SUSE SLES11 Security Update : kernel (SUSE-SU-2016:2018-1)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote SUSE host is missing one or more security updates.

Description :

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various
security and bugfixes. The following security bugs were fixed :

- CVE-2016-5829: Multiple heap-based buffer overflows in
the hiddev_ioctl_usage function in
drivers/hid/usbhid/hiddev.c in the Linux kernel allowed
local users to cause a denial of service or possibly
have unspecified other impact via a crafted (1)
HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call
(bnc#986572).

- CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt
implementation in the netfilter subsystem in the Linux
kernel allowed local users to gain privileges or cause a
denial of service (memory corruption) by leveraging
in-container root access to provide a crafted offset
value that triggers an unintended decrement
(bnc#986362).

- CVE-2016-4470: The key_reject_and_link function in
security/keys/key.c in the Linux kernel did not ensure
that a certain data structure is initialized, which
allowed local users to cause a denial of service (system
crash) via vectors involving a crafted keyctl request2
command (bnc#984755). The following non-security bugs
were fixed :

- RDMA/cxgb4: Configure 0B MRs to match HW implementation
(bsc#909589).

- RDMA/cxgb4: Do not hang threads forever waiting on WR
replies (bsc#909589).

- RDMA/cxgb4: Fix locking issue in process_mpa_request
(bsc#909589).

- RDMA/cxgb4: Handle NET_XMIT return codes (bsc#909589).

- RDMA/cxgb4: Increase epd buff size for debug interface
(bsc#909589).

- RDMA/cxgb4: Limit MRs to less than 8GB for T4/T5 devices
(bsc#909589).

- RDMA/cxgb4: Serialize CQ event upcalls with CQ
destruction (bsc#909589).

- RDMA/cxgb4: Wake up waiters after flushing the qp
(bsc#909589).

- bridge: superfluous skb->nfct check in
br_nf_dev_queue_xmit (bsc#982544).

- iucv: call skb_linearize() when needed (bnc#979915,
LTC#141240).

- kabi: prevent spurious modversion changes after
bsc#982544 fix (bsc#982544).

- mm/swap.c: flush lru pvecs on compound page arrival
(bnc#983721).

- mm: Fix DIF failures on ext3 filesystems (bsc#971030).

- net/qlge: Avoids recursive EEH error (bsc#954847).

- netfilter: bridge: Use __in6_dev_get rather than
in6_dev_get in br_validate_ipv6 (bsc#982544).

- netfilter: bridge: do not leak skb in error paths
(bsc#982544).

- netfilter: bridge: forward IPv6 fragmented packets
(bsc#982544).

- qeth: delete napi struct when removing a qeth device
(bnc#979915, LTC#143590).

- s390/mm: fix asce_bits handling with dynamic pagetable
levels (bnc#979915, LTC#141456).

- s390/pci: fix use after free in dma_init (bnc#979915,
LTC#141626).

- s390: fix test_fp_ctl inline assembly contraints
(bnc#979915, LTC#143138).

- sched/cputime: Fix clock_nanosleep()/clock_gettime()
inconsistency (bnc#988498).

- sched/cputime: Fix cpu_timer_sample_group() double
accounting (bnc#988498).

- sched: Provide update_curr callbacks for stop/idle
scheduling classes (bnc#988498).

- x86/mm/pat, /dev/mem: Remove superfluous error message
(bsc#974620).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/909589
https://bugzilla.suse.com/954847
https://bugzilla.suse.com/971030
https://bugzilla.suse.com/974620
https://bugzilla.suse.com/979915
https://bugzilla.suse.com/982544
https://bugzilla.suse.com/983721
https://bugzilla.suse.com/984755
https://bugzilla.suse.com/986362
https://bugzilla.suse.com/986572
https://bugzilla.suse.com/988498
https://www.suse.com/security/cve/CVE-2016-4470.html
https://www.suse.com/security/cve/CVE-2016-4997.html
https://www.suse.com/security/cve/CVE-2016-5829.html
http://www.nessus.org/u?e3a87dfc

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t
patch sdksp4-kernel-12685=1

SUSE Linux Enterprise Server 11-SP4:zypper in -t patch
slessp4-kernel-12685=1

SUSE Linux Enterprise Server 11-EXTRA:zypper in -t patch
slexsp3-kernel-12685=1

SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch
dbgsp4-kernel-12685=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.0
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 93284 ()

Bugtraq ID:

CVE ID: CVE-2016-4470
CVE-2016-4997
CVE-2016-5829

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now