openSUSE Security Update : kernel (openSUSE-SU-2013:0396-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

The Linux kernel was updated to fix various bugs and security issues :

CVE-2013-0871: Race condition in the ptrace functionality in the Linux
kernel allowed local users to gain privileges via a PTRACE_SETREGS
ptrace system call in a crafted application, as demonstrated by
ptrace_death.

CVE-2013-0160: Avoid a side channel attack on /dev/ptmx (keyboard
input timing).

CVE-2012-5374: Fixed a local denial of service in the BTRFS hashing
code.

CVE-2013-0309: arch/x86/include/asm/pgtable.h in the Linux kernel,
when transparent huge pages are used, does not properly support
PROT_NONE memory regions, which allows local users to cause a denial
of service (system crash) via a crafted application.

CVE-2013-0268: The msr_open function in arch/x86/kernel/msr.c in the
Linux kernel allowed local users to bypass intended capability
restrictions by executing a crafted application as root, as
demonstrated by msr32.c.

CVE-2012-0957: The override_release function in kernel/sys.c in the
Linux kernel allowed local users to obtain sensitive information from
kernel stack memory via a uname system call in conjunction with a
UNAME26 personality.

CVE-2013-0216: The Xen netback functionality in the Linux kernel
allowed guest OS users to cause a denial of service (loop) by
triggering ring pointer corruption.

CVE-2013-0231: The pciback_enable_msi function in the PCI backend
driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for
the Linux kernel allowed guest OS users with PCI device access to
cause a denial of service via a large number of kernel log messages.
NOTE: some of these details are obtained from third-party information.

CVE-2012-4530: The load_script function in fs/binfmt_script.c in the
Linux kernel did not properly handle recursion, which allowed local
users to obtain sensitive information from kernel stack memory via a
crafted application.

CVE-2012-4508: Race condition in fs/ext4/extents.c in the Linux kernel
allowed local users to obtain sensitive information from a deleted
file by reading an extent that was not properly marked as
uninitialized.

CVE-2012-3412: The sfc (aka Solarflare Solarstorm) driver in the Linux
kernel allowed remote attackers to cause a denial of service (DMA
descriptor consumption and network-controller outage) via crafted TCP
packets that trigger a small MSS value.

CVE-2012-2745: The copy_creds function in kernel/cred.c in the Linux
kernel provided an invalid replacement session keyring to a child
process, which allowed local users to cause a denial of service
(panic) via a crafted application that uses the fork system call.

CVE-2012-3375: The epoll_ctl system call in fs/eventpoll.c in the
Linux kernel did not properly handle ELOOP errors in EPOLL_CTL_ADD
operations, which allowed local users to cause a denial of service
(file-descriptor consumption and system crash) via a crafted
application that attempts to create a circular epoll dependency.

CVE-2012-3400: Heap-based buffer overflow in the udf_load_logicalvol
function in fs/udf/super.c in the Linux kernel allowed remote
attackers to cause a denial of service (system crash) or possibly have
unspecified other impact via a crafted UDF filesystem.

See also :

http://lists.opensuse.org/opensuse-updates/2013-03/msg00013.html
https://bugzilla.novell.com/show_bug.cgi?id=714906
https://bugzilla.novell.com/show_bug.cgi?id=720226
https://bugzilla.novell.com/show_bug.cgi?id=733148
https://bugzilla.novell.com/show_bug.cgi?id=755546
https://bugzilla.novell.com/show_bug.cgi?id=762693
https://bugzilla.novell.com/show_bug.cgi?id=765524
https://bugzilla.novell.com/show_bug.cgi?id=768506
https://bugzilla.novell.com/show_bug.cgi?id=769784
https://bugzilla.novell.com/show_bug.cgi?id=769896
https://bugzilla.novell.com/show_bug.cgi?id=770695
https://bugzilla.novell.com/show_bug.cgi?id=773406
https://bugzilla.novell.com/show_bug.cgi?id=773831
https://bugzilla.novell.com/show_bug.cgi?id=774285
https://bugzilla.novell.com/show_bug.cgi?id=774523
https://bugzilla.novell.com/show_bug.cgi?id=774859
https://bugzilla.novell.com/show_bug.cgi?id=776144
https://bugzilla.novell.com/show_bug.cgi?id=778630
https://bugzilla.novell.com/show_bug.cgi?id=779432
https://bugzilla.novell.com/show_bug.cgi?id=781134
https://bugzilla.novell.com/show_bug.cgi?id=783515
https://bugzilla.novell.com/show_bug.cgi?id=784192
https://bugzilla.novell.com/show_bug.cgi?id=786013
https://bugzilla.novell.com/show_bug.cgi?id=787168
https://bugzilla.novell.com/show_bug.cgi?id=792500
https://bugzilla.novell.com/show_bug.cgi?id=793671
https://bugzilla.novell.com/show_bug.cgi?id=797175
https://bugzilla.novell.com/show_bug.cgi?id=799209
https://bugzilla.novell.com/show_bug.cgi?id=800280
https://bugzilla.novell.com/show_bug.cgi?id=801178
https://bugzilla.novell.com/show_bug.cgi?id=801782
https://bugzilla.novell.com/show_bug.cgi?id=802153
https://bugzilla.novell.com/show_bug.cgi?id=802642
https://bugzilla.novell.com/show_bug.cgi?id=804154
https://bugzilla.novell.com/show_bug.cgi?id=804652
https://bugzilla.novell.com/show_bug.cgi?id=804738

Solution :

Update the affected kernel packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now