SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:3398-1)

high Nessus Plugin ID 105460

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.103 to receive various security and bugfixes. The following security bugs were fixed :

- CVE-2017-1000410: The Linux kernel was affected by an information lea that lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. (bnc#1070535).

- CVE-2017-11600: net/xfrm/xfrm_policy.c in the Linux kernel did not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allowed local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message (bnc#1050231).

- CVE-2017-12193: The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel mishandled node splitting, which allowed local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations (bnc#1066192).

- CVE-2017-15115: The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel did not check whether the intended netns is used in a peel-off action, which allowed local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls (bnc#1068671).

- CVE-2017-16528: sound/core/seq_device.c in the Linux kernel allowed local users to cause a denial of service (snd_rawmidi_dev_seq_free use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066629).

- CVE-2017-16536: The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066606).

- CVE-2017-16537: The imon_probe function in drivers/media/rc/imon.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066573).

- CVE-2017-16645: The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel allowed local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067132).

- CVE-2017-16646:
drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel allowed local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067105).

- CVE-2017-16994: The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel mishandled holes in hugetlb ranges, which allowed local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call (bnc#1069996).

- CVE-2017-17448: net/netfilter/nfnetlink_cthelper.c in the Linux kernel did not require the CAP_NET_ADMIN capability for new, get, and del operations, which allowed local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces (bnc#1071693).

- CVE-2017-17449: The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel did not restrict observations of Netlink messages to a single net namespace, which allowed local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system (bnc#1071694).

- CVE-2017-17450: net/netfilter/xt_osf.c in the Linux kernel did not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allowed local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces (bnc#1071695).

- CVE-2017-7482: Fixed an overflow when decoding a krb5 principal. (bnc#1046107).

- CVE-2017-8824: The dccp_disconnect function in net/dccp/proto.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state (bnc#1070771).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch SUSE-SLE-WE-12-SP3-2017-2129=1

SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-2129=1

SUSE Linux Enterprise Server 12-SP3:zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-2129=1

SUSE Linux Enterprise Live Patching 12-SP3:zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2017-2129=1

SUSE Linux Enterprise High Availability 12-SP3:zypper in -t patch SUSE-SLE-HA-12-SP3-2017-2129=1

SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-2129=1

SUSE Container as a Service Platform ALL:zypper in -t patch SUSE-CAASP-ALL-2017-2129=1

To bring your system up-to-date, use 'zypper patch'.

See Also

https://bugzilla.suse.com/show_bug.cgi?id=1010201

https://bugzilla.suse.com/show_bug.cgi?id=1012382

https://bugzilla.suse.com/show_bug.cgi?id=1012523

https://bugzilla.suse.com/show_bug.cgi?id=1015336

https://bugzilla.suse.com/show_bug.cgi?id=1015337

https://bugzilla.suse.com/show_bug.cgi?id=1015340

https://bugzilla.suse.com/show_bug.cgi?id=1015342

https://bugzilla.suse.com/show_bug.cgi?id=1015343

https://bugzilla.suse.com/show_bug.cgi?id=1019675

https://bugzilla.suse.com/show_bug.cgi?id=1020412

https://bugzilla.suse.com/show_bug.cgi?id=1020645

https://bugzilla.suse.com/show_bug.cgi?id=1022595

https://bugzilla.suse.com/show_bug.cgi?id=1022607

https://bugzilla.suse.com/show_bug.cgi?id=1024346

https://bugzilla.suse.com/show_bug.cgi?id=1024373

https://bugzilla.suse.com/show_bug.cgi?id=1024376

https://bugzilla.suse.com/show_bug.cgi?id=1024412

https://bugzilla.suse.com/show_bug.cgi?id=1031717

https://bugzilla.suse.com/show_bug.cgi?id=1032150

https://bugzilla.suse.com/show_bug.cgi?id=1036489

https://bugzilla.suse.com/show_bug.cgi?id=1036800

https://bugzilla.suse.com/show_bug.cgi?id=1037404

https://bugzilla.suse.com/show_bug.cgi?id=1037838

https://bugzilla.suse.com/show_bug.cgi?id=1038299

https://bugzilla.suse.com/show_bug.cgi?id=1039542

https://bugzilla.suse.com/show_bug.cgi?id=1040073

https://bugzilla.suse.com/show_bug.cgi?id=1041873

https://bugzilla.suse.com/show_bug.cgi?id=1042268

https://bugzilla.suse.com/show_bug.cgi?id=1058413

https://bugzilla.suse.com/show_bug.cgi?id=1059639

https://bugzilla.suse.com/show_bug.cgi?id=1060333

https://bugzilla.suse.com/show_bug.cgi?id=1061756

https://bugzilla.suse.com/show_bug.cgi?id=1062496

https://bugzilla.suse.com/show_bug.cgi?id=1062835

https://bugzilla.suse.com/show_bug.cgi?id=1062941

https://bugzilla.suse.com/show_bug.cgi?id=1063026

https://bugzilla.suse.com/show_bug.cgi?id=1064591

https://bugzilla.suse.com/show_bug.cgi?id=1064597

https://bugzilla.suse.com/show_bug.cgi?id=1064606

https://bugzilla.suse.com/show_bug.cgi?id=1064701

https://bugzilla.suse.com/show_bug.cgi?id=1064926

https://bugzilla.suse.com/show_bug.cgi?id=1065101

https://bugzilla.suse.com/show_bug.cgi?id=1065180

https://bugzilla.suse.com/show_bug.cgi?id=1065600

https://bugzilla.suse.com/show_bug.cgi?id=1065639

https://bugzilla.suse.com/show_bug.cgi?id=1065692

https://bugzilla.suse.com/show_bug.cgi?id=1065717

https://bugzilla.suse.com/show_bug.cgi?id=1065866

https://bugzilla.suse.com/show_bug.cgi?id=1065959

https://bugzilla.suse.com/show_bug.cgi?id=1066045

https://bugzilla.suse.com/show_bug.cgi?id=1066175

https://bugzilla.suse.com/show_bug.cgi?id=1066192

https://bugzilla.suse.com/show_bug.cgi?id=1066213

https://bugzilla.suse.com/show_bug.cgi?id=1066223

https://bugzilla.suse.com/show_bug.cgi?id=1066285

https://bugzilla.suse.com/show_bug.cgi?id=1066382

https://bugzilla.suse.com/show_bug.cgi?id=1066470

https://bugzilla.suse.com/show_bug.cgi?id=1066471

https://bugzilla.suse.com/show_bug.cgi?id=1066472

https://bugzilla.suse.com/show_bug.cgi?id=1066573

https://bugzilla.suse.com/show_bug.cgi?id=1066606

https://bugzilla.suse.com/show_bug.cgi?id=1066629

https://bugzilla.suse.com/show_bug.cgi?id=1066660

https://bugzilla.suse.com/show_bug.cgi?id=1066696

https://bugzilla.suse.com/show_bug.cgi?id=1066767

https://bugzilla.suse.com/show_bug.cgi?id=1068978

https://bugzilla.suse.com/show_bug.cgi?id=1068980

https://bugzilla.suse.com/show_bug.cgi?id=1068982

https://bugzilla.suse.com/show_bug.cgi?id=1069152

https://bugzilla.suse.com/show_bug.cgi?id=1069250

https://bugzilla.suse.com/show_bug.cgi?id=1069270

https://bugzilla.suse.com/show_bug.cgi?id=1069277

https://bugzilla.suse.com/show_bug.cgi?id=1069484

https://bugzilla.suse.com/show_bug.cgi?id=1069583

https://bugzilla.suse.com/show_bug.cgi?id=1069721

https://bugzilla.suse.com/show_bug.cgi?id=1069793

https://bugzilla.suse.com/show_bug.cgi?id=1069879

https://bugzilla.suse.com/show_bug.cgi?id=1069916

https://bugzilla.suse.com/show_bug.cgi?id=1069942

https://bugzilla.suse.com/show_bug.cgi?id=1069996

https://bugzilla.suse.com/show_bug.cgi?id=1070001

https://bugzilla.suse.com/show_bug.cgi?id=1070006

https://www.suse.com/security/cve/CVE-2017-15115/

https://www.suse.com/security/cve/CVE-2017-16528/

https://www.suse.com/security/cve/CVE-2017-16536/

https://www.suse.com/security/cve/CVE-2017-16537/

https://www.suse.com/security/cve/CVE-2017-16645/

https://www.suse.com/security/cve/CVE-2017-16646/

https://www.suse.com/security/cve/CVE-2017-16994/

https://www.suse.com/security/cve/CVE-2017-17448/

https://www.suse.com/security/cve/CVE-2017-17449/

https://www.suse.com/security/cve/CVE-2017-17450/

https://www.suse.com/security/cve/CVE-2017-7482/

https://www.suse.com/security/cve/CVE-2017-8824/

http://www.nessus.org/u?02380b93

https://bugzilla.suse.com/show_bug.cgi?id=1042957

https://bugzilla.suse.com/show_bug.cgi?id=1042977

https://bugzilla.suse.com/show_bug.cgi?id=1042978

https://bugzilla.suse.com/show_bug.cgi?id=1043017

https://bugzilla.suse.com/show_bug.cgi?id=1045404

https://bugzilla.suse.com/show_bug.cgi?id=1046054

https://bugzilla.suse.com/show_bug.cgi?id=1046107

https://bugzilla.suse.com/show_bug.cgi?id=1047901

https://bugzilla.suse.com/show_bug.cgi?id=1047989

https://bugzilla.suse.com/show_bug.cgi?id=1048317

https://bugzilla.suse.com/show_bug.cgi?id=1048327

https://bugzilla.suse.com/show_bug.cgi?id=1048356

https://bugzilla.suse.com/show_bug.cgi?id=1050060

https://bugzilla.suse.com/show_bug.cgi?id=1050231

https://bugzilla.suse.com/show_bug.cgi?id=1051406

https://bugzilla.suse.com/show_bug.cgi?id=1051635

https://bugzilla.suse.com/show_bug.cgi?id=1051987

https://bugzilla.suse.com/show_bug.cgi?id=1052384

https://bugzilla.suse.com/show_bug.cgi?id=1053309

https://bugzilla.suse.com/show_bug.cgi?id=1053919

https://bugzilla.suse.com/show_bug.cgi?id=1055272

https://bugzilla.suse.com/show_bug.cgi?id=1056003

https://bugzilla.suse.com/show_bug.cgi?id=1056365

https://bugzilla.suse.com/show_bug.cgi?id=1056427

https://bugzilla.suse.com/show_bug.cgi?id=1056587

https://bugzilla.suse.com/show_bug.cgi?id=1056596

https://bugzilla.suse.com/show_bug.cgi?id=1056652

https://bugzilla.suse.com/show_bug.cgi?id=1056979

https://bugzilla.suse.com/show_bug.cgi?id=1057079

https://bugzilla.suse.com/show_bug.cgi?id=1057199

https://bugzilla.suse.com/show_bug.cgi?id=1057820

https://bugzilla.suse.com/show_bug.cgi?id=1063349

https://bugzilla.suse.com/show_bug.cgi?id=1063516

https://bugzilla.suse.com/show_bug.cgi?id=1064206

https://bugzilla.suse.com/show_bug.cgi?id=1064320

https://bugzilla.suse.com/show_bug.cgi?id=1066812

https://bugzilla.suse.com/show_bug.cgi?id=1066974

https://bugzilla.suse.com/show_bug.cgi?id=1067105

https://bugzilla.suse.com/show_bug.cgi?id=1067132

https://bugzilla.suse.com/show_bug.cgi?id=1067225

https://bugzilla.suse.com/show_bug.cgi?id=1067494

https://bugzilla.suse.com/show_bug.cgi?id=1067734

https://bugzilla.suse.com/show_bug.cgi?id=1067735

https://bugzilla.suse.com/show_bug.cgi?id=1067888

https://bugzilla.suse.com/show_bug.cgi?id=1067906

https://bugzilla.suse.com/show_bug.cgi?id=1068671

https://bugzilla.suse.com/show_bug.cgi?id=1070145

https://bugzilla.suse.com/show_bug.cgi?id=1070169

https://bugzilla.suse.com/show_bug.cgi?id=1070404

https://bugzilla.suse.com/show_bug.cgi?id=1070535

https://bugzilla.suse.com/show_bug.cgi?id=1070767

https://bugzilla.suse.com/show_bug.cgi?id=1070771

https://bugzilla.suse.com/show_bug.cgi?id=1070805

https://bugzilla.suse.com/show_bug.cgi?id=1070825

https://bugzilla.suse.com/show_bug.cgi?id=1070964

https://bugzilla.suse.com/show_bug.cgi?id=1071693

https://bugzilla.suse.com/show_bug.cgi?id=1071694

https://bugzilla.suse.com/show_bug.cgi?id=1071695

https://bugzilla.suse.com/show_bug.cgi?id=1071833

https://bugzilla.suse.com/show_bug.cgi?id=1072589

https://bugzilla.suse.com/show_bug.cgi?id=744692

https://bugzilla.suse.com/show_bug.cgi?id=789311

https://bugzilla.suse.com/show_bug.cgi?id=964944

https://bugzilla.suse.com/show_bug.cgi?id=966170

https://bugzilla.suse.com/show_bug.cgi?id=966172

https://bugzilla.suse.com/show_bug.cgi?id=969470

https://bugzilla.suse.com/show_bug.cgi?id=979928

https://bugzilla.suse.com/show_bug.cgi?id=989261

https://bugzilla.suse.com/show_bug.cgi?id=996376

https://www.suse.com/security/cve/CVE-2017-1000410/

https://www.suse.com/security/cve/CVE-2017-11600/

https://www.suse.com/security/cve/CVE-2017-12193/

Plugin Details

Severity: High

ID: 105460

File Name: suse_SU-2017-3398-1.nasl

Version: 3.6

Type: local

Agent: unix

Published: 12/26/2017

Updated: 1/6/2021

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debugsource, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-extra, p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-syms, cpe:/o:novell:suse_linux:12

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/21/2017

Vulnerability Publication Date: 7/24/2017

Reference Information

CVE: CVE-2017-1000410, CVE-2017-11600, CVE-2017-12193, CVE-2017-15115, CVE-2017-16528, CVE-2017-16536, CVE-2017-16537, CVE-2017-16645, CVE-2017-16646, CVE-2017-16994, CVE-2017-17448, CVE-2017-17449, CVE-2017-17450, CVE-2017-7482, CVE-2017-8824