SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:1853-1) (Stack Clash)

High Nessus Plugin ID 101762

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.74 to receive various security and bugfixes. The following security bugs were fixed :

- CVE-2017-1000365: The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the argument and environment pointers into account, which allowed attackers to bypass this limitation. (bnc#1039354).

- CVE-2017-1000380: sound/core/timer.c in the Linux kernel is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time (bnc#1044125).

- CVE-2017-7346: The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate certain levels data, which allowed local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031796).

- CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bnc#1041431).

- CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885).

- CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1040069).

- CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039883).

- CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel did not consider that the nexthdr field may be associated with an invalid option, which allowed local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls (bnc#1039882).

- CVE-2017-8924: The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow.
(bsc#1038982)

- CVE-2017-8925: The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel allowed local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling.
(bsc#1038981)

- CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel mishandled reference counts, which allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface (bnc#1038879).

- CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bnc#1038544).

- CVE-2017-9150: The do_check function in kernel/bpf/verifier.c in the Linux kernel did not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allowed local users to obtain sensitive address information via crafted bpf system calls (bnc#1040279).

- CVE-2017-7618: crypto/ahash.c in the Linux kernel allowed attackers to cause a denial of service (API operation calling its own callback, and infinite recursion) by triggering EBUSY on a full queue (bnc#1033340).

- CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel allowed local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation (bnc#1033336).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch SUSE-SLE-WE-12-SP2-2017-1146=1

SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1146=1

SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1146=1

SUSE Linux Enterprise Server 12-SP2:zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1146=1

SUSE Linux Enterprise Live Patching 12:zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1146=1

SUSE Linux Enterprise High Availability 12-SP2:zypper in -t patch SUSE-SLE-HA-12-SP2-2017-1146=1

SUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1146=1

OpenStack Cloud Magnum Orchestration 7:zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1146=1

To bring your system up-to-date, use 'zypper patch'.

See Also

https://bugzilla.suse.com/show_bug.cgi?id=1003581

https://bugzilla.suse.com/show_bug.cgi?id=1004003

https://bugzilla.suse.com/show_bug.cgi?id=1011044

https://bugzilla.suse.com/show_bug.cgi?id=1012060

https://bugzilla.suse.com/show_bug.cgi?id=1012382

https://bugzilla.suse.com/show_bug.cgi?id=1012422

https://bugzilla.suse.com/show_bug.cgi?id=1012452

https://bugzilla.suse.com/show_bug.cgi?id=1012829

https://bugzilla.suse.com/show_bug.cgi?id=1012910

https://bugzilla.suse.com/show_bug.cgi?id=1012985

https://bugzilla.suse.com/show_bug.cgi?id=1013561

https://bugzilla.suse.com/show_bug.cgi?id=1013887

https://bugzilla.suse.com/show_bug.cgi?id=1015342

https://bugzilla.suse.com/show_bug.cgi?id=1015452

https://bugzilla.suse.com/show_bug.cgi?id=1017461

https://bugzilla.suse.com/show_bug.cgi?id=1018885

https://bugzilla.suse.com/show_bug.cgi?id=1020412

https://bugzilla.suse.com/show_bug.cgi?id=1021424

https://bugzilla.suse.com/show_bug.cgi?id=1022266

https://bugzilla.suse.com/show_bug.cgi?id=1022595

https://bugzilla.suse.com/show_bug.cgi?id=1023287

https://bugzilla.suse.com/show_bug.cgi?id=1025461

https://bugzilla.suse.com/show_bug.cgi?id=1026570

https://bugzilla.suse.com/show_bug.cgi?id=1027101

https://bugzilla.suse.com/show_bug.cgi?id=1027512

https://bugzilla.suse.com/show_bug.cgi?id=1027974

https://bugzilla.suse.com/show_bug.cgi?id=1028217

https://bugzilla.suse.com/show_bug.cgi?id=1028310

https://bugzilla.suse.com/show_bug.cgi?id=1028340

https://bugzilla.suse.com/show_bug.cgi?id=1028883

https://bugzilla.suse.com/show_bug.cgi?id=1029607

https://bugzilla.suse.com/show_bug.cgi?id=1030057

https://bugzilla.suse.com/show_bug.cgi?id=1030070

https://bugzilla.suse.com/show_bug.cgi?id=1031040

https://bugzilla.suse.com/show_bug.cgi?id=1031142

https://bugzilla.suse.com/show_bug.cgi?id=1031147

https://bugzilla.suse.com/show_bug.cgi?id=1031470

https://bugzilla.suse.com/show_bug.cgi?id=1031500

https://bugzilla.suse.com/show_bug.cgi?id=1031512

https://bugzilla.suse.com/show_bug.cgi?id=1031555

https://bugzilla.suse.com/show_bug.cgi?id=1031717

https://bugzilla.suse.com/show_bug.cgi?id=1031796

https://bugzilla.suse.com/show_bug.cgi?id=1032141

https://bugzilla.suse.com/show_bug.cgi?id=1032339

https://bugzilla.suse.com/show_bug.cgi?id=1032345

https://bugzilla.suse.com/show_bug.cgi?id=1032400

https://bugzilla.suse.com/show_bug.cgi?id=1032581

https://bugzilla.suse.com/show_bug.cgi?id=1032803

https://bugzilla.suse.com/show_bug.cgi?id=1033117

https://bugzilla.suse.com/show_bug.cgi?id=1033281

https://bugzilla.suse.com/show_bug.cgi?id=1033336

https://bugzilla.suse.com/show_bug.cgi?id=1033340

https://bugzilla.suse.com/show_bug.cgi?id=1033885

https://bugzilla.suse.com/show_bug.cgi?id=1034048

https://bugzilla.suse.com/show_bug.cgi?id=1034419

https://bugzilla.suse.com/show_bug.cgi?id=1034635

https://bugzilla.suse.com/show_bug.cgi?id=1034670

https://bugzilla.suse.com/show_bug.cgi?id=1034671

https://bugzilla.suse.com/show_bug.cgi?id=1034762

https://bugzilla.suse.com/show_bug.cgi?id=1034902

https://bugzilla.suse.com/show_bug.cgi?id=1034995

https://bugzilla.suse.com/show_bug.cgi?id=1035024

https://bugzilla.suse.com/show_bug.cgi?id=1035866

https://bugzilla.suse.com/show_bug.cgi?id=1035887

https://bugzilla.suse.com/show_bug.cgi?id=1035920

https://bugzilla.suse.com/show_bug.cgi?id=1035922

https://bugzilla.suse.com/show_bug.cgi?id=1036214

https://bugzilla.suse.com/show_bug.cgi?id=1036638

https://bugzilla.suse.com/show_bug.cgi?id=1036752

https://bugzilla.suse.com/show_bug.cgi?id=1036763

https://bugzilla.suse.com/show_bug.cgi?id=1037177

https://bugzilla.suse.com/show_bug.cgi?id=1037186

https://bugzilla.suse.com/show_bug.cgi?id=1037384

https://bugzilla.suse.com/show_bug.cgi?id=1037483

https://bugzilla.suse.com/show_bug.cgi?id=1037669

https://bugzilla.suse.com/show_bug.cgi?id=1037840

https://bugzilla.suse.com/show_bug.cgi?id=1037871

https://bugzilla.suse.com/show_bug.cgi?id=1037969

https://bugzilla.suse.com/show_bug.cgi?id=1038033

https://bugzilla.suse.com/show_bug.cgi?id=1038043

https://bugzilla.suse.com/show_bug.cgi?id=1038085

https://bugzilla.suse.com/show_bug.cgi?id=1038142

https://bugzilla.suse.com/show_bug.cgi?id=1038143

https://bugzilla.suse.com/show_bug.cgi?id=1038297

https://bugzilla.suse.com/show_bug.cgi?id=1038458

https://bugzilla.suse.com/show_bug.cgi?id=1038544

https://bugzilla.suse.com/show_bug.cgi?id=1038842

https://bugzilla.suse.com/show_bug.cgi?id=1038843

https://bugzilla.suse.com/show_bug.cgi?id=1038846

https://bugzilla.suse.com/show_bug.cgi?id=1038847

https://bugzilla.suse.com/show_bug.cgi?id=1038848

https://bugzilla.suse.com/show_bug.cgi?id=1038879

https://bugzilla.suse.com/show_bug.cgi?id=1038981

https://bugzilla.suse.com/show_bug.cgi?id=1038982

https://bugzilla.suse.com/show_bug.cgi?id=1039214

https://bugzilla.suse.com/show_bug.cgi?id=1039348

https://bugzilla.suse.com/show_bug.cgi?id=1039354

https://bugzilla.suse.com/show_bug.cgi?id=1039700

https://bugzilla.suse.com/show_bug.cgi?id=1039864

https://bugzilla.suse.com/show_bug.cgi?id=1039882

https://bugzilla.suse.com/show_bug.cgi?id=1039883

https://bugzilla.suse.com/show_bug.cgi?id=1039885

https://bugzilla.suse.com/show_bug.cgi?id=1039900

https://bugzilla.suse.com/show_bug.cgi?id=1040069

https://bugzilla.suse.com/show_bug.cgi?id=1040125

https://bugzilla.suse.com/show_bug.cgi?id=1040182

https://bugzilla.suse.com/show_bug.cgi?id=1040279

https://bugzilla.suse.com/show_bug.cgi?id=1040351

https://bugzilla.suse.com/show_bug.cgi?id=1040364

https://bugzilla.suse.com/show_bug.cgi?id=1040395

https://bugzilla.suse.com/show_bug.cgi?id=1040425

https://bugzilla.suse.com/show_bug.cgi?id=1040463

https://bugzilla.suse.com/show_bug.cgi?id=1040567

https://bugzilla.suse.com/show_bug.cgi?id=1040609

https://bugzilla.suse.com/show_bug.cgi?id=1040855

https://bugzilla.suse.com/show_bug.cgi?id=1040929

https://bugzilla.suse.com/show_bug.cgi?id=1040941

https://bugzilla.suse.com/show_bug.cgi?id=1041087

https://bugzilla.suse.com/show_bug.cgi?id=1041160

https://bugzilla.suse.com/show_bug.cgi?id=1041168

https://bugzilla.suse.com/show_bug.cgi?id=1041242

https://bugzilla.suse.com/show_bug.cgi?id=1041431

https://bugzilla.suse.com/show_bug.cgi?id=1041810

https://bugzilla.suse.com/show_bug.cgi?id=1042286

https://bugzilla.suse.com/show_bug.cgi?id=1042356

https://bugzilla.suse.com/show_bug.cgi?id=1042421

https://bugzilla.suse.com/show_bug.cgi?id=1042517

https://bugzilla.suse.com/show_bug.cgi?id=1042535

https://bugzilla.suse.com/show_bug.cgi?id=1042536

https://bugzilla.suse.com/show_bug.cgi?id=1042863

https://bugzilla.suse.com/show_bug.cgi?id=1042886

https://bugzilla.suse.com/show_bug.cgi?id=1043014

https://bugzilla.suse.com/show_bug.cgi?id=1043231

https://bugzilla.suse.com/show_bug.cgi?id=1043236

https://bugzilla.suse.com/show_bug.cgi?id=1043347

https://bugzilla.suse.com/show_bug.cgi?id=1043371

https://bugzilla.suse.com/show_bug.cgi?id=1043467

https://bugzilla.suse.com/show_bug.cgi?id=1043488

https://bugzilla.suse.com/show_bug.cgi?id=1043598

https://bugzilla.suse.com/show_bug.cgi?id=1043912

https://bugzilla.suse.com/show_bug.cgi?id=1043935

https://bugzilla.suse.com/show_bug.cgi?id=1043990

https://bugzilla.suse.com/show_bug.cgi?id=1044015

https://bugzilla.suse.com/show_bug.cgi?id=1044082

https://bugzilla.suse.com/show_bug.cgi?id=1044120

https://bugzilla.suse.com/show_bug.cgi?id=1044125

https://bugzilla.suse.com/show_bug.cgi?id=1044532

https://bugzilla.suse.com/show_bug.cgi?id=1044767

https://bugzilla.suse.com/show_bug.cgi?id=1044772

https://bugzilla.suse.com/show_bug.cgi?id=1044854

https://bugzilla.suse.com/show_bug.cgi?id=1044880

https://bugzilla.suse.com/show_bug.cgi?id=1044912

https://bugzilla.suse.com/show_bug.cgi?id=1045154

https://bugzilla.suse.com/show_bug.cgi?id=1045235

https://bugzilla.suse.com/show_bug.cgi?id=1045286

https://bugzilla.suse.com/show_bug.cgi?id=1045307

https://bugzilla.suse.com/show_bug.cgi?id=1045467

https://bugzilla.suse.com/show_bug.cgi?id=1045568

https://bugzilla.suse.com/show_bug.cgi?id=1046105

https://bugzilla.suse.com/show_bug.cgi?id=1046434

https://bugzilla.suse.com/show_bug.cgi?id=1046589

https://bugzilla.suse.com/show_bug.cgi?id=799133

https://bugzilla.suse.com/show_bug.cgi?id=863764

https://bugzilla.suse.com/show_bug.cgi?id=922871

https://bugzilla.suse.com/show_bug.cgi?id=939801

https://bugzilla.suse.com/show_bug.cgi?id=966170

https://bugzilla.suse.com/show_bug.cgi?id=966172

https://bugzilla.suse.com/show_bug.cgi?id=966191

https://bugzilla.suse.com/show_bug.cgi?id=966321

https://bugzilla.suse.com/show_bug.cgi?id=966339

https://bugzilla.suse.com/show_bug.cgi?id=971975

https://bugzilla.suse.com/show_bug.cgi?id=988065

https://bugzilla.suse.com/show_bug.cgi?id=989311

https://bugzilla.suse.com/show_bug.cgi?id=990058

https://bugzilla.suse.com/show_bug.cgi?id=990682

https://bugzilla.suse.com/show_bug.cgi?id=993832

https://bugzilla.suse.com/show_bug.cgi?id=995542

https://www.suse.com/security/cve/CVE-2017-1000365/

https://www.suse.com/security/cve/CVE-2017-1000380/

https://www.suse.com/security/cve/CVE-2017-7346/

https://www.suse.com/security/cve/CVE-2017-7487/

https://www.suse.com/security/cve/CVE-2017-7616/

https://www.suse.com/security/cve/CVE-2017-7618/

https://www.suse.com/security/cve/CVE-2017-8890/

https://www.suse.com/security/cve/CVE-2017-8924/

https://www.suse.com/security/cve/CVE-2017-8925/

https://www.suse.com/security/cve/CVE-2017-9074/

https://www.suse.com/security/cve/CVE-2017-9075/

https://www.suse.com/security/cve/CVE-2017-9076/

https://www.suse.com/security/cve/CVE-2017-9077/

https://www.suse.com/security/cve/CVE-2017-9150/

https://www.suse.com/security/cve/CVE-2017-9242/

http://www.nessus.org/u?6e55dfeb

Plugin Details

Severity: High

ID: 101762

File Name: suse_SU-2017-1853-1.nasl

Version: 1.7

Type: local

Agent: unix

Published: 2017/07/17

Updated: 2018/11/30

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.8

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debugsource, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-extra, p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo, p-cpe:/a:novell:suse_linux:kernel-syms, cpe:/o:novell:suse_linux:12

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2017/07/13

Reference Information

CVE: CVE-2017-1000365, CVE-2017-1000380, CVE-2017-7346, CVE-2017-7487, CVE-2017-7616, CVE-2017-7618, CVE-2017-8890, CVE-2017-8924, CVE-2017-8925, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, CVE-2017-9150, CVE-2017-9242