openSUSE Security Update : the Linux Kernel (openSUSE-2017-1062) (BlueBorne)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

The openSUSE Leap 42.2 kernel was updated to 4.4.87 to receive various
security and bugfixes.

The following security bugs were fixed :

- CVE-2017-1000251: The native Bluetooth stack in the
Linux Kernel (BlueZ) was vulnerable to a stack overflow
vulnerability in the processing of L2CAP configuration
responses resulting in Remote code execution in kernel
space (bnc#1057389).

- CVE-2017-14106: The tcp_disconnect function in
net/ipv4/tcp.c in the Linux kernel allowed local users
to cause a denial of service (__tcp_select_window
divide-by-zero error and system crash) by triggering a
disconnect within a certain tcp_recvmsg code path

- CVE-2017-11472: The acpi_ns_terminate() function in
drivers/acpi/acpica/nsutils.c in the Linux kernel did
not flush the operand cache and causes a kernel stack
dump, which allowed local users to obtain sensitive
information from kernel memory and bypass the KASLR
protection mechanism (in the kernel through 4.9) via a
crafted ACPI table (bnc#1049580).

- CVE-2017-14051: An integer overflow in the
qla2x00_sysfs_write_optrom_ctl function in
drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel
allowed local users to cause a denial of service (memory
corruption and system crash) by leveraging root access

- CVE-2017-12134: The xen_biovec_phys_mergeable function
in drivers/xen/biomerge.c in Xen might allow local OS
guest users to corrupt block device data streams and
consequently obtain sensitive memory information, cause
a denial of service, or gain host OS privileges by
leveraging incorrect block IO merge-ability calculation
(bnc#1051790 1053919).

The following non-security bugs were fixed :

- acpi / scan: Prefer devices without _HID for _ADR
matching (git-fixes).

- alsa: hda - Add stereo mic quirk for Lenovo G50-70
(17aa:3978) (bsc#1020657).

- alsa: hda - Implement mic-mute LED mode enum

- alsa: hda/realtek - Add support headphone Mic for ALC221
of HP platform (bsc#1024405).

- alsa: ice1712: Add support for STAudio ADCIII

- alsa: usb-audio: Apply sample rate quirk to Sennheiser
headset (bsc#1052580).

- Add 'shutdown' to 'struct class' (bsc#1053117).

- bluetooth: bnep: fix possible might sleep error in
bnep_session (bsc#1031784).

- bluetooth: cmtp: fix possible might sleep error in
cmtp_session (bsc#1031784).

- btrfs: fix early ENOSPC due to delalloc (bsc#1049226).

- nfs: flush data when locking a file to ensure cache
coherence for mmap (bsc#981309).

- Revert '/proc/iomem: only expose physical resource
addresses to privileged users' (kabi).

- Revert 'Make file credentials available to the seqfile
interfaces' (kabi).

- usb: core: fix device node leak (bsc#1047487).

- Update
trusted.patch (bsc#1020645, fate#321435, fate#321507,
fate#321600, bsc#1034048, git-fixes 5ca4c20cfd37).

- bnxt: add a missing rcu synchronization (bnc#1038583).

- bnxt: do not busy-poll when link is down (bnc#1038583).

- bnxt_en: Enable MRU enables bit when configuring VNIC
MRU (bnc#1038583).

- bnxt_en: Fix 'uninitialized variable' bug in TPA code
path (bnc#1038583).

- bnxt_en: Fix NULL pointer dereference in a failure path
during open (bnc#1038583).

- bnxt_en: Fix NULL pointer dereference in reopen failure
path (bnc#1038583).

- bnxt_en: Fix TX push operation on ARM64 (bnc#1038583).

- bnxt_en: Fix VF virtual link state (bnc#1038583).

- bnxt_en: Fix a VXLAN vs GENEVE issue (bnc#1038583).

- bnxt_en: Fix and clarify link_info->advertising

- bnxt_en: Fix ring arithmetic in bnxt_setup_tc()

- bnxt_en: Pad TX packets below 52 bytes (bnc#1038583).

- bnxt_en: Refactor TPA code path (bnc#1038583).

- bnxt_en: fix pci cleanup in bnxt_init_one() failure path

- bnxt_en: initialize rc to zero to avoid returning
garbage (bnc#1038583).

- ceph: fix readpage from fscache (bsc#1057015).

- cxgb4: Fix stack out-of-bounds read due to wrong size to
t4_record_mbox() (bsc#1021424 bsc#1022743).

- drivers: net: xgene: Fix wrong logical operation

- drm/vmwgfx: Limit max desktop dimensions to 8Kx8K

- fuse: initialize the flock flag in fuse_file on
allocation (git-fixes).

- gfs2: Do not clear SGID when inheriting ACLs

- ibmvnic: Clean up resources on probe failure
(fate#323285, bsc#1058116).

- iwlwifi: missing error code in iwl_trans_pcie_alloc()

- iwlwifi: mvm: do not send CTDP commands via debugfs if
not supported (bsc#1031717).

- kernel/*: switch to memdup_user_nul() (bsc#1048893).

- lib: test_rhashtable: Fix KASAN warning (bsc#1055359).

- lib: test_rhashtable: fix for large entry counts

- lightnvm: remove unused rq parameter of
nvme_nvm_rqtocmd() to kill warning (FATE#319466).

- md/raid5: fix a race condition in stripe batch

- mm, madvise: ensure poisoned pages are removed from
per-cpu lists (VM hw poison -- git fixes).

- mm/page_alloc.c: apply gfp_allowed_mask before the first
allocation attempt (bnc#971975 VM -- git fixes).

- mptsas: Fixup device hotplug for VMware ESXi

- netfilter: fix IS_ERR_VALUE usage (bsc#1052888).

- netfilter: x_tables: pack percpu counter allocations

- netfilter: x_tables: pass xt_counters struct instead of
packet counter (bsc#1052888).

- netfilter: x_tables: pass xt_counters struct to counter
allocator (bsc#1052888).

- new helper: memdup_user_nul() (bsc#1048893).

- of: fix '/cpus' reference leak in
of_numa_parse_cpu_nodes() (bsc#1056827).

- ovl: fix dentry leak for default_permissions

- percpu_ref: allow operation mode switching operations to
be called concurrently (bsc#1055096).

- percpu_ref: remove unnecessary RCU grace period for
staggered atomic switching confirmation (bsc#1055096).

- percpu_ref: reorganize __percpu_ref_switch_to_atomic()
and relocate percpu_ref_switch_to_atomic()

- percpu_ref: restructure operation mode switching

- percpu_ref: unify staggered atomic switching wait
behavior (bsc#1055096).

- rtnetlink: fix rtnl_vfinfo_size (bsc#1056261).

- s390: export symbols for crash-kmp (bsc#1053915).

- supported.conf: clear mistaken external support flag for
cifs.ko (bsc#1053802).

- sysctl: fix lax sysctl_check_table() sanity check

- sysctl: fold sysctl_writes_strict checks into helper

- sysctl: kdoc'ify sysctl_writes_strict (bsc#1048893).

- sysctl: simplify unsigned int support (bsc#1048893).

- tpm: Issue a TPM2_Shutdown for TPM2 devices

- tpm: KABI fix (bsc#1053117).

- tpm: fix: return rc when devm_add_action() fails
(bsc#1020645, fate#321435, fate#321507, fate#321600,
bsc#1034048, git-fixes 8e0ee3c9faed).

- tpm: read burstcount from TPM_STS in one 32-bit
transaction (bsc#1020645, fate#321435, fate#321507,
fate#321600, bsc#1034048, git-fixes 27084efee0c3).

- tpm_tis_core: Choose appropriate timeout for reading
burstcount (bsc#1020645, fate#321435, fate#321507,
fate#321600, bsc#1034048, git-fixes aec04cbdf723).

- tpm_tis_core: convert max timeouts from msec to jiffies
(bsc#1020645, fate#321435, fate#321507, fate#321600,
bsc#1034048, git-fixes aec04cbdf723).

- tty: serial: msm: Support more bauds (git-fixes).

- ubifs: Correctly evict xattr inodes (bsc#1012829).

- ubifs: Do not leak kernel memory to the MTD

- xfs: fix inobt inode allocation search optimization

See also :

Solution :

Update the affected the Linux Kernel packages.

Risk factor :

High / CVSS Base Score : 8.3

Family: SuSE Local Security Checks

Nessus Plugin ID: 103287 ()

Bugtraq ID:

CVE ID: CVE-2017-1000251

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now