SUSE SLED12 / SLES12 Security Update : kernel-source (SUSE-SU-2015:1727-1)

high Nessus Plugin ID 86378

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 12 kernel was updated to 3.12.48-52.27 to receive various security and bugfixes.

Following security bugs were fixed :

- CVE-2015-7613: A flaw was found in the Linux kernel IPC code that could lead to arbitrary code execution. The ipc_addid() function initialized a shared object that has unset uid/gid values. Since the fields are not initialized, the check can falsely succeed. (bsc#948536)

- CVE-2015-5156: When a guests KVM network devices is in a bridge configuration the kernel can create a situation in which packets are fragmented in an unexpected fashion. The GRO functionality can create a situation in which multiple SKB's are chained together in a single packets fraglist (by design). (bsc#940776)

- CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI (bsc#938706).

- CVE-2015-6252: A flaw was found in the way the Linux kernel's vhost driver treated userspace provided log file descriptor when processing the VHOST_SET_LOG_FD ioctl command. The file descriptor was never released and continued to consume kernel memory. A privileged local user with access to the /dev/vhost-net files could use this flaw to create a denial-of-service attack (bsc#942367).

- CVE-2015-5697: The get_bitmap_file function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call.
(bnc#939994)

- CVE-2015-6937: A NULL pointer dereference flaw was found in the Reliable Datagram Sockets (RDS) implementation allowing a local user to cause system DoS. A verification was missing that the underlying transport exists when a connection was created. (bsc#945825)

- CVE-2015-5283: A NULL pointer dereference flaw was found in SCTP implementation allowing a local user to cause system DoS. Creation of multiple sockets in parallel when system doesn't have SCTP module loaded can lead to kernel panic. (bsc#947155)

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 12 :

zypper in -t patch SUSE-SLE-WE-12-2015-668=1

SUSE Linux Enterprise Software Development Kit 12 :

zypper in -t patch SUSE-SLE-SDK-12-2015-668=1

SUSE Linux Enterprise Server 12 :

zypper in -t patch SUSE-SLE-SERVER-12-2015-668=1

SUSE Linux Enterprise Module for Public Cloud 12 :

zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-668=1

SUSE Linux Enterprise Live Patching 12 :

zypper in -t patch SUSE-SLE-Live-Patching-12-2015-668=1

SUSE Linux Enterprise Desktop 12 :

zypper in -t patch SUSE-SLE-DESKTOP-12-2015-668=1

To bring your system up-to-date, use 'zypper patch'.

See Also

https://bugzilla.suse.com/show_bug.cgi?id=942160

https://bugzilla.suse.com/show_bug.cgi?id=942204

https://bugzilla.suse.com/show_bug.cgi?id=942307

https://bugzilla.suse.com/show_bug.cgi?id=942367

https://bugzilla.suse.com/show_bug.cgi?id=948536

https://bugzilla.suse.com/show_bug.cgi?id=856382

https://bugzilla.suse.com/show_bug.cgi?id=886785

https://bugzilla.suse.com/show_bug.cgi?id=898159

https://bugzilla.suse.com/show_bug.cgi?id=907973

https://bugzilla.suse.com/show_bug.cgi?id=908950

https://bugzilla.suse.com/show_bug.cgi?id=912183

https://bugzilla.suse.com/show_bug.cgi?id=914818

https://bugzilla.suse.com/show_bug.cgi?id=916543

https://bugzilla.suse.com/show_bug.cgi?id=920016

https://bugzilla.suse.com/show_bug.cgi?id=922071

https://bugzilla.suse.com/show_bug.cgi?id=924722

https://bugzilla.suse.com/show_bug.cgi?id=929092

https://bugzilla.suse.com/show_bug.cgi?id=929871

https://bugzilla.suse.com/show_bug.cgi?id=930813

https://bugzilla.suse.com/show_bug.cgi?id=932285

https://bugzilla.suse.com/show_bug.cgi?id=932350

https://bugzilla.suse.com/show_bug.cgi?id=934430

https://bugzilla.suse.com/show_bug.cgi?id=934942

https://bugzilla.suse.com/show_bug.cgi?id=934962

https://www.suse.com/security/cve/CVE-2015-5156/

https://www.suse.com/security/cve/CVE-2015-5157/

https://www.suse.com/security/cve/CVE-2015-5283/

https://www.suse.com/security/cve/CVE-2015-5697/

https://www.suse.com/security/cve/CVE-2015-6252/

https://www.suse.com/security/cve/CVE-2015-6937/

https://www.suse.com/security/cve/CVE-2015-7613/

http://www.nessus.org/u?4f62582a

https://bugzilla.suse.com/show_bug.cgi?id=936556

https://bugzilla.suse.com/show_bug.cgi?id=936773

https://bugzilla.suse.com/show_bug.cgi?id=937609

https://bugzilla.suse.com/show_bug.cgi?id=937612

https://bugzilla.suse.com/show_bug.cgi?id=937613

https://bugzilla.suse.com/show_bug.cgi?id=937616

https://bugzilla.suse.com/show_bug.cgi?id=938550

https://bugzilla.suse.com/show_bug.cgi?id=938706

https://bugzilla.suse.com/show_bug.cgi?id=938891

https://bugzilla.suse.com/show_bug.cgi?id=938892

https://bugzilla.suse.com/show_bug.cgi?id=938893

https://bugzilla.suse.com/show_bug.cgi?id=939145

https://bugzilla.suse.com/show_bug.cgi?id=939266

https://bugzilla.suse.com/show_bug.cgi?id=939716

https://bugzilla.suse.com/show_bug.cgi?id=939834

https://bugzilla.suse.com/show_bug.cgi?id=939994

https://bugzilla.suse.com/show_bug.cgi?id=940398

https://bugzilla.suse.com/show_bug.cgi?id=940545

https://bugzilla.suse.com/show_bug.cgi?id=940679

https://bugzilla.suse.com/show_bug.cgi?id=940776

https://bugzilla.suse.com/show_bug.cgi?id=940912

https://bugzilla.suse.com/show_bug.cgi?id=940925

https://bugzilla.suse.com/show_bug.cgi?id=940965

https://bugzilla.suse.com/show_bug.cgi?id=941098

https://bugzilla.suse.com/show_bug.cgi?id=941305

https://bugzilla.suse.com/show_bug.cgi?id=941908

https://bugzilla.suse.com/show_bug.cgi?id=941951

Plugin Details

Severity: High

ID: 86378

File Name: suse_SU-2015-1727-1.nasl

Version: 2.24

Type: local

Agent: unix

Published: 10/14/2015

Updated: 1/6/2021

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debugsource, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-extra, p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-xen, p-cpe:/a:novell:suse_linux:kernel-xen-base, p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo, p-cpe:/a:novell:suse_linux:kernel-xen-debugsource, p-cpe:/a:novell:suse_linux:kernel-xen-devel, cpe:/o:novell:suse_linux:12

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 10/6/2015

Vulnerability Publication Date: 8/31/2015

Reference Information

CVE: CVE-2015-5156, CVE-2015-5157, CVE-2015-5283, CVE-2015-5697, CVE-2015-6252, CVE-2015-6937, CVE-2015-7613

BID: 76005