Download
| Alert*
oval:org.secpod.oval:def:1100524
The remote host is missing a patch containing a security fix, which affects the following packages: bos.mp64. For more information please visit vendor advisory link. oval:org.secpod.oval:def:89043855 This update for xen fixes several issues. This feature was added: - Added support for qemu monitor command These security issues were fixed: - CVE-2018-3639: Prevent attackers with local user access from extracting information via a side-channel analysis, aka Speculative Store Bypass , Variant 4 . - ... oval:org.secpod.oval:def:89043867 This update for xen fixes several issues. This feature was added: - Added support for qemu monitor command These security issues were fixed: - CVE-2018-3639: Prevent attackers with local user access from extracting information via a side-channel analysis, aka Speculative Store Bypass , Variant 4 . - ... oval:org.secpod.oval:def:1504440 [15:3.0.0-1.el7] - net: ignore packet size greater than INT_MAX [Orabug: 28763782] {CVE-2018-17963} - pcnet: fix possible buffer overflow [Orabug: 28763774] {CVE-2018-17962} - rtl8139: fix possible out of bound access [Orabug: 28763765] {CVE-2018-17958} - ne2000: fix possible out of bound access ... oval:org.secpod.oval:def:89043524 This update for xen fixes several issues. These security issues were fixed: - CVE-2018-3639: Prevent attackers with local user access from extracting information via a side-channel analysis, aka Speculative Store Bypass , Variant 4 . - CVE-2017-5753,CVE-2017-5715,CVE-2017-5754: Improved Spectre v2 m ... oval:org.secpod.oval:def:1504737 [15:3.0.0-1.el7] - net: ignore packet size greater than INT_MAX [Orabug: 28763782] {CVE-2018-17963} - pcnet: fix possible buffer overflow [Orabug: 28763774] {CVE-2018-17962} - rtl8139: fix possible out of bound access [Orabug: 28763765] {CVE-2018-17958} - ne2000: fix possible out of bound access ... oval:org.secpod.oval:def:60360 The remote host is missing a patch containing a security fix, which affects the following packages: bos.mp64. For more information please visit vendor advisory link. oval:org.secpod.oval:def:60359 The remote host is missing a patch containing a security fix, which affects the following packages: bos.mp64 and bos.mp. For more information please visit vendor advisory link. oval:org.secpod.oval:def:89002298 This update for webkit2gtk3 fixes the following issues: Update to version 2.18.5: + Disable SharedArrayBuffers from Web API. + Reduce the precision of quot;highquot; resolution time to 1ms. + bsc#1075419 - Security fixes: includes improvements to mitigate the effects of Spectre and Meltdown . Update ... oval:org.secpod.oval:def:52011 linux-hwe: Linux hardware enablement kernel Details:This update provides the corresponding updates for the Linux Hardware Enablement kernel for Linux Mint 18.x LTS. USNS 3541-2 and 3523-2 provided mitigations for Spectre and Meltdown for the i386, amd64, and ppc64el architectures for Linux Mint 1 ... oval:org.secpod.oval:def:51533 It was discovered that a new class of side channel attacks impact most processors, including processors from Intel, AMD, and ARM. The attack allows malicious userspace processes to read kernel memory and malicious code in guests to read hypervisor memory. To address the issue, updates to the Linux M ... oval:org.secpod.oval:def:89043690 This update for xen fixes several issues. These security issues were fixed: - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent information leaks via side effects of speculative execution, aka Spectre and Meltdown attacks - CVE-2017-15595: x86 PV guest OS users were able to cause a DoS or p ... oval:org.secpod.oval:def:51976 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-euclid: Linux kernel for Intel Euclid systems Details: Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. T ... oval:org.secpod.oval:def:51977 linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel - linux-oem: Linux kernel for OEM processors Details: This update provides the corresponding updates for the Linux Hardware Enableme ... oval:org.secpod.oval:def:704010 linux-hwe: Linux hardware enablement kernel Details: USN-3597-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. USNS 3541-2 and 3523-2 provided mitigations fo ... oval:org.secpod.oval:def:704011 linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 Details: USNS 3541-1 and 3523-1 provided mitigations for Spectre and Meltdown for the i386, amd64, and ppc64el architectures in Ubuntu 17.10. This update provides the corresponding mitigations for the arm64 architecture. Original a ... oval:org.secpod.oval:def:52911 linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Details: USN-3540-1 addressed vulnerabilities in the Linux kernel for Linux Mint 18.x LTS. This update provides the corresponding updates for the Linux Hardware Enable ... oval:org.secpod.oval:def:1502094 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502095 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:89043590 This update for xen fixes several issues. This new feature was included: - add script and sysv service to watch for vcpu online/offline events in a HVM domU These security issues were fixed: - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent information leaks via side effects of speculative exec ... oval:org.secpod.oval:def:2100114 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. oval:org.secpod.oval:def:89002259 The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory . - CVE-2017-5753 / quot;Spec#197;#167;reAttackquot;: Local attac ... oval:org.secpod.oval:def:89002248 This update for xen fixes the following issues: Update to Xen 4.7.5 bug fix only release Security issues fixed: - CVE-2018-7540: Fixed DoS via non-preemptable L3/L4 pagetable freeing - CVE-2018-7541: A grant table v2 -gt; v1 transition may crash Xen - CVE-2017-5753,CVE-2017-5715,CVE-2017-5754 F ... oval:org.secpod.oval:def:89002227 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory . - CVE-2017-5753: Local attackers on systems with modern CPUs fe ... oval:org.secpod.oval:def:703963 linux: Linux kernel Details: Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel m ... oval:org.secpod.oval:def:703962 linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Details: USN-3540-1 addressed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablemen ... oval:org.secpod.oval:def:703959 linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel - linux-oem: Linux kernel for OEM processors Details: USN-3541-1 addressed vulnerabilities in the Linux kernel for Ubuntu 17.10. Thi ... oval:org.secpod.oval:def:703958 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-euclid: Linux kernel for Intel Euclid systems Details: Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. T ... oval:org.secpod.oval:def:43415 It was discovered that a new class of side channel attacks impact most processors, including processors from Intel, AMD, and ARM. The attack allows malicious userspace processes to read kernel memory and malicious code in guests to read hypervisor memory. To address the issue, updates to the Ubuntu ... oval:org.secpod.oval:def:703933 firefox: Mozilla Open Source web browser Firefox could be made to expose sensitive information. oval:org.secpod.oval:def:43422 The host is missing a critical security update 4056568 oval:org.secpod.oval:def:43429 The host is missing a critical security update 4056888 oval:org.secpod.oval:def:43428 The host is missing an important security update 4056897 oval:org.secpod.oval:def:43426 The host is missing a critical security update 4056891 oval:org.secpod.oval:def:43432 The host is missing an important security update 4056898 oval:org.secpod.oval:def:1800826 CVE-2017-5753, CVE-2017-5715, CVE-2017-5754, XSA-254: Information leak via side effects of speculative execution Reference:¶ oval:org.secpod.oval:def:89043925 The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes. This update is only provided as a fix update for IBM Z platform. - CVE-2017-5753 / Spectre Attack : IBM Z fixes were included but not enabled in the previous update. This update enables those fixes. - CVE- ... oval:org.secpod.oval:def:1502120 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502126 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502127 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:89043778 This update for xen fixes several issues. These security issues were fixed: - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent information leaks via side effects of speculative execution, aka Spectre and Meltdown attacks - CVE-2017-15595: x86 PV guest OS users were able to cause a DoS or p ... oval:org.secpod.oval:def:51963 firefox: Mozilla Open Source web browser Firefox could be made to expose sensitive information. oval:org.secpod.oval:def:1800270 CVE-2017-17566, XSA-248: x86 PV guests may gain access to internally used pages Reference CVE-2017-17563, XSA-249: broken x86 shadow mode refcount overflow check Reference CVE-2017-17564, XSA-250: improper x86 shadow mode refcount error handling Reference CVE-2017-17565, XSA-251: improper bug check ... oval:org.secpod.oval:def:89043499 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. This update is only provided as a fix update for IBM Z platform. - CVE-2017-5753 / Spectre Attack : IBM Z fixes were included but not enabled in the previous update. This update enables those fixes. - CVE- ... oval:org.secpod.oval:def:89002312 The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory . - CVE-2017-5753 / quot;SpectreAttackquot;: Local attackers on s ... oval:org.secpod.oval:def:1800236 CVE-2017-17566, XSA-248: x86 PV guests may gain access to internally used pages Reference: CVE-2017-17563, XSA-249: broken x86 shadow mode refcount overflow check Reference: CVE-2017-17564, XSA-250: improper x86 shadow mode refcount error handling Reference: CVE-2017-17565, XSA-251: improper bug che ... oval:org.secpod.oval:def:53259 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-5715 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controllin ... oval:org.secpod.oval:def:1800444 CVE-2017-17566, XSA-248: x86 PV guests may gain access to internally used pages Reference: CVE-2017-17563, XSA-249: broken x86 shadow mode refcount overflow check Reference: CVE-2017-17564, XSA-250: improper x86 shadow mode refcount error handling Reference: CVE-2017-17565, XSA-251: improper bug che ... oval:org.secpod.oval:def:603232 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-5754 Multiple researchers have discovered a vulnerability in Intel processors, enabling an attacker controlling an unprivileged process to read m ... oval:org.secpod.oval:def:204791 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * hw: cpu: speculative execution permission faults handling * kernel: Buffer overflow in firewire driver via crafted incoming packets * kernel: Use-after-free vulnerability in DCCP socket * Kernel: ... oval:org.secpod.oval:def:204798 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * hw: cpu: speculative execution permission faults handling * Kernel: error in exception handling leads to DoS * kernel: nfsd: Incorrect handling of long RPC replies * kernel: Use-after-free vulner ... oval:org.secpod.oval:def:1700002 An updated kernel release for Amazon Linux has been made available which prevents speculative execution of indirect branches within the kernel. This release incorporates latest stable open source Linux security improvements to address CVE-2017-5715 within the kernel and builds upon previously incorp ... oval:org.secpod.oval:def:52908 linux: Linux kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:52907 linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:1600829 An updated kernel release for Amazon Linux has been made available which prevents speculative execution of indirect branches within the kernel. This release incorporates latest stable open source Linux security improvements to address CVE-2017-5715 within the kernel and builds upon previously incorp ... oval:org.secpod.oval:def:52916 linux: Linux kernel Details: It was discovered that an out-of-bounds write vulnerability existed in the Flash-Friendly File System in the Linux kernel. An attacker could construct a malicious file system that, when mounted, could cause a denial of service or possibly execute arbitrary code. It wa ... oval:org.secpod.oval:def:43398 An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant ... oval:org.secpod.oval:def:703996 linux: Linux kernel Details: It was discovered that an out-of-bounds write vulnerability existed in the Flash-Friendly File System in the Linux kernel. An attacker could construct a malicious file system that, when mounted, could cause a denial of service or possibly execute arbitrary code. It wa ... oval:org.secpod.oval:def:43639 The host is installed with Apple Mac OS 10.13.1 or 10.12.6 or 10.11.6 and is prone to multiple vulnerabilities. The flaw is present in the application, which fails to properly handle multiple issues. Successful exploitation allows remote attackers to execute arbitrary code or read restricted memory. oval:org.secpod.oval:def:703941 linux: Linux kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703945 linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel - linux-oem: Linux kernel for OEM processors Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703939 linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703938 linux: Linux kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703937 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-euclid: Linux kernel for Intel Euclid systems - linux-kvm: Linux kernel for cloud environments Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:53223 Multiple researchers have discovered a vulnerability in Intel processors, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system. This specific attack has been named Meltdown and is add ... oval:org.secpod.oval:def:43628 The host is installed with Apple Mac OS X 10.12.6 or 10.11.6 and is prone to an information disclosure vulnerability. The flaw is present in the application, which fails to properly handle systems with microprocessors utilizing speculative execution and indirect branch prediction. Successful exploit ... oval:org.secpod.oval:def:1502102 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502103 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:89043577 This update for xen fixes several issues. These security issues were fixed: - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 - Handle HPET timers in IO-APIC mode correctly to prevent malicious or buggy HVM guests from causing a hypervisor crash or potentially privilege escalation/inf ... oval:org.secpod.oval:def:1502133 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502132 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:2105792 Oracle Solaris 11 - ( CVE-2018-1165 ) oval:org.secpod.oval:def:51966 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-euclid: Linux kernel for Intel Euclid systems - linux-kvm: Linux kernel for cloud environments Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:51969 linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel - linux-oem: Linux kernel for OEM processors Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:603228 Multiple researchers have discovered a vulnerability in Intel processors, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system. This specific attack has been named Meltdown and is add ... oval:org.secpod.oval:def:603280 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-5715 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controllin ... oval:org.secpod.oval:def:89048663 The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen . * CVE-201 ... oval:org.secpod.oval:def:43395 An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant ... oval:org.secpod.oval:def:43427 The host is missing a critical security update 4056890 oval:org.secpod.oval:def:43520 The host is missing an important security update ADV180002 |