: mpi_read_raw_from_sgl(): fix out-of-bounds buffer access\n (bsc#1003581).\n - lib/mpi: mpi_read_raw_from_sgl(): purge redundant clearing of nbits\n (bsc#1003581).\n - lib/mpi: mpi_read_raw_from_sgl(): replace len argument by nbytes\n (bsc#1003581).\n - lib/mpi: mpi_read_raw_from_sgl(): sanitize meaning of indices\n (bsc#1003581).\n - libnvdimm, pfn: fix 'npfns' vs section alignment (bsc#1040125).\n - livepatch: Allow architectures to specify an alternate ftrace location\n (FATE#322421).\n - locking/ww_mutex: Fix compilation of __WW_MUTEX_INITIALIZER\n (bsc#1031717).\n - lpfc: remove incorrect lockdep assertion (bsc#1040125).\n - md.c:didn't unlock the mddev before return EINVAL in array_size_store\n (bsc#1038143).\n - md-cluster: fix potential lock issue in add_new_disk (bsc#1041087).\n - md: MD_CLOSING needs to be cleared after called md_set_readonly or\n do_md_stop (bsc#1038142).\n - md/raid1: avoid reusing a resync bio after error handling (Fate#311379).\n - media: am437x-vpfe: fix an uninitialized variable bug (bsc#1031717).\n - media: b2c2: use IS_REACHABLE() instead of open-coding it (bsc#1031717).\n - media: c8sectpfe: Rework firmware loading mechanism (bsc#1031717).\n - media: cx231xx-audio: fix NULL-deref at probe (bsc#1031717).\n - media: cx231xx-cards: fix NULL-deref at probe (bsc#1031717).\n - media: cx23885: uninitialized variable in cx23885_av_work_handler()\n (bsc#1031717).\n - media: DaVinci-VPBE: Check return value of a setup_if_config() call in\n vpbe_set_output() (bsc#1031717).\n - media: DaVinci-VPFE-Capture: fix error handling (bsc#1031717).\n - media: dib0700: fix NULL-deref at probe (bsc#1031717).\n - media: dvb-usb: avoid link error with dib3000m{b,c| (bsc#1031717).\n - media: exynos4-is: fix a format string bug (bsc#1031717).\n - media: gspca: konica: add missing endpoint sanity check (bsc#1031717).\n - media: lirc_imon: do not leave imon_probe() with mutex held\n (bsc#1031717).\n - media: pvrusb2: reduce stack usage pvr2_eeprom_analyze() (bsc#1031717).\n - media: rc: allow rc modules to be loaded if rc-main is not a module\n (bsc#1031717).\n - media: s5p-mfc: Fix unbalanced call to clock management (bsc#1031717).\n - media: sh-vou: clarify videobuf2 dependency (bsc#1031717).\n - media: staging: media: davinci_vpfe: unlock on error in vpfe_reqbufs()\n (bsc#1031717).\n - media: usbvision: fix NULL-deref at probe (bsc#1031717).\n - media: uvcvideo: Fix empty packet statistic (bsc#1031717).\n - mips: R2-on-R6 MULTU/MADDU/MSUBU emulation bugfix (4.4.68 stable queue).\n - mmc: debugfs: correct wrong voltage value (bsc#1031717).\n - mm,compaction: serialize waitqueue_active() checks (bsc#971975).\n - mmc: sdhci-pxav3: fix higher speed mode capabilities (bsc#1031717).\n - mmc: sdhci: restore behavior when setting VDD via external regulator\n (bsc#1031717).\n - mm: fix <linux/pagemap.h> stray kernel-doc notation (bnc#971975 VM --\n git fixes).\n - mwifiex: Avoid skipping WEP key deletion for AP (4.4.68 stable queue).\n - mwifiex: debugfs: Fix (sometimes) off-by-1 SSID print (4.4.68 stable\n queue).\n - mwifiex: pcie: fix cmd_buf use-after-free in remove/reset (bsc#1031717).\n - mwifiex: Removed unused 'pkt_type' variable (bsc#1031717).\n - mwifiex: remove redundant dma padding in AMSDU (4.4.68 stable queue).\n - mwifiex: Remove unused 'bcd_usb' variable (bsc#1031717).\n - mwifiex: Remove unused 'chan_num' variable (bsc#1031717).\n - mwifiex: Remove unused 'pm_flag' variable (bsc#1031717).\n - mwifiex: Remove unused 'sta_ptr' variable (bsc#1031717).\n - nfsd4: minor NFSv2/v3 write decoding cleanup (bsc#1034670).\n - nfsd: check for oversized NFSv2/v3 arguments (bsc#1034670).\n - nfsd: stricter decoding of write-like NFSv2/v3 ops (bsc#1034670).\n - nfs: Fix inode corruption in nfs_prime_dcache() (git-fixes).\n - nfs: Fix missing pg_cleanup after nfs_pageio_cond_complete() (git-fixes).\n - nfs: Use GFP_NOIO for two allocations in writeback (git-fixes).\n - nfsv4.1: Fix Oopsable condition in server callback races (git-fixes).\n - ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock\n (bsc#1004003).\n - ocfs2: fix deadlock issue when taking inode lock at vfs entry points\n (bsc#1004003).\n - pci: pciehp: Prioritize data-link event over presence detect\n (bsc#1031040,bsc#1037483).\n - pci: Reverse standard ACS vs device-specific ACS enabling (bsc#1030057).\n - pci: Work around Intel Sunrise Point PCH incorrect ACS capability\n (bsc#1030057).\n - perf/x86/intel/uncore: Remove SBOX support for Broadwell server\n (bsc#1035887).\n - phy: qcom-usb-hs: Add depends on EXTCON (4.4.68 stable queue).\n - pid_ns: Sleep in TASK_INTERRUPTIBLE in zap_pid_ns_processes\n (bnc#1012985).\n - PKCS#7: fix missing break on OID_sha224 case (bsc#1031717).\n - platform/x86: fujitsu-laptop: use brightness_set_blocking for\n LED-setting callbacks (bsc#1031717).\n - PM / wakeirq: Enable dedicated wakeirq for suspend (bsc#1031717).\n - PM / wakeirq: Fix spurious wake-up events for dedicated wakeirqs\n (bsc#1031717).\n - PM / wakeirq: report a wakeup_event on dedicated wekup irq (bsc#1031717).\n - power: bq27xxx: fix register numbers of bq27500 (bsc#1031717).\n - powerpc: Create a helper for getting the kernel toc value (FATE#322421).\n - powerpc/ftrace: Add Kconfig & Make glue for mprofile-kernel\n (FATE#322421).\n - powerpc/ftrace: Add support for -mprofile-kernel ftrace ABI\n (FATE#322421).\n - powerpc/ftrace: Use $(CC_FLAGS_FTRACE) when disabling ftrace\n (FATE#322421).\n - powerpc/ftrace: Use generic ftrace_modify_all_code() (FATE#322421).\n - powerpc: introduce TIF_KGR_IN_PROGRESS thread flag (FATE#322421).\n - powerpc/livepatch: Add livepatch header (FATE#322421).\n - powerpc/livepatch: Add live patching support on ppc64le (FATE#322421).\n - powerpc/livepatch: Add livepatch stack to struct thread_info\n (FATE#322421).\n - powerpc/module: Create a special stub for ftrace_caller() (FATE#322421).\n - powerpc/module: Mark module stubs with a magic value (FATE#322421).\n - powerpc/module: Only try to generate the ftrace_caller() stub once\n (FATE#322421).\n - powerpc/modules: Never restore r2 for a mprofile-kernel style mcount()\n call (FATE#322421).\n - powerpc/powernv: Fix opal_exit tracepoint opcode (4.4.68 stable queue).\n - power: supply: bq24190_charger: Call power_supply_changed() for relevant\n component (4.4.68 stable queue).\n - power: supply: bq24190_charger: Call set_mode_host() on pm_resume()\n (4.4.68 stable queue).\n - power: supply: bq24190_charger: Do not read fault register outside\n irq_handle_thread() (4.4.68 stable queue).\n - power: supply: bq24190_charger: Fix irq trigger to IRQF_TRIGGER_FALLING\n (4.4.68 stable queue).\n - power: supply: bq24190_charger: Handle fault before status on interrupt\n (4.4.68 stable queue).\n - power: supply: bq24190_charger: Install irq_handler_thread() at end of\n probe() (4.4.68 stable queue).\n - ppc64le: Update ppc64le config files to use KGRAFT.\n - printk: Switch to the sync mode when an emergency message is printed\n (bsc#1034995).\n - RDMA/iw_cxgb4: Add missing error codes for act open cmd (bsc#1026570).\n - RDMA/iw_cxgb4: Low resource fixes for Completion queue (bsc#1026570).\n - RDMA/iw_cxgb4: only read markers_enabled mod param once (bsc#1026570).\n - regulator: isl9305: fix array size (bsc#1031717).\n - Revert "acpi, nfit, libnvdimm: fix interleave set cookie calculation\n (64-bit comparison)" (kabi).\n - Revert "KVM: nested VMX: disable perf cpuid reporting" (4.4.68 stable\n queue).\n - Revert "l2tp: take reference on sessions being dumped" (kabi).\n - Revert "mac80211: pass block ack session timeout to to driver" (kabi).\n - Revert "mac80211: RX BA support for sta max_rx_aggregation_subframes"\n (kabi).\n - Revert "wlcore: Add RX_BA_WIN_SIZE_CHANGE_EVENT event" (kabi).\n - rpm/SLES-UEFI-SIGN-Certificate-2048.crt: Update the certificate\n (bsc#1035922)\n - rtnetlink: NUL-terminate IFLA_PHYS_PORT_NAME string (4.4.68 stable\n queue).\n - s390/dasd: check if query host access feature is supported (bsc#1037871).\n - scsi: be2iscsi: Add FUNCTION_RESET during driver unload (bsc#1038458).\n - scsi: be2iscsi: Add IOCTL to check UER supported (bsc#1038458).\n - scsi: be2iscsi: Add TPE recovery feature (bsc#1038458).\n - scsi: be2iscsi: Add V1 of EPFW cleanup IOCTL (bsc#1038458).\n - scsi: be2iscsi: allocate enough memory in beiscsi_boot_get_sinfo()\n (bsc#1038458).\n - scsi: be2iscsi: Check all zeroes IP before issuing IOCTL (bsc#1038458).\n - scsi: be2iscsi: Fail the sessions immediately after TPE (bsc#1038458).\n - scsi: be2iscsi: Fix async PDU handling path (bsc#1038458).\n - scsi: be2iscsi: Fix bad WRB index error (bsc#1038458).\n - scsi: be2iscsi: Fix checks for HBA in error state (bsc#1038458).\n - scsi: be2iscsi: Fix gateway APIs to support IPv4 & IPv6 (bsc#1038458).\n - scsi: be2iscsi: Fix POST check and reset sequence (bsc#1038458).\n - scsi: be2iscsi: Fix queue and connection parameters (bsc#1038458).\n - scsi: be2iscsi: Fix release of DHCP IP in static mode (bsc#1038458).\n - scsi: be2iscsi: Fix to add timer for UE detection (bsc#1038458).\n - scsi: be2iscsi: Fix to make boot discovery non-blocking (bsc#1038458).\n - scsi: be2iscsi: Fix to use correct configuration values (bsc#1038458).\n - scsi: be2iscsi: Handle only NET_PARAM in iface_get_param (bsc#1038458).\n - scsi: be2iscsi: Move functions to right files (bsc#1038458).\n - scsi: be2iscsi: Move VLAN code to common iface_set_param (bsc#1038458).\n - scsi: be2iscsi: Reduce driver load/unload time (bsc#1038458).\n - scsi: be2iscsi: Remove alloc_mcc_tag & beiscsi_pci_soft_reset\n (bsc#1038458).\n - scsi: be2iscsi: Remove isr_lock and dead code (bsc#1038458).\n - scsi: be2iscsi: Rename iface get/set/create/destroy APIs (bsc#1038458).\n - scsi: be2iscsi: Replace _bh version for mcc_lock spinlock (bsc#1038458).\n - scsi: be2iscsi: Set and return right iface v4/v6 states (bsc#1038458).\n - scsi: be2iscsi: Update copyright information (bsc#1038458).\n - scsi: be2iscsi: Update iface handle before any set param (bsc#1038458).\n - scsi: be2iscsi: Update the driver version (bsc#1038458).\n - scsi: cxgb4i: libcxgbi: add missing module_put() (bsc#1018885).\n - scsi: cxlflash: Remove the device cleanly in the system shutdown path\n (bsc#1028310, fate#321597, bsc#1034762). cherry-pick from SP3\n - scsi_dh_alua: do not call BUG_ON when updating port group (bsc#1028340).\n - scsi_dh_alua: Do not retry for unmapped device (bsc#1012910).\n - scsi: fnic: Correcting rport check location in fnic_queuecommand_lck\n (bsc#1035920).\n - scsi: mac_scsi: Fix MAC_SCSI=m option when SCSI=m (4.4.68 stable queue).\n - scsi: scsi_dh_alua: Check scsi_device_get() return value (bsc#1040125).\n - scsi: scsi_dh_emc: return success in clariion_std_inquiry() (4.4.68\n stable queue).\n - serial: 8250_omap: Fix probe and remove for PM runtime (4.4.68 stable\n queue).\n - staging: emxx_udc: remove incorrect __init annotations (4.4.68 stable\n queue).\n - staging: rtl8188eu: prevent an underflow in rtw_check_beacon_data()\n (bsc#1031717).\n - staging: wlan-ng: add missing byte order conversion (4.4.68 stable\n queue).\n - sunrpc: Allow xprt->ops->timer method to sleep (git-fixes).\n - sunrpc: fix UDP memory accounting (git-fixes).\n - tcp: do not inherit fastopen_req from parent (4.4.68 stable queue).\n - tcp: do not underestimate skb->truesize in tcp_trim_head() (4.4.68\n stable queue).\n - tcp: fix wraparound issue in tcp_lp (4.4.68 stable queue).\n - tracing/kprobes: Enforce kprobes teardown after testing (bnc#1012985).\n - usb: chipidea: Handle extcon events properly (4.4.68 stable queue).\n - usb: chipidea: Only read/write OTGSC from one place (4.4.68 stable\n queue).\n - usb: host: ehci-exynos: Decrese node refcount on exynos_ehci_get_phy()\n error paths (4.4.68 stable queue).\n - usb: host: ohci-exynos: Decrese node refcount on exynos_ehci_get_phy()\n error paths (4.4.68 stable queue).\n - usb: musb: ux500: Fix NULL pointer dereference at system PM\n (bsc#1038033).\n - usb: serial: ark3116: fix open error handling (bnc#1038043).\n - usb: serial: ch341: add register and USB request definitions\n (bnc#1038043).\n - usb: serial: ch341: add support for parity, frame length, stop bits\n (bnc#1038043).\n - usb: serial: ch341: fix baud rate and line-control handling\n (bnc#1038043).\n - usb: serial: ch341: fix line settings after reset-resume (bnc#1038043).\n - usb: serial: ch341: fix modem-status handling (bnc#1038043).\n - usb: serial: ch341: reinitialize chip on reconfiguration (bnc#1038043).\n - usb: serial: digi_acceleport: fix incomplete rx sanity check (4.4.68\n stable queue).\n - usb: serial: fix compare_const_fl.cocci warnings (bnc#1038043).\n - usb: serial: ftdi_sio: fix latency-timer error handling (4.4.68 stable\n queue).\n - usb: serial: io_edgeport: fix descriptor error handling (4.4.68 stable\n queue).\n - usb: serial: io_edgeport: fix epic-descriptor handling (bnc#1038043).\n - usb: serial: keyspan_pda: fix receive sanity checks (4.4.68 stable\n queue).\n - usb: serial: mct_u232: fix modem-status error handling (4.4.68 stable\n queue).\n - usb: serial: quatech2: fix control-message error handling (bnc#1038043).\n - usb: serial: sierra: fix bogus alternate-setting assumption\n (bnc#1038043).\n - usb: serial: ssu100: fix control-message error handling (bnc#1038043).\n - usb: serial: ti_usb_3410_5052: fix control-message error handling\n (4.4.68 stable queue).\n - Use make --output-sync feature when available (bsc#1012422). The mesages\n in make output can interleave making it impossible to extract warnings\n reliably. Since version 4 GNU Make supports --output-sync flag that\n prints output of each sub-command atomically preventing this issue.\n Detect the flag and use it if available.\n - Use up spare in struct module for livepatch (FATE#322421).\n - vsock: Detach QP check should filter out non matching QPs (bsc#1036752).\n - x86/ioapic: Restore IO-APIC irq_chip retrigger callback (4.4.68 stable\n queue).\n - x86/pci-calgary: Fix iommu_free() comparison of unsigned expression >= 0\n (4.4.68 stable queue).\n - x86/platform/intel-mid: Correct MSI IRQ line for watchdog device (4.4.68\n stable queue).\n - x86/platform/uv/BAU: Add generic function pointers (bsc#1035024).\n - x86/platform/uv/BAU: Add payload descriptor qualifier (bsc#1035024).\n - x86/platform/uv/BAU: Add status mmr location fields to bau_control\n (bsc#1035024).\n - x86/platform/uv/BAU: Add UV4-specific functions (bsc#1035024).\n - x86/platform/uv/BAU: Add uv_bau_version enumerated constants\n (bsc#1035024).\n - x86/platform/uv/BAU: Add wait_completion to bau_operations (bsc#1035024).\n - x86/platform/uv/BAU: Clean up and update printks (bsc#1035024).\n - x86/platform/uv/BAU: Cleanup bau_operations declaration and instances\n (bsc#1035024).\n - x86/platform/uv/BAU: Clean up pq_init() (bsc#1035024).\n - x86/platform/uv/BAU: Clean up vertical alignment (bsc#1035024).\n - x86/platform/uv/BAU: Convert uv_physnodeaddr() use to uv_gpa_to_offset()\n (bsc#1035024).\n - x86/platform/uv/BAU: Disable software timeout on UV4 hardware\n (bsc#1035024).\n - x86/platform/uv/BAU: Fix HUB errors by remove initial write to sw-ack\n register (bsc#1035024).\n - x86/platform/uv/BAU: Fix payload queue setup on UV4 hardware\n (bsc#1035024).\n - x86/platform/uv/BAU: Implement uv4_wait_completion with read_status\n (bsc#1035024).\n - x86/platform/uv/BAU: Populate ->uvhub_version with UV4 version\n information (bsc#1035024).\n - x86/platform/uv/BAU: Use generic function pointers (bsc#1035024).\n - xen: adjust early dom0 p2m handling to xen hypervisor behavior\n (bnc#1031470).\n - xfs: do not assert fail on non-async buffers on ioacct decrement\n (bsc#1041160).\n - xfs: fix eofblocks race with file extending async dio writes\n (bsc#1040929).\n - xfs: Fix missed holes in SEEK_HOLE implementation (bsc#1041168).\n - xfs: fix off-by-one on max nr_pages in xfs_find_get_desired_pgoff()\n (bsc#1041168).\n - xfs: in _attrlist_by_handle, copy the cursor back to userspace\n (bsc#1041242).\n - xfs: only return -errno or success from attr ->put_listent (bsc#1041242).\n - xfs: Split default quota limits by quota type (bsc#1040941).\n - xfs: use ->b_state to fix buffer I/O accounting release race\n (bsc#1041160).\n\n", "edition": 1, "modified": "2017-06-08T18:13:15", "published": "2017-06-08T18:13:15", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-06/msg00006.html", "id": "OPENSUSE-SU-2017:1513-1", "title": "Security update for the Linux Kernel (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "android": [{"lastseen": "2020-06-22T14:42:09", "bulletinFamily": "software", "cvelist": ["CVE-2017-8890"], "description": "The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.", "edition": 1, "modified": "2019-07-26T00:00:00", "published": "2017-09-01T00:00:00", "id": "ANDROID:CVE-2017-8890", "href": "http://www.androidvulnerabilities.org/vulnerabilities/CVE-2017-8890.html", "title": "CVE-2017-8890", "type": "android", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "myhack58": [{"lastseen": "2017-06-16T22:31:00", "bulletinFamily": "info", "cvelist": ["CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-8890"], "edition": 1, "description": "! [](/Article/UploadPic/2017-6/2017617379281. png? www. myhack58. com) \nEarly last month, qimingxing e ADLab presented four exist in the Linux kernel of the remote vulnerability, and the name\u201cPhoenix Talon\u201d; wherein a vulnerability is a serious(Critical)level, the other three as high-risk(High). Yesterday ADLab published in which serious(Critical)vulnerabilities relevant details. The four vulnerabilities affect the range includes all the Linux kernel 2.5.69 ~ Linux kernel 4.11 kernel version. \nAccording to Morning Star Chen introduction, the vulnerability can lead to remote DOS in compliance with certain Use Conditions can lead to remote code execution, comprising the transport layer of the TCP, DCCP, SCTP, and network layer IPv4 and IPv6 protocols are affected. \nVulnerability number \nCVE-2017-8890 \nCVE-2017-9075 \nCVE-2017-9076 \nCVE-2017-9077 \nVulnerability level \nCVE-2017-8890: serious(Critical) \nCVE-2017-9075: high-risk(High) \nCVE-2017-9076: high-risk(High) \nCVE-2017-9077: high-risk(High) \nNote: refer to the CVSS 3.0 standard \nVulnerability description \nCVE-2017-8890 \nFrom 4. 10. 15 version start the Linux kernel net/ipv4/inet_connection_sock. c inet_csk_clone_lock function could allow an attacker to launch a DoS(double free)attacks, or the use of the accept()system call caused by other effects. \nThe vulnerability four vulnerabilities, the most serious, is essentially a double free problem, using the setsockopt()function in the MCAST_JOIN_GROUP option, and call the accept()function to trigger the vulnerability. \nCVE-2017-9075 \n4.11.1 version of the Linux kernel net/sctp/ipv6. c in sctp_v6_create_accept_sk function of the inheritance of improper handling, the local user can launch a DoS attack, or through a special system call to cause the other impact of this vulnerability with CVE-2017-8890-related. \nCVE-2017-9076 \nLinux version 4. 11. 1 After the system net/dccp/ipv6. c file in the dccp_v6_request_recv_sock function of the inheritance of improper handling, the local user can launch a DoS attack, or through a special system call to cause the other impact of this vulnerability with CVE-2017-8890-related. \nCVE-2017-9077 \nLinux version 4. 11. 1 After the system net/dccp/ipv6. c file in the tcp_v6_syn_recv_sock function of the inheritance of improper handling, the local user can launch a DoS attack, or through a special system call to cause the other impact of this vulnerability with CVE-2017-8890-related. \nSolution \nQimingxing e ADLab will exploit feedback to the Linux kernel community, Linux community in the Linux 4.12-rc1 merge the fix the issue the patch. \nOr the user can use the Grsecurity/PaX kernel reinforcement. \n\n", "modified": "2017-06-17T00:00:00", "published": "2017-06-17T00:00:00", "href": "http://www.myhack58.com/Article/html/3/62/2017/87113.htm", "id": "MYHACK58:62201787113", "title": "Lurking for over 11 years, the Linux kernel vulnerability\u201dPhoenix Talon\u201dexposure-vulnerability warning-the black bar safety net", "type": "myhack58", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-06-16T22:31:03", "bulletinFamily": "info", "cvelist": ["CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-8890"], "edition": 1, "description": "! [](/Article/UploadPic/2017-6/201761725251949. png? www. myhack58. com) \nAbout \u201cPhoenix Talon\u201d \n2017 5 November 9, qimingxing e ADLab found that the Linux kernel there is a remote vulnerability\u201cPhoenix Talon\u201dthe Phoenix claw fourth toe of Italy, and relates to CVE-2017-8890, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, can affect almost all Linux kernel 2.5.69 ~Linux kernel 4.11 kernel version, corresponding to the release version as well as the relevant domestic system. Can lead to a remote DOS, and in compliance with certain Use Conditions can lead to the RCE, including the transport layer of the TCP, DCCP, SCTP, and network layer IPv4 and IPv6 protocols are affected. In fact, the vulnerability in the Linux 4.11-rc8 version has been qimingxing e ADLab discovered, and later of the Linux 4.11 stable version also have this problem. The study of these vulnerabilities in the Linux kernel at least has been lurking for 11 years, the impact is extremely far-reaching. \nQimingxing e ADLab has been the first time the\u201cPhoenix Talon\u201dvulnerability feedback to the Linux kernel community, the vulnerabilities reported after the Linux community in the Linux 4.12-rc1 merge the fix the issue the patch. \nThese vulnerabilities to CVE-2017-8890 is the most serious to the Linux kernel vulnerability two scoring history the highest score, the CVSS V2 score achieved out of 10. 0, the CVSS V3 scoring history the highest score of 9. 8, The NVD on the search history involves Linux kernel vulnerabilities this rate the vulnerability of not more than 20, the following analysis to the vulnerability, for example, a reference to the official DESCRIPTION is as follows: \n\u201cThe inet_csk_clone_lock function in net/ipv4/inet_connection_sock. c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging the use of the accept system call.\u201d \nThe Vulnerability \nCVE-2017-8890 itself is a double free problem, using the setsockopt()function in the MCAST_JOIN_GROUP option, and call the accept()function to trigger the vulnerability. \nThen first take a look at a couple of multicast-related data structures: \n! [](/Article/UploadPic/2017-6/201761725251355. png? www. myhack58. com) \nThe structure of the two members are respectively used to specify the multicast group IP address and have to join a group of local interface IP address. \nip_setsockopt()to achieve this function, by calling the ip_mc_join_group()the socket is added to the multicast group. \n! [](/Article/UploadPic/2017-6/201761725251898. png? www. myhack58. com) \nWhere sk.__ sk_common. skc_rcv_saddr for multicast, receive only the address is sent to the multicast data, the unicast is concerned, only from the address represented the network card receiving data; mc_ttl for the multicast ttl; the mc_loop represents the multicast are sent to the loop; mc_index indicates multicast use the local device interface index; mc_addr represents a multicast source address; mc_list is a multicast list. \n! [](/Article/UploadPic/2017-6/201761725251956. png? www. myhack58. com) \nnext_rcu points to the list of next nodes; multi indicates that the group information, i.e. in which one on the local interface, joined to which multicast group; sfmode is the filtering mode, the value of the MCAST_INCLUDE or MCAST_EXCLUDE, respectively, to receive only the sflist those listed the source of the multicast data packet and does not receive sflist those listed the source of multicast datagram; sflist is the source list. \nThe following are from the vulnerability of memory assigned to the key code and the second release of the key code analysis. \n1, The Allocate \n! [](/Article/UploadPic/2017-6/201761725251411. png? www. myhack58. com) \n! [](/Article/UploadPic/2017-6/201761725251181. png? www. myhack58. com) \nEntering the kernel calls SyS_setsockopt()function, the level set is not SOL_SOCKET, General settings for the SOL_IP, in 1798 at line is called. Immediately call sock_common_setsockopt()function. \nnet/ipv4/ip_sockglue. c \n! [](/Article/UploadPic/2017-6/201761725251262. png? www. myhack58. com) \nThen enter the ip_setsockopt()function, call the do_ip_setsockopt()function 1264 lines of code. \nnet/ipv4/ip_sockglue. c \n! [](/Article/UploadPic/2017-6/201761725251214. png? www. myhack58. com) \nCode 1019 to 1021 call copy_from_user()to the user state data is copied to the kernel state. Before you have the option set to MCAST_JOIN_GROUP, followed by calls ip_mc_join_group()function: \nnet/ipv4/igmp. c \n! [](/Article/UploadPic/2017-6/201761725251967. png? www. myhack58. com) \nCode 2128 line sock_kmalloc()for memory allocation. \n2, The first free \nThe kernel inside all the time produce a soft interrupt, and the vulnerability relates to a soft interrupt is generated by the accept()system call caused due to the function itself acting on the process context, and will not produce a soft interrupt. But to call accept (), it will be in the kernel induced some kind of software interrupt generate the software interrupt will invoke rcu_process_callbacks()function: \nkernel/rcu/tree. c \n! [](/Article/UploadPic/2017-6/201761725252608. png? www. myhack58. com) \n__rcu_process_callbacks call rcu_do_batch()function, as follows: \nkernel/rcu/tree. c \n! [](/Article/UploadPic/2017-6/201761725252909. png? www. myhack58. com)\n\n**[1] [[2]](<87108_2.htm>) [next](<87108_2.htm>)**\n", "modified": "2017-06-17T00:00:00", "published": "2017-06-17T00:00:00", "href": "http://www.myhack58.com/Article/html/3/62/2017/87108.htm", "id": "MYHACK58:62201787108", "title": "\u201cPhoenix Talon\u201din the Linux Kernel \u2014lurking for over 11 years, the kernel vulnerability-vulnerability warning-the black bar safety net", "type": "myhack58", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T11:57:26", "description": "### About \u201cPhoenix Talon\u201d\n\n2017 5 November 9, qimingxing e ADLab found that the Linux kernel there is a remote vulnerability\u201cPhoenix Talon\u201dthe Phoenix claw fourth toe of Italy, and relates to CVE-2017-8890, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, can affect almost all Linux kernel 2.5.69 ~Linux kernel 4.11 kernel version, corresponding to the release version as well as the relevant domestic system. Can lead to a remote DOS, and in compliance with certain Use Conditions can lead to the RCE, including the transport layer of the TCP, DCCP, SCTP, and network layer IPv4 and IPv6 protocols are affected. In fact, the vulnerability in the Linux 4.11-rc8 version has been qimingxing e ADLab discovered, and later of the Linux 4.11 stable version also have this problem. The study of these vulnerabilities in the Linux kernel at least has been lurking for 11 years, the impact is extremely far-reaching.\n\nQimingxing e ADLab has been the first time the\u201cPhoenix Talon\u201dvulnerability feedback to the Linux kernel community, the vulnerabilities reported after the Linux community in the Linux 4.12-rc1 merge the fix the issue the patch.\n\nThese vulnerabilities to CVE-2017-8890 is the most serious to the Linux kernel vulnerability two scoring history the highest score, the CVSS V2 score achieved out of 10. 0, the CVSS V3 scoring history the highest score of 9. 8, The NVD on the search history involves Linux kernel vulnerabilities this rate the vulnerability of not more than 20, the following analysis to the vulnerability, for example, a reference to the official DESCRIPTION is as follows: \u201cThe inet_csk_clone_lock function in net/ipv4/inet_connection_sock. c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging the use of the accept system call.\u201d\n\n### The Vulnerability\n\nCVE-2017-8890 itself is a double free problem, using the setsockopt()function in the MCAST_JOIN_GROUP option, and call the accept()function to trigger the vulnerability. Then first take a look at a couple of multicast-related data structures: \n\nThe structure of the two members are respectively used to specify the multicast group IP address and have to join a group of local interface IP address. ip_setsockopt()to achieve this function, by calling the ip_mc_join_group()the socket is added to the multicast group. \n\nWhere sk.__ sk_common. skc_rcv_saddr for multicast, receive only the address is sent to the multicast data, the unicast is concerned, only from the address represented the network card receiving data; mc_ttl for the multicast ttl; the mc_loop represents the multicast are sent to the loop; mc_index indicates multicast use the local device interface index; mc_addr represents a multicast source address; mc_list is a multicast list. \n\nnext_rcu points to the list of next nodes; multi indicates that the group information, i.e. in which one on the local interface, joined to which multicast group; sfmode is the filtering mode, the value of the MCAST_INCLUDE or MCAST_EXCLUDE, respectively, to receive only the sflist those listed the source of the multicast data packet and does not receive sflist those listed the source of multicast datagram; sflist is the source list. The following are from the vulnerability of memory assigned to the key code and the second release of the key code analysis.\n\n#### 1, The Allocate\n\nMemory allocation call chain: \n\nUse the setsockopt()function in the MCAST_JOIN_GROUP option. net/socket. c \n\nEntering the kernel calls SyS_setsockopt()function, the level set is not SOL_SOCKET, General settings for the SOL_IP, in 1798 at line is called. Immediately call sock_common_setsockopt()function. net/ipv4/ip_sockglue. c \n\nThen enter the ip_setsockopt()function, call the do_ip_setsockopt()function 1264 lines of code. net/ipv4/ip_sockglue. c \n\nCode 1019 to 1021 call copy_from_user()to the user state data is copied to the kernel state. Before you have the option set to MCAST_JOIN_GROUP, followed by calls ip_mc_join_group()function: net/ipv4/igmp. c \n\nCode 2128 line sock_kmalloc()for memory allocation.\n\n#### 2, The first free\n\nThe kernel inside all the time produce a soft interrupt, and the vulnerability relates to a soft interrupt is generated by the accept()system call caused due to the function itself acting on the process context, and will not produce a soft interrupt. But to call accept (), it will be in the kernel induced some kind of software interrupt generate the software interrupt will invoke rcu_process_callbacks()function: kernel/rcu/tree. c \n\n__rcu_process_callbacks call rcu_do_batch()function, as follows: kernel/rcu/tree. c \n\nNote that the code in the first 2879 rows, function to__rcu_reclaim()to achieve the following: kernel/rcu/rcu. h \n\nIn 113 row call kfree()for the first release.\n\n#### 3, The second free\n\nWhen disconnecting the TCP connection, the kernel through the sock_close()function directly calls sock_release()to achieve the disconnect function, the function will empty the ops, update the global socket number, update the inode reference count. Then proceeds to inet_release()function call tcp_close()function to the end off the sock on. net/ipv4/af_inet. c \n\nThe user application disconnect the TCP connection, the kernel in use ip_mc_drop_socket()function is recovered. net/ipv4/igmp. c \n\nCode 2612 line calls kfree_rcu()for the second release.\n\n### Affected\n\n#### 1, The affected kernel version\n\nThe study, in theory, the Linux kernel 2.5.69 ~ Linux kernel 4.11 all versions are affected by the\u201cPhoenix Talon\u201deffect, and the open source community verification\u201cPhoenix Talon\u201dvulnerability affects the Linux kernel version part of the list is as follows: \n\nBy qimingxing e ADLab test the Linux kernel 4.11 also affected.\n\n#### 2, The affected release version\n\nThe open source community verification section affected the release version is not the complete list as follows: _ Red Hat Enterprise MRG 2 _ Red Hat Enterprise Linux 7 _ Red Hat Enterprise Linux 6 _ Red Hat Enterprise Linux 5 _ SUSE Linux Enterprise Desktop 12 SP1 _ SUSE Linux Enterprise Desktop 12 SP2 _ SUSE Linux Enterprise Server 11 SP3 LTSS _ SUSE Linux Enterprise Server 11 SP4 _ SUSE Linux Enterprise Server 12 GA _ SUSE Linux Enterprise Server 12 SP1 _ SUSE Linux Enterprise Server 12 SP2 _ SUSE Linux Enterprise Server for SAP 11 SP3 _ SUSE Linux Enterprise Server for SAP 11 SP4 _ SUSE Linux Enterprise Server for SAP 12 GA _ SUSE Linux Enterprise Server for SAP 12 SP1 _ SUSE Linux Enterprise Server for SAP 12 SP2\n\nIn addition, qimingxing e ADLab on the following part of the release version to do the test, confirm that are subject to the\u201cPhoenix Talon\u201dvulnerability impact: _ Ubuntu 14.04 LTS (Trusty Tahr) _ Ubuntu 16.04 LTS (Xenial Xerus) _ Ubuntu 16.10(Yakkety Yak) _ Ubuntu 17.04(Zesty Zapus) * Ubuntu 17.10(Artful Aardvark)\n", "published": "2017-06-16T00:00:00", "type": "seebug", "title": "\"Phoenix Talon\" in Linux Kernel\n (Phoenix Talon)", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-8890", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077"], "modified": "2017-06-16T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-93207", "id": "SSV:93207", "sourceData": "", "sourceHref": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "huawei": [{"lastseen": "2019-02-01T18:02:22", "bulletinFamily": "software", "cvelist": ["CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-8890"], "description": "Products\n\nSwitches\nRouters\nWLAN\nServers\nSee All\n\n\n\nSolutions\n\nCloud Data Center\nEnterprise Networking\nWireless Private Network\nSolutions by Industry\nSee All\n\n\n\nServices\n\nTraining and Certification\nICT Lifecycle Services\nTechnology Services\nIndustry Solution Services\nSee All\n\n\n\nSee all offerings at e.huawei.com\n\n\n\nNeed Support ?\n\nProduct Support\nSoftware Download\nCommunity\nTools\n\nGo to Full Support", "edition": 1, "modified": "2017-08-02T00:00:00", "published": "2017-08-02T00:00:00", "id": "HUAWEI-SA-20170802-01-LINUX", "href": "https://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170802-01-linux-en", "title": "Security Advisory - 'Phoenix Talon' Vulnerabilities in Linux Kernel", "type": "huawei", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2020-12-11T01:16:14", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7895", "CVE-2017-9074", "CVE-2017-7645", "CVE-2017-9242", "CVE-2017-0605", "CVE-2017-9075", "CVE-2017-8924", "CVE-2017-1000364", "CVE-2017-8925", "CVE-2017-7487", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-8890"], "description": "Package : linux\nVersion : 3.2.89-1\nCVE ID : CVE-2017-0605 CVE-2017-7487 CVE-2017-7645 CVE-2017-7895 \n CVE-2017-8890 CVE-2017-8924 CVE-2017-8925 CVE-2017-9074 \n CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 CVE-2017-9242 \n CVE-2017-1000364\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2017-0605\n\n A buffer overflow flaw was discovered in the trace subsystem.\n\nCVE-2017-7487\n\n Li Qiang reported a reference counter leak in the ipxitf_ioctl\n function which may result into a use-after-free vulnerability,\n triggerable when a IPX interface is configured.\n\nCVE-2017-7645\n\n Tuomas Haanpaa and Matti Kamunen from Synopsys Ltd discovered that\n the NFSv2 and NFSv3 server implementations are vulnerable to an\n out-of-bounds memory access issue while processing arbitrarily long\n arguments sent by NFSv2/NFSv3 PRC clients, leading to a denial of\n service.\n\nCVE-2017-7895\n\n Ari Kauppi from Synopsys Ltd discovered that the NFSv2 and NFSv3\n server implementations do not properly handle payload bounds\n checking of WRITE requests. A remote attacker with write access to a\n NFS mount can take advantage of this flaw to read chunks of\n arbitrary memory from both kernel-space and user-space.\n\nCVE-2017-8890\n\n It was discovered that the net_csk_clone_lock() function allows a\n remote attacker to cause a double free leading to a denial of\n service or potentially have other impact.\n\nCVE-2017-8924\n\n Johan Hovold found that the io_ti USB serial driver could leak\n sensitive information if a malicious USB device was connected.\n\nCVE-2017-8925\n\n Johan Hovold found a reference counter leak in the omninet USB\n serial driver, resulting in a use-after-free vulnerability. This\n can be triggered by a local user permitted to open tty devices.\n\nCVE-2017-9074\n\n Andrey Konovalov reported that the IPv6 fragmentation\n implementation could read beyond the end of a packet buffer. A\n local user or guest VM might be able to use this to leak sensitive\n information or to cause a denial of service (crash).\n\nCVE-2017-9075\n\n Andrey Konovalov reported that the SCTP/IPv6 implementation\n wrongly initialised address lists on connected sockets, resulting\n in a use-after-free vulnerability, a similar issue to\n CVE-2017-8890. This can be triggered by any local user.\n\nCVE-2017-9076 / CVE-2017-9077\n\n Cong Wang found that the TCP/IPv6 and DCCP/IPv6 implementations\n wrongly initialised address lists on connected sockets, a similar\n issue to CVE-2017-9075.\n\nCVE-2017-9242\n\n Andrey Konovalov reported a packet buffer overrun in the IPv6\n implementation. A local user could use this for denial of service\n (memory corruption; crash) and possibly for privilege escalation.\n\nCVE-2017-1000364\n\n The Qualys Research Labs discovered that the size of the stack guard\n page is not sufficiently large. The stack-pointer can jump over the\n guard-page and moving from the stack into another memory region\n without accessing the guard-page. In this case no page-fault\n exception is raised and the stack extends into the other memory\n region. An attacker can exploit this flaw for privilege escalation.\n\n The default stack gap protection is set to 256 pages and can be\n configured via the stack_guard_gap kernel parameter on the kernel\n command line.\n\n Further details can be found at\n https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n3.2.89-1. This version also includes bug fixes from upstream version\n3.2.89.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n3.16.43-2+deb8u1.\n\nFor Debian 9 "Stretch", these problems have been fixed in version\n4.9.30-2+deb9u1 or earlier versions before the stretch release.\n\nWe recommend that you upgrade your linux packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \nBen Hutchings - Debian developer, member of kernel, installer and LTS teams", "edition": 13, "modified": "2017-06-20T03:02:45", "published": "2017-06-20T03:02:45", "id": "DEBIAN:DLA-993-1:71AF5", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201706/msg00022.html", "title": "[SECURITY] [DLA 993-1] linux security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}