Linux Distros Unpatched Vulnerability : CVE-2017-7482

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the...

Slackware: Security Advisory (SSA:2017-181-02)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2017:2389-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2017:3410-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2017-7482

Keberos 5 tickets being decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation...

Important: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Photon OS 2.0: Linux PHSA-2018-2.0-0101 (deprecated)

An update of 'linux-secure', 'linux', 'linux-aws', 'linux-esx' packages of Photon OS has been released. C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2/7/2019 The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2018-2.0-0101. The te...

CVE-2017-7482

CVE-2017-7482 affects the Linux kernel prior to 4.12. When Kerberos 5 tickets are decoded using RXRPC keys, the code incorrectly assumes the size of a field, causing the size-remaining calculation to wrap and the data pointer to extend past the buffer end. This can lead to memory corruption and p...

Unbreakable Enterprise kernel security update

kernel-uek 3.8.13-118.20.3 - gre: fix a possible skb leak Eric Dumazet Orabug: 26403972 CVE-2017-9074 - ipv6: Fix leak in ipv6gsosegment. David S. Miller Orabug: 26403972 CVE-2017-9074 - ipv6: xfrm: Handle errors reported by xfrm6find1stfragopt Ben Hutchings Orabug: 26403972 CVE-2017-9074 - ipv6:...

Debian: Security Advisory (DLA-1099-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0174) (BlueBorne) (Dirty COW) (Stack Clash)

The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2017-0174 for details. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The package checks in this plugin were extracted from OracleVM Security Advisory...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3659)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2017-3659 advisory. - net: qmiwwan: fix divide by 0 on bad descriptors Bjorn Mork Orabug: 27215221 CVE-2017-16650 - mm, thp: Do not make page table dirty unconditionally in...

OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0167)

The remote OracleVM system is missing necessary patches to address critical security updates : - Revert 'drivers/char/mem.c: deny access in open operation when securelevel is set' Brian Maly Orabug: 27037811 - xfs: use dedicated log worker wq to avoid deadlock with cil wq Brian Foster Orabug:...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3635)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3635 advisory. - scsi: scsitransportiscsi: fix the issue that iscsiifrx doesn't parse nlmsg properly Xin Long Orabug: 26988633 CVE-2017-14489 - ipv6: avoid overfl...

Debian DLA-1099-1 : linux security update (BlueBorne) (Stack Clash)

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-7482 Shi Lei discovered that RxRPC Kerberos 5 ticket handling code does not properly verify metadata, leading to information disclosure, denia...

[SECURITY] [DLA 1099-1] linux security update

Package : linux Version : 3.2.93-1 CVE ID : CVE-2017-7482 CVE-2017-7542 CVE-2017-7889 CVE-2017-10661 CVE-2017-10911 CVE-2017-11176 CVE-2017-11600 CVE-2017-12134 CVE-2017-12153 CVE-2017-12154 CVE-2017-14106 CVE-2017-14140 CVE-2017-14156 CVE-2017-14340 CVE-2017-14489 CVE-2017-1000111 CVE-2017-10002...

SUSE SLES11 Security Update : kernel (SUSE-SU-2017:2389-1) (Stack Clash)

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-7482: Several missing length checks ticket decode allowing for information leak or potentially code execution bsc1046107. - CVE-2016-10277: Potential...

USN-3392-2: Linux kernel (Xenial HWE) regression | Cloud Foundry

Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3392-1 fixed a regression in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS...

Debian DSA-3945-1 : linux - security update (Stack Clash)

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2014-9940 A use-after-free flaw in the voltage and current regulator driver could allow a local user to cause a denial of service or potentially...

[SECURITY] [DSA 3945-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3945-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 17, 2017 https://www.debian.org/security/faq -...