SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:1853-1) (Stack Clash)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote SUSE host is missing one or more security updates.

Description :

The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.74 to
receive various security and bugfixes. The following security bugs
were fixed :

- CVE-2017-1000365: The Linux Kernel imposes a size
restriction on the arguments and environmental strings
passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the
size), but did not take the argument and environment
pointers into account, which allowed attackers to bypass
this limitation. (bnc#1039354).

- CVE-2017-1000380: sound/core/timer.c in the Linux kernel
is vulnerable to a data race in the ALSA /dev/snd/timer
driver resulting in local users being able to read
information belonging to other users, i.e.,
uninitialized memory contents may be disclosed when a
read and an ioctl happen at the same time (bnc#1044125).

- CVE-2017-7346: The vmw_gb_surface_define_ioctl function
in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux
kernel did not validate certain levels data, which
allowed local users to cause a denial of service (system
hang) via a crafted ioctl call for a /dev/dri/renderD*
device (bnc#1031796).

- CVE-2017-9242: The __ip6_append_data function in
net/ipv6/ip6_output.c in the Linux kernel is too late in
checking whether an overwrite of an skb data structure
may occur, which allowed local users to cause a denial
of service (system crash) via crafted system calls
(bnc#1041431).

- CVE-2017-9076: The dccp_v6_request_recv_sock function in
net/dccp/ipv6.c in the Linux kernel mishandled
inheritance, which allowed local users to cause a denial
of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890
(bnc#1039885).

- CVE-2017-9077: The tcp_v6_syn_recv_sock function in
net/ipv6/tcp_ipv6.c in the Linux kernel mishandled
inheritance, which allowed local users to cause a denial
of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890
(bnc#1040069).

- CVE-2017-9075: The sctp_v6_create_accept_sk function in
net/sctp/ipv6.c in the Linux kernel mishandled
inheritance, which allowed local users to cause a denial
of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890
(bnc#1039883).

- CVE-2017-9074: The IPv6 fragmentation implementation in
the Linux kernel did not consider that the nexthdr field
may be associated with an invalid option, which allowed
local users to cause a denial of service (out-of-bounds
read and BUG) or possibly have unspecified other impact
via crafted socket and send system calls (bnc#1039882).

- CVE-2017-8924: The edge_bulk_in_callback function in
drivers/usb/serial/io_ti.c in the Linux kernel allowed
local users to obtain sensitive information (in the
dmesg ringbuffer and syslog) from uninitialized kernel
memory by using a crafted USB device (posing as an io_ti
USB serial device) to trigger an integer underflow.
(bsc#1038982)

- CVE-2017-8925: The omninet_open function in
drivers/usb/serial/omninet.c in the Linux kernel allowed
local users to cause a denial of service (tty
exhaustion) by leveraging reference count mishandling.
(bsc#1038981)

- CVE-2017-7487: The ipxitf_ioctl function in
net/ipx/af_ipx.c in the Linux kernel mishandled
reference counts, which allowed local users to cause a
denial of service (use-after-free) or possibly have
unspecified other impact via a failed SIOCGIFADDR ioctl
call for an IPX interface (bnc#1038879).

- CVE-2017-8890: The inet_csk_clone_lock function in
net/ipv4/inet_connection_sock.c in the Linux kernel
allowed attackers to cause a denial of service (double
free) or possibly have unspecified other impact by
leveraging use of the accept system call (bnc#1038544).

- CVE-2017-9150: The do_check function in
kernel/bpf/verifier.c in the Linux kernel did not make
the allow_ptr_leaks value available for restricting the
output of the print_bpf_insn function, which allowed
local users to obtain sensitive address information via
crafted bpf system calls (bnc#1040279).

- CVE-2017-7618: crypto/ahash.c in the Linux kernel
allowed attackers to cause a denial of service (API
operation calling its own callback, and infinite
recursion) by triggering EBUSY on a full queue
(bnc#1033340).

- CVE-2017-7616: Incorrect error handling in the
set_mempolicy and mbind compat syscalls in
mm/mempolicy.c in the Linux kernel allowed local users
to obtain sensitive information from uninitialized stack
data by triggering failure of a certain bitmap operation
(bnc#1033336).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/1003581
https://bugzilla.suse.com/1004003
https://bugzilla.suse.com/1011044
https://bugzilla.suse.com/1012060
https://bugzilla.suse.com/1012382
https://bugzilla.suse.com/1012422
https://bugzilla.suse.com/1012452
https://bugzilla.suse.com/1012829
https://bugzilla.suse.com/1012910
https://bugzilla.suse.com/1012985
https://bugzilla.suse.com/1013561
https://bugzilla.suse.com/1013887
https://bugzilla.suse.com/1015342
https://bugzilla.suse.com/1015452
https://bugzilla.suse.com/1017461
https://bugzilla.suse.com/1018885
https://bugzilla.suse.com/1020412
https://bugzilla.suse.com/1021424
https://bugzilla.suse.com/1022266
https://bugzilla.suse.com/1022595
https://bugzilla.suse.com/1023287
https://bugzilla.suse.com/1025461
https://bugzilla.suse.com/1026570
https://bugzilla.suse.com/1027101
https://bugzilla.suse.com/1027512
https://bugzilla.suse.com/1027974
https://bugzilla.suse.com/1028217
https://bugzilla.suse.com/1028310
https://bugzilla.suse.com/1028340
https://bugzilla.suse.com/1028883
https://bugzilla.suse.com/1029607
https://bugzilla.suse.com/1030057
https://bugzilla.suse.com/1030070
https://bugzilla.suse.com/1031040
https://bugzilla.suse.com/1031142
https://bugzilla.suse.com/1031147
https://bugzilla.suse.com/1031470
https://bugzilla.suse.com/1031500
https://bugzilla.suse.com/1031512
https://bugzilla.suse.com/1031555
https://bugzilla.suse.com/1031717
https://bugzilla.suse.com/1031796
https://bugzilla.suse.com/1032141
https://bugzilla.suse.com/1032339
https://bugzilla.suse.com/1032345
https://bugzilla.suse.com/1032400
https://bugzilla.suse.com/1032581
https://bugzilla.suse.com/1032803
https://bugzilla.suse.com/1033117
https://bugzilla.suse.com/1033281
https://bugzilla.suse.com/1033336
https://bugzilla.suse.com/1033340
https://bugzilla.suse.com/1033885
https://bugzilla.suse.com/1034048
https://bugzilla.suse.com/1034419
https://bugzilla.suse.com/1034635
https://bugzilla.suse.com/1034670
https://bugzilla.suse.com/1034671
https://bugzilla.suse.com/1034762
https://bugzilla.suse.com/1034902
https://bugzilla.suse.com/1034995
https://bugzilla.suse.com/1035024
https://bugzilla.suse.com/1035866
https://bugzilla.suse.com/1035887
https://bugzilla.suse.com/1035920
https://bugzilla.suse.com/1035922
https://bugzilla.suse.com/1036214
https://bugzilla.suse.com/1036638
https://bugzilla.suse.com/1036752
https://bugzilla.suse.com/1036763
https://bugzilla.suse.com/1037177
https://bugzilla.suse.com/1037186
https://bugzilla.suse.com/1037384
https://bugzilla.suse.com/1037483
https://bugzilla.suse.com/1037669
https://bugzilla.suse.com/1037840
https://bugzilla.suse.com/1037871
https://bugzilla.suse.com/1037969
https://bugzilla.suse.com/1038033
https://bugzilla.suse.com/1038043
https://bugzilla.suse.com/1038085
https://bugzilla.suse.com/1038142
https://bugzilla.suse.com/1038143
https://bugzilla.suse.com/1038297
https://bugzilla.suse.com/1038458
https://bugzilla.suse.com/1038544
https://bugzilla.suse.com/1038842
https://bugzilla.suse.com/1038843
https://bugzilla.suse.com/1038846
https://bugzilla.suse.com/1038847
https://bugzilla.suse.com/1038848
https://bugzilla.suse.com/1038879
https://bugzilla.suse.com/1038981
https://bugzilla.suse.com/1038982
https://bugzilla.suse.com/1039214
https://bugzilla.suse.com/1039348
https://bugzilla.suse.com/1039354
https://bugzilla.suse.com/1039700
https://bugzilla.suse.com/1039864
https://bugzilla.suse.com/1039882
https://bugzilla.suse.com/1039883
https://bugzilla.suse.com/1039885
https://bugzilla.suse.com/1039900
https://bugzilla.suse.com/1040069
https://bugzilla.suse.com/1040125
https://bugzilla.suse.com/1040182
https://bugzilla.suse.com/1040279
https://bugzilla.suse.com/1040351
https://bugzilla.suse.com/1040364
https://bugzilla.suse.com/1040395
https://bugzilla.suse.com/1040425
https://bugzilla.suse.com/1040463
https://bugzilla.suse.com/1040567
https://bugzilla.suse.com/1040609
https://bugzilla.suse.com/1040855
https://bugzilla.suse.com/1040929
https://bugzilla.suse.com/1040941
https://bugzilla.suse.com/1041087
https://bugzilla.suse.com/1041160
https://bugzilla.suse.com/1041168
https://bugzilla.suse.com/1041242
https://bugzilla.suse.com/1041431
https://bugzilla.suse.com/1041810
https://bugzilla.suse.com/1042286
https://bugzilla.suse.com/1042356
https://bugzilla.suse.com/1042421
https://bugzilla.suse.com/1042517
https://bugzilla.suse.com/1042535
https://bugzilla.suse.com/1042536
https://bugzilla.suse.com/1042863
https://bugzilla.suse.com/1042886
https://bugzilla.suse.com/1043014
https://bugzilla.suse.com/1043231
https://bugzilla.suse.com/1043236
https://bugzilla.suse.com/1043347
https://bugzilla.suse.com/1043371
https://bugzilla.suse.com/1043467
https://bugzilla.suse.com/1043488
https://bugzilla.suse.com/1043598
https://bugzilla.suse.com/1043912
https://bugzilla.suse.com/1043935
https://bugzilla.suse.com/1043990
https://bugzilla.suse.com/1044015
https://bugzilla.suse.com/1044082
https://bugzilla.suse.com/1044120
https://bugzilla.suse.com/1044125
https://bugzilla.suse.com/1044532
https://bugzilla.suse.com/1044767
https://bugzilla.suse.com/1044772
https://bugzilla.suse.com/1044854
https://bugzilla.suse.com/1044880
https://bugzilla.suse.com/1044912
https://bugzilla.suse.com/1045154
https://bugzilla.suse.com/1045235
https://bugzilla.suse.com/1045286
https://bugzilla.suse.com/1045307
https://bugzilla.suse.com/1045467
https://bugzilla.suse.com/1045568
https://bugzilla.suse.com/1046105
https://bugzilla.suse.com/1046434
https://bugzilla.suse.com/1046589
https://bugzilla.suse.com/799133
https://bugzilla.suse.com/863764
https://bugzilla.suse.com/922871
https://bugzilla.suse.com/939801
https://bugzilla.suse.com/966170
https://bugzilla.suse.com/966172
https://bugzilla.suse.com/966191
https://bugzilla.suse.com/966321
https://bugzilla.suse.com/966339
https://bugzilla.suse.com/971975
https://bugzilla.suse.com/988065
https://bugzilla.suse.com/989311
https://bugzilla.suse.com/990058
https://bugzilla.suse.com/990682
https://bugzilla.suse.com/993832
https://bugzilla.suse.com/995542
https://www.suse.com/security/cve/CVE-2017-1000365.html
https://www.suse.com/security/cve/CVE-2017-1000380.html
https://www.suse.com/security/cve/CVE-2017-7346.html
https://www.suse.com/security/cve/CVE-2017-7487.html
https://www.suse.com/security/cve/CVE-2017-7616.html
https://www.suse.com/security/cve/CVE-2017-7618.html
https://www.suse.com/security/cve/CVE-2017-8890.html
https://www.suse.com/security/cve/CVE-2017-8924.html
https://www.suse.com/security/cve/CVE-2017-8925.html
https://www.suse.com/security/cve/CVE-2017-9074.html
https://www.suse.com/security/cve/CVE-2017-9075.html
https://www.suse.com/security/cve/CVE-2017-9076.html
https://www.suse.com/security/cve/CVE-2017-9077.html
https://www.suse.com/security/cve/CVE-2017-9150.html
https://www.suse.com/security/cve/CVE-2017-9242.html
http://www.nessus.org/u?d03f748f

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch
SUSE-SLE-WE-12-SP2-2017-1146=1

SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t
patch SUSE-SLE-SDK-12-SP2-2017-1146=1

SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t
patch SUSE-SLE-RPI-12-SP2-2017-1146=1

SUSE Linux Enterprise Server 12-SP2:zypper in -t patch
SUSE-SLE-SERVER-12-SP2-2017-1146=1

SUSE Linux Enterprise Live Patching 12:zypper in -t patch
SUSE-SLE-Live-Patching-12-2017-1146=1

SUSE Linux Enterprise High Availability 12-SP2:zypper in -t patch
SUSE-SLE-HA-12-SP2-2017-1146=1

SUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch
SUSE-SLE-DESKTOP-12-SP2-2017-1146=1

OpenStack Cloud Magnum Orchestration 7:zypper in -t patch
SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1146=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now