openSUSE Security Update : the Linux Kernel (openSUSE-2017-1063) (BlueBorne)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

The openSUSE Leap 42.3 kernel was updated to 4.4.87 to receive various
security and bugfixes.

The following security bugs were fixed :

- CVE-2017-1000251: The native Bluetooth stack in the
Linux Kernel (BlueZ) was vulnerable to a stack overflow
vulnerability in the processing of L2CAP configuration
responses resulting in Remote code execution in kernel
space (bnc#1057389).

- CVE-2017-14106: The tcp_disconnect function in
net/ipv4/tcp.c in the Linux kernel allowed local users
to cause a denial of service (__tcp_select_window
divide-by-zero error and system crash) by triggering a
disconnect within a certain tcp_recvmsg code path

- CVE-2017-11472: The acpi_ns_terminate() function in
drivers/acpi/acpica/nsutils.c in the Linux kernel did
not flush the operand cache and causes a kernel stack
dump, which allowed local users to obtain sensitive
information from kernel memory and bypass the KASLR
protection mechanism via a crafted ACPI table

The following non-security bugs were fixed :

- acpica: IORT: Update SMMU models for revision C

- acpi/nfit: Fix memory corruption/Unregister mce decoder
on failure (bsc#1057047).

- ahci: do not use MSI for devices with the silly Intel
NVMe remapping scheme (bsc#1048912).

- ahci: thunderx2: stop engine fix update (bsc#1057031).

- alsa: hda/realtek - Add support headphone Mic for ALC221
of HP platform (bsc#1024405).

- arm64: mm: select CONFIG_ARCH_PROC_KCORE_TEXT

- arm64: PCI: Fix struct acpi_pci_root_ops allocation
failure path (bsc#1056849).

- arm64: Update config files. Enable ARCH_PROC_KCORE_TEXT

- blacklist.conf: gcc7 compiler warning (bsc#1056849)

- bnxt: add a missing rcu synchronization (bnc#1038583).

- bnxt: do not busy-poll when link is down (bnc#1038583).

- bnxt_en: Enable MRU enables bit when configuring VNIC
MRU (bnc#1038583).

- bnxt_en: Fix and clarify link_info->advertising

- bnxt_en: Fix a VXLAN vs GENEVE issue (bnc#1038583).

- bnxt_en: Fix NULL pointer dereference in a failure path
during open (bnc#1038583).

- bnxt_en: Fix NULL pointer dereference in reopen failure
path (bnc#1038583).

- bnxt_en: fix pci cleanup in bnxt_init_one() failure path

- bnxt_en: Fix ring arithmetic in bnxt_setup_tc()

- bnxt_en: Fix TX push operation on ARM64 (bnc#1038583).

- bnxt_en: Fix 'uninitialized variable' bug in TPA code
path (bnc#1038583).

- bnxt_en: Fix VF virtual link state (bnc#1038583).

- bnxt_en: initialize rc to zero to avoid returning
garbage (bnc#1038583).

- bnxt_en: Pad TX packets below 52 bytes (bnc#1038583).

- bnxt_en: Refactor TPA code path (bnc#1038583).

- ceph: fix readpage from fscache (bsc#1057015).

- cifs: add build_path_from_dentry_optional_prefix()

- cifs: add use_ipc flag to SMB2_ioctl() (fate#323482).

- cifs: Fix sparse warnings (fate#323482).

- cifs: implement get_dfs_refer for SMB2+ (fate#323482).

- cifs: let ses->ipc_tid hold smb2 TreeIds (fate#323482).

- cifs: move DFS response parsing out of SMB1 code

- cifs: remove any preceding delimiter from prefix_path

- cifs: set signing flag in SMB2+ TreeConnect if needed

- cifs: use DFS pathnames in SMB2+ Create requests

- cpufreq: intel_pstate: Disable energy efficiency
optimization (bsc#1054654).

- cxgb4: Fix stack out-of-bounds read due to wrong size to
t4_record_mbox() (bsc#1021424 bsc#1022743).

- device-dax: fix cdev leak (bsc#1057047).

- dmaengine: mv_xor_v2: do not use descriptors not acked
by async_tx (bsc#1056849).

- dmaengine: mv_xor_v2: enable XOR engine after its
configuration (bsc#1056849).

- dmaengine: mv_xor_v2: fix tx_submit() implementation

- dmaengine: mv_xor_v2: handle mv_xor_v2_prep_sw_desc()
error properly (bsc#1056849).

- dmaengine: mv_xor_v2: properly handle wrapping in the
array of HW descriptors (bsc#1056849).

- dmaengine: mv_xor_v2: remove interrupt coalescing

- dmaengine: mv_xor_v2: set DMA mask to 40 bits

- drivers: base: cacheinfo: fix boot error message when
acpi is enabled (bsc#1057849).

- edac, thunderx: Fix a warning during l2c debugfs node
creation (bsc#1057038).

- edac, thunderx: Fix error handling path in
thunderx_lmc_probe() (bsc#1057038).

- fs/proc: kcore: use kcore_list type to check for
vmalloc/module address (bsc#1046529).

- gfs2: Do not clear SGID when inheriting ACLs

- ib/hns: checking for IS_ERR() instead of NULL

- ibmvnic: Clean up resources on probe failure
(fate#323285, bsc#1058116).

- ib/rxe: Add dst_clone() in prepare_ipv6_hdr()

- ib/rxe: Avoid ICRC errors by copying into the skb first

- ib/rxe: Disable completion upcalls when a CQ is
destroyed (bsc#1049361).

- ib/rxe: Fix destination cache for IPv6 (bsc#1049361).

- ib/rxe: Fix up rxe_qp_cleanup() (bsc#1049361).

- ib/rxe: Fix up the responder's find_resources() function

- ib/rxe: Handle NETDEV_CHANGE events (bsc#1049361).

- ib/rxe: Move refcounting earlier in rxe_send()

- ib/rxe: Remove dangling prototype (bsc#1049361).

- ib/rxe: Remove unneeded initialization in prepare6()

- ib/rxe: Set dma_mask and coherent_dma_mask

- iommu/arm-smmu-v3, acpi: Add temporary Cavium SMMU-V3
IORT model number definitions (bsc#1036060).

- iommu/arm-smmu-v3: Increase CMDQ drain timeout value
(bsc#1035479). Refresh patch to mainline version

- irqchip/gic-v3-its: Fix command buffer allocation

- iwlwifi: mvm: do not send CTDP commands via debugfs if
not supported (bsc#1031717).

- kernel/*: switch to memdup_user_nul() (bsc#1048893).

- lightnvm: remove unused rq parameter of
nvme_nvm_rqtocmd() to kill warning (FATE#319466).

- md/raid5: fix a race condition in stripe batch

- mmc: sdhci-xenon: add set_power callback (bsc#1057035).

- mmc: sdhci-xenon: Fix the work flow in xenon_remove()

- mm/page_alloc.c: apply gfp_allowed_mask before the first
allocation attempt (bnc#971975 VM -- git fixes).

- mm/vmalloc.c: huge-vmap: fail gracefully on unexpected
huge vmap mappings (bsc#1046529).

- new helper: memdup_user_nul() (bsc#1048893).

- nfs: flush data when locking a file to ensure cache
coherence for mmap (bsc#981309).

- pci: rockchip: Handle regulator_get_current_limit()
failure correctly (bsc#1056849).

- pci: rockchip: Use normal register bank for config
accessors (bsc#1056849).

- pm / Domains: Fix unsafe iteration over modified list of
domains (bsc#1056849).

- rtnetlink: fix rtnl_vfinfo_size (bsc#1056261).

- scsi: hisi_sas: add missing break in switch statement

- sysctl: fix lax sysctl_check_table() sanity check

- sysctl: fold sysctl_writes_strict checks into helper

- sysctl: kdoc'ify sysctl_writes_strict (bsc#1048893).

- sysctl: simplify unsigned int support (bsc#1048893).

- ubifs: Correctly evict xattr inodes (bsc#1012829).

- ubifs: Do not leak kernel memory to the MTD

- xfs: fix inobt inode allocation search optimization

See also :

Solution :

Update the affected the Linux Kernel packages.

Risk factor :

High / CVSS Base Score : 8.3

Family: SuSE Local Security Checks

Nessus Plugin ID: 103288 ()

Bugtraq ID:

CVE ID: CVE-2017-1000251

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now