SUSE SLES12 Security Update : kernel (SUSE-SU-2016:2005-1)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote SUSE host is missing one or more security updates.

Description :

This update for the Linux Kernel 3.12.48-52_27 fixes several issues.
The following security bugs were fixed :

- CVE-2016-4470: The key_reject_and_link function in
security/keys/key.c in the Linux kernel did not ensure
that a certain data structure is initialized, which
allowed local users to cause a denial of service (system
crash) via vectors involving a crafted keyctl request2
command (bsc#984764).

- CVE-2016-1583: The ecryptfs_privileged_open function in
fs/ecryptfs/kthread.c in the Linux kernel allowed local
users to gain privileges or cause a denial of service
(stack memory consumption) via vectors involving crafted
mmap calls for /proc pathnames, leading to recursive
pagefault handling (bsc#983144).

- CVE-2016-4565: The InfiniBand (aka IB) stack in the
Linux kernel incorrectly relied on the write system
call, which allowed local users to cause a denial of
service (kernel memory write operation) or possibly have
unspecified other impact via a uAPI interface
(bsc#980883).

- CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in
the Linux kernel allowed local users to gain privileges
via crafted ASN.1 data (bsc#980856).

- CVE-2015-8019: The skb_copy_and_csum_datagram_iovec
function in net/core/datagram.c in the Linux kernel did
not accept a length argument, which allowed local users
to cause a denial of service (memory corruption) or
possibly have unspecified other impact via a write
system call followed by a recvmsg system call
(bsc#979078).

- CVE-2016-2053: The asn1_ber_decoder function in
lib/asn1_decoder.c in the Linux kernel allowed attackers
to cause a denial of service (panic) via an ASN.1 BER
file that lacks a public key, leading to mishandling by
the public_key_verify_signature function in
crypto/asymmetric_keys/public_key.c (bsc#979074).

- CVE-2015-8816: The hub_activate function in
drivers/usb/core/hub.c in the Linux kernel did not
properly maintain a hub-interface data structure, which
allowed physically proximate attackers to cause a denial
of service (invalid memory access and system crash) or
possibly have unspecified other impact by unplugging a
USB hub device (bsc#979064).

- CVE-2016-3134: The netfilter subsystem in the Linux
kernel did not validate certain offset fields, which
allowed local users to gain privileges or cause a denial
of service (heap memory corruption) via an
IPT_SO_SET_REPLACE setsockopt call (bsc#971793).

- CVE-2013-7446: Use-after-free vulnerability in
net/unix/af_unix.c in the Linux kernel allowed local
users to bypass intended AF_UNIX socket permissions or
cause a denial of service (panic) via crafted epoll_ctl
calls (bsc#973570, bsc#955837).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/955837
https://bugzilla.suse.com/971793
https://bugzilla.suse.com/973570
https://bugzilla.suse.com/979064
https://bugzilla.suse.com/979074
https://bugzilla.suse.com/979078
https://bugzilla.suse.com/980856
https://bugzilla.suse.com/980883
https://bugzilla.suse.com/983144
https://bugzilla.suse.com/984764
https://www.suse.com/security/cve/CVE-2013-7446.html
https://www.suse.com/security/cve/CVE-2015-8019.html
https://www.suse.com/security/cve/CVE-2015-8816.html
https://www.suse.com/security/cve/CVE-2016-0758.html
https://www.suse.com/security/cve/CVE-2016-1583.html
https://www.suse.com/security/cve/CVE-2016-2053.html
https://www.suse.com/security/cve/CVE-2016-3134.html
https://www.suse.com/security/cve/CVE-2016-4470.html
https://www.suse.com/security/cve/CVE-2016-4565.html
http://www.nessus.org/u?8e75fd59

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server for SAP 12:zypper in -t patch
SUSE-SLE-SAP-12-2016-1176=1

SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-2016-1176=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.0
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 93277 ()

Bugtraq ID:

CVE ID: CVE-2013-7446
CVE-2015-8019
CVE-2015-8816
CVE-2016-0758
CVE-2016-1583
CVE-2016-2053
CVE-2016-3134
CVE-2016-4470
CVE-2016-4565

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now