openSUSE Security Update : the Linux Kernel (openSUSE-2017-562)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

The openSUSE Leap 42.1 kernel was updated to receive various security
and bugfixes.

The following security bugs were fixed :

- CVE-2017-7618: crypto/ahash.c in the Linux kernel
allowed attackers to cause a denial of service (API
operation calling its own callback, and infinite
recursion) by triggering EBUSY on a full queue
(bnc#1033340).

- CVE-2016-10318: A missing authorization check in the
fscrypt_process_policy function in fs/crypto/policy.c in
the ext4 and f2fs filesystem encryption support in the
Linux kernel allowed a user to assign an encryption
policy to a directory owned by a different user,
potentially creating a denial of service (bnc#1032435).

- CVE-2017-7616: Incorrect error handling in the
set_mempolicy and mbind compat syscalls in
mm/mempolicy.c in the Linux kernel allowed local users
to obtain sensitive information from uninitialized stack
data by triggering failure of a certain bitmap operation
(bnc#1033336).

- CVE-2017-7308: The packet_set_ring function in
net/packet/af_packet.c in the Linux kernel did not
properly validate certain block-size data, which allowed
local users to cause a denial of service (overflow) or
possibly have unspecified other impact via crafted
system calls (bnc#1031579).

- CVE-2017-2671: The ping_unhash function in
net/ipv4/ping.c in the Linux kernel is too late in
obtaining a certain lock and consequently cannot ensure
that disconnect function calls are safe, which allowed
local users to cause a denial of service (panic) by
leveraging access to the protocol value of IPPROTO_ICMP
in a socket system call (bnc#1031003).

- CVE-2017-7294: The vmw_surface_define_ioctl function in
drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux
kernel did not validate addition of certain levels data,
which allowed local users to trigger an integer overflow
and out-of-bounds write, and cause a denial of service
(system hang or crash) or possibly gain privileges, via
a crafted ioctl call for a /dev/dri/renderD* device
(bnc#1031440).

- CVE-2017-7261: The vmw_surface_define_ioctl function in
drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux
kernel did not check for a zero value of certain levels
data, which allowed local users to cause a denial of
service (ZERO_SIZE_PTR dereference, and GPF and possibly
panic) via a crafted ioctl call for a /dev/dri/renderD*
device (bnc#1031052).

- CVE-2017-7187: The sg_ioctl function in
drivers/scsi/sg.c in the Linux kernel allowed local
users to cause a denial of service (stack-based buffer
overflow) or possibly have unspecified other impact via
a large command size in an SG_NEXT_CMD_LEN ioctl call,
leading to out-of-bounds write access in the sg_write
function (bnc#1030213).

The following non-security bugs were fixed :

- ata: ahci_xgene: free structure returned by
acpi_get_object_info() (bsc#1033518).

- doc/README.SUSE: update links to KMP manual

- ext4: do not perform data journaling when data is
encrypted (bsc#1012876).

- ext4: fix use-after-iput when fscrypt contexts are
inconsistent (bsc#1012829).

- ext4: mark inode dirty after converting inline directory
(bsc#1012876).

- ext4: reject inodes with negative size (bsc#1012876).

- fs, seqfile: always allow oom killer (bsc#1012876).

- ipv6: make ECMP route replacement less greedy
(bsc#930399).

- l2tp: hold tunnel socket when handling control frames in
l2tp_ip and l2tp_ip6 (bsc#1028415).

- mm: filemap: do not plant shadow entries without radix
tree node (bsc#1012876).

- netfilter: allow logging from non-init namespaces
(bsc#970083).

- nfsd4: minor NFSv2/v3 write decoding cleanup
(bsc#1034670 CVE#2017-7645).

- nfsd: check for oversized NFSv2/v3 arguments
(bsc#1034670 CVE#2017-7645).

- nfsd: stricter decoding of write-like NFSv2/v3 ops
(bsc#1034670 CVE#2017-7645).

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1012829
https://bugzilla.opensuse.org/show_bug.cgi?id=1012876
https://bugzilla.opensuse.org/show_bug.cgi?id=1028415
https://bugzilla.opensuse.org/show_bug.cgi?id=1030213
https://bugzilla.opensuse.org/show_bug.cgi?id=1031003
https://bugzilla.opensuse.org/show_bug.cgi?id=1031052
https://bugzilla.opensuse.org/show_bug.cgi?id=1031440
https://bugzilla.opensuse.org/show_bug.cgi?id=1031579
https://bugzilla.opensuse.org/show_bug.cgi?id=1032435
https://bugzilla.opensuse.org/show_bug.cgi?id=1033336
https://bugzilla.opensuse.org/show_bug.cgi?id=1033340
https://bugzilla.opensuse.org/show_bug.cgi?id=1033518
https://bugzilla.opensuse.org/show_bug.cgi?id=1034670
https://bugzilla.opensuse.org/show_bug.cgi?id=930399
https://bugzilla.opensuse.org/show_bug.cgi?id=970083

Solution :

Update the affected the Linux Kernel packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 100044 ()

Bugtraq ID:

CVE ID: CVE-2016-10318
CVE-2017-2671
CVE-2017-7187
CVE-2017-7261
CVE-2017-7294
CVE-2017-7308
CVE-2017-7616
CVE-2017-7618

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now