openSUSE Security Update : the Linux Kernel (openSUSE-2017-929)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

The openSUSE Leap 42.2 kernel was updated to receive various security
and bugfixes.

The following security bugs were fixed :

- CVE-2017-1000111: Fixed a race condition in net-packet
code that could be exploited to cause out-of-bounds
memory access (bsc#1052365).

- CVE-2017-1000112: Fixed a race condition in net-packet
code that could have been exploited by unprivileged
users to gain root access. (bsc#1052311).

- CVE-2017-8831: The saa7164_bus_get function in
drivers/media/pci/saa7164/saa7164-bus.c in the Linux
kernel allowed local users to cause a denial of service
(out-of-bounds array access) or possibly have
unspecified other impact by changing a certain
sequence-number value, aka a 'double fetch'
vulnerability (bnc#1037994).

The following non-security bugs were fixed :

- IB/hfi1: Wait for QSFP modules to initialize

- bcache: force trigger gc (bsc#1038078).

- bcache: only recovery I/O error for writethrough mode

- block: do not allow updates through sysfs until
registration completes (bsc#1047027).

- ibmvnic: Check for transport event on driver resume
(bsc#1051556, bsc#1052709).

- ibmvnic: Initialize SCRQ's during login renegotiation

- ibmvnic: Report rx buffer return codes as netdev_dbg

- iommu/amd: Fix schedule-while-atomic BUG in
initialization code (bsc1052533).

- libnvdimm, pmem: fix a NULL pointer BUG in
nd_pmem_notify (bsc#1023175).

- libnvdimm: fix badblock range handling of ARS range

- qeth: fix L3 next-hop im xmit qeth hdr (bnc#1052773,

- scsi_devinfo: fixup string compare (bsc#1037404).

- scsi_dh_alua: suppress errors from unsupported devices

- vfs: fix missing inode_get_dev sites (bsc#1052049).

- x86/dmi: Switch dmi_remap() from ioremap() to
ioremap_cache() (bsc#1051399).

See also :

Solution :

Update the affected the Linux Kernel packages.

Risk factor :

High / CVSS Base Score : 7.2
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 102509 ()

Bugtraq ID:

CVE ID: CVE-2017-1000111

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now