This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
The remote openSUSE host is missing a security update.
The openSUSE 13.1 kernel was updated to receive various critical
The following security bugs were fixed :
- CVE-2016-8655: A race condition in the af_packet
packet_set_ring function could be used by local
attackers to crash the kernel or gain privileges
- CVE-2016-8632: The tipc_msg_build function in
net/tipc/msg.c in the Linux kernel did not validate the
relationship between the minimum fragment length and the
maximum packet size, which allowed local users to gain
privileges or cause a denial of service (heap-based
buffer overflow) by leveraging the CAP_NET_ADMIN
- CVE-2016-9555: The sctp_sf_ootb function in
net/sctp/sm_statefuns.c in the Linux kernel lacks
chunk-length checking for the first chunk, which allowed
remote attackers to cause a denial of service
(out-of-bounds slab access) or possibly have unspecified
other impact via crafted SCTP data (bnc#1011685).
See also :
Update the affected the Linux Kernel packages.
Risk factor :
Critical / CVSS Base Score : 10.0
Public Exploit Available : true