openSUSE Security Update : kernel (openSUSE-2012-65)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

The openSUSE 12.1 kernel was updated to 3.1.9 to fix bugs and security
issues. The full list of changes in 3.1.9 is available here :

http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.9
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.8
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.7
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.6
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.5
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.4
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.3
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.2
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.2

Following security issues have been fixed :

CVE-2011-2203: Missing NULL pointer check in hfs filesystem code

CVE-2011-4604: Fix possible kernel memory corruption if B.A.T.M.A.N.
mesh protocol is being used.

CVE-2012-0056: Local root vulnerability via writing to /proc/pid/mem

CVE-2012-0207: Remote DoS vulnerability via crafted IGMP packages.

Following non-security bug fixes have been added :

- BTRFS support has been improved with many bug fixes.

See also :

http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.2
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.3
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.4
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.5
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.6
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.7
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.8
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.9
https://bugzilla.novell.com/show_bug.cgi?id=672923
https://bugzilla.novell.com/show_bug.cgi?id=679059
https://bugzilla.novell.com/show_bug.cgi?id=689860
https://bugzilla.novell.com/show_bug.cgi?id=691052
https://bugzilla.novell.com/show_bug.cgi?id=698540
https://bugzilla.novell.com/show_bug.cgi?id=699709
https://bugzilla.novell.com/show_bug.cgi?id=724616
https://bugzilla.novell.com/show_bug.cgi?id=724620
https://bugzilla.novell.com/show_bug.cgi?id=724734
https://bugzilla.novell.com/show_bug.cgi?id=726296
https://bugzilla.novell.com/show_bug.cgi?id=727348
https://bugzilla.novell.com/show_bug.cgi?id=730103
https://bugzilla.novell.com/show_bug.cgi?id=730731
https://bugzilla.novell.com/show_bug.cgi?id=731261
https://bugzilla.novell.com/show_bug.cgi?id=736149
https://bugzilla.novell.com/show_bug.cgi?id=737624
https://bugzilla.novell.com/show_bug.cgi?id=740118
https://bugzilla.novell.com/show_bug.cgi?id=742279
https://bugzilla.novell.com/show_bug.cgi?id=742322
https://bugzilla.novell.com/show_bug.cgi?id=743608

Solution :

Update the affected kernel packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 74767 ()

Bugtraq ID:

CVE ID: CVE-2011-2203
CVE-2011-4604
CVE-2012-0056
CVE-2012-0207

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now