openSUSE Security Update : the Linux Kernel (openSUSE-2017-286)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

The openSUSE Leap 42.2 kernel was updated to 4.4.49 to receive various
security and bugfixes.

The following security bugs were fixed :

- CVE-2017-5986: A userlevel triggerable BUG_ON on
sctp_wait_for_sndbuf was fixed. (bsc#1025235)

- CVE-2017-5970: The ipv4_pktinfo_prepare function in
net/ipv4/ip_sockglue.c in the Linux kernel allowed
attackers to cause a denial of service (system crash)
via (1) an application that made crafted system calls or
possibly (2) IPv4 traffic with invalid IP options
(bnc#1024938).

- CVE-2017-5897: A potential remote denial of service
within the IPv6 GRE protocol was fixed. (bsc#1023762)

- CVE-2017-6074: The dccp_rcv_state_process function in
net/dccp/input.c in the Linux kernel mishandled
DCCP_PKT_REQUEST packet data structures in the LISTEN
state, which allowed local users to cause a denial of
service (invalid free) or possibly have unspecified
other impact via an application that makes an
IPV6_RECVPKTINFO setsockopt system call. (bsc#1026024).

The following non-security bugs were fixed :

- btrfs: fix btrfs_compat_ioctl failures on non-compat
ioctls (bsc#1018100).

- iwlwifi: Expose the default fallback ucode API to module
info (boo#1021082, boo#1023884).

- kabi: protect struct tcp_fastopen_cookie (kabi).

- md: ensure md devices are freed before module is
unloaded (bsc#1022304).

- md: Fix a regression reported by bsc#1020048 in
patches.fixes/0003-md-lockless-I-O-submission-for-RAID1.
patch (bsc#982783,bsc#998106,bsc#1020048).

- net: ethtool: Initialize buffer when querying device
channel settings (bsc#969479 FATE#320634).

- net: implement netif_cond_dbg macro (bsc#1019168).

- sfc: reduce severity of PIO buffer alloc failures
(bsc#1019168).

- sfc: refactor debug-or-warnings printks (bsc#1019168).

- xfs_dmapi: fix the debug compilation of xfs_dmapi
(bsc#989056).

- xfs: do not allow di_size with high bit set
(bsc#1024234).

- xfs: exclude never-released buffers from buftarg I/O
accounting (bsc#1024508).

- xfs: fix broken multi-fsb buffer logging (bsc#1024081).

- xfs: fix buffer overflow
dm_get_dirattrs/dm_get_dirattrs2 (bsc#989056).

- xfs: fix up xfs_swap_extent_forks inline extent handling
(bsc#1023888).

- xfs: track and serialize in-flight async buffers against
unmount (bsc#1024508).

- xfs: track and serialize in-flight async buffers against
unmount - kABI (bsc#1024508).

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1012382
https://bugzilla.opensuse.org/show_bug.cgi?id=1018100
https://bugzilla.opensuse.org/show_bug.cgi?id=1019168
https://bugzilla.opensuse.org/show_bug.cgi?id=1020048
https://bugzilla.opensuse.org/show_bug.cgi?id=1021082
https://bugzilla.opensuse.org/show_bug.cgi?id=1022181
https://bugzilla.opensuse.org/show_bug.cgi?id=1022304
https://bugzilla.opensuse.org/show_bug.cgi?id=1023762
https://bugzilla.opensuse.org/show_bug.cgi?id=1023884
https://bugzilla.opensuse.org/show_bug.cgi?id=1023888
https://bugzilla.opensuse.org/show_bug.cgi?id=1024081
https://bugzilla.opensuse.org/show_bug.cgi?id=1024234
https://bugzilla.opensuse.org/show_bug.cgi?id=1024508
https://bugzilla.opensuse.org/show_bug.cgi?id=1024938
https://bugzilla.opensuse.org/show_bug.cgi?id=1025235
https://bugzilla.opensuse.org/show_bug.cgi?id=1026024
https://bugzilla.opensuse.org/show_bug.cgi?id=969479
https://bugzilla.opensuse.org/show_bug.cgi?id=982783
https://bugzilla.opensuse.org/show_bug.cgi?id=989056
https://bugzilla.opensuse.org/show_bug.cgi?id=998106

Solution :

Update the affected the Linux Kernel packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 97366 ()

Bugtraq ID:

CVE ID: CVE-2017-5897
CVE-2017-5970
CVE-2017-5986
CVE-2017-6074

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now