openSUSE Security Update : the Linux Kernel (openSUSE-2015-301)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

The Linux kernel was updated to fix various bugs and security issues.

Following security issues were fixed :

- CVE-2014-8173: A NULL pointer dereference flaw was found
in the way the Linux kernels madvise MADV_WILLNEED
functionality handled page table locking. A local,
unprivileged user could have used this flaw to crash the
system.

- CVE-2015-1593: A integer overflow reduced the
effectiveness of the stack randomization on 64-bit
systems.

- CVE-2014-7822: A flaw was found in the way the Linux
kernels splice() system call validated its parameters.
On certain file systems, a local, unprivileged user
could have used this flaw to write past the maximum file
size, and thus crash the system.

- CVE-2014-9419: The __switch_to function in
arch/x86/kernel/process_64.c in the Linux kernel did not
ensure that Thread Local Storage (TLS) descriptors are
loaded before proceeding with other steps, which made it
easier for local users to bypass the ASLR protection
mechanism via a crafted application that reads a TLS
base address.

- CVE-2014-8134: The paravirt_ops_setup function in
arch/x86/kernel/kvm.c in the Linux kernel used an
improper paravirt_enabled setting for KVM guest kernels,
which made it easier for guest OS users to bypass the
ASLR protection mechanism via a crafted application that
reads a 16-bit value.

- CVE-2014-8160:
net/netfilter/nf_conntrack_proto_generic.c in the Linux
kernel generated incorrect conntrack entries during
handling of certain iptables rule sets for the SCTP,
DCCP, GRE, and UDP-Lite protocols, which allowed remote
attackers to bypass intended access restrictions via
packets with disallowed port numbers.

- CVE-2014-9529: Race condition in the key_gc_unused_keys
function in security/keys/gc.c in the Linux kernel
allowed local users to cause a denial of service (memory
corruption or panic) or possibly have unspecified other
impact via keyctl commands that trigger access to a key
structure member during garbage collection of a key.

- CVE-2014-8559: The d_walk function in fs/dcache.c in the
Linux kernel through did not properly maintain the
semantics of rename_lock, which allowed local users to
cause a denial of service (deadlock and system hang) via
a crafted application.

- CVE-2014-9420: The rock_continue function in
fs/isofs/rock.c in the Linux kernel did not restrict the
number of Rock Ridge continuation entries, which allowed
local users to cause a denial of service (infinite loop,
and system crash or hang) via a crafted iso9660 image.

- CVE-2014-9584: The parse_rock_ridge_inode_internal
function in fs/isofs/rock.c in the Linux kernel did not
validate a length value in the Extensions Reference (ER)
System Use Field, which allowed local users to obtain
sensitive information from kernel memory via a crafted
iso9660 image.

- CVE-2014-9585: The vdso_addr function in
arch/x86/vdso/vma.c in the Linux kernel did not properly
choose memory locations for the vDSO area, which made it
easier for local users to bypass the ASLR protection
mechanism by guessing a location at the end of a PMD.

Following bugs were fixed :

- HID: usbhid: enable always-poll quirk for Elan
Touchscreen 0103 (bnc#920901).

- HID: usbhid: enable always-poll quirk for Elan
Touchscreen 016f (bnc#920901).

- HID: usbhid: enable always-poll quirk for Elan
Touchscreen 009b (bnc#920901).

- HID: usbhid: add another mouse that needs
QUIRK_ALWAYS_POLL (bnc#920901).

- HID: usbhid: fix PIXART optical mouse (bnc#920901).

- HID: usbhid: enable always-poll quirk for Elan
Touchscreen (bnc#920901).

- HID: usbhid: add always-poll quirk (bnc#920901).

- storvsc: ring buffer failures may result in I/O freeze
(bnc#914175).

- mm, vmscan: prevent kswapd livelock due to
pfmemalloc-throttled process being killed (VM
Functionality bnc#910150).

- Input: evdev - fix EVIOCG{type} ioctl (bnc#904899).

- mnt: Implicitly add MNT_NODEV on remount when it was
implicitly added by mount (bsc#907988).

- DocBook: Do not exceed argument list limit.

- DocBook: Make mandocs parallel-safe.

- mm: free compound page with correct order (bnc#913695).

- udf: Check component length before reading it.

- udf: Check path length when reading symlink.

- udf: Verify symlink size before loading it.

- udf: Verify i_size when loading inode.

- xfs: remote attribute overwrite causes transaction
overrun.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=903640
https://bugzilla.opensuse.org/show_bug.cgi?id=904899
https://bugzilla.opensuse.org/show_bug.cgi?id=907988
https://bugzilla.opensuse.org/show_bug.cgi?id=909078
https://bugzilla.opensuse.org/show_bug.cgi?id=910150
https://bugzilla.opensuse.org/show_bug.cgi?id=911325
https://bugzilla.opensuse.org/show_bug.cgi?id=911326
https://bugzilla.opensuse.org/show_bug.cgi?id=912202
https://bugzilla.opensuse.org/show_bug.cgi?id=912654
https://bugzilla.opensuse.org/show_bug.cgi?id=912705
https://bugzilla.opensuse.org/show_bug.cgi?id=913059
https://bugzilla.opensuse.org/show_bug.cgi?id=913695
https://bugzilla.opensuse.org/show_bug.cgi?id=914175
https://bugzilla.opensuse.org/show_bug.cgi?id=915322
https://bugzilla.opensuse.org/show_bug.cgi?id=917839
https://bugzilla.opensuse.org/show_bug.cgi?id=920901

Solution :

Update the affected the Linux Kernel packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now