SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:3410-1)

High Nessus Plugin ID 105461

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.103 to receive various security and bugfixes. This update enables SMB encryption in the CIFS support in the Linux Kernel (fate#324404) The following security bugs were fixed :

- CVE-2017-1000410: The Linux kernel was affected by an information leak in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages.
(bnc#1070535).

- CVE-2017-11600: net/xfrm/xfrm_policy.c in the Linux kernel did not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allowed local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message (bnc#1050231).

- CVE-2017-12193: The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel mishandled node splitting, which allowed local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations (bnc#1066192).

- CVE-2017-15115: The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel did not check whether the intended netns is used in a peel-off action, which allowed local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls (bnc#1068671).

- CVE-2017-15265: Race condition in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c (bnc#1062520).

- CVE-2017-16528: sound/core/seq_device.c in the Linux kernel allowed local users to cause a denial of service (snd_rawmidi_dev_seq_free use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066629).

- CVE-2017-16536: The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066606).

- CVE-2017-16537: The imon_probe function in drivers/media/rc/imon.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066573).

- CVE-2017-16645: The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel allowed local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067132).

- CVE-2017-16646:
drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel allowed local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067105).

- CVE-2017-16994: The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel mishandled holes in hugetlb ranges, which allowed local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call (bnc#1069996).

- CVE-2017-17448: net/netfilter/nfnetlink_cthelper.c in the Linux kernel did not require the CAP_NET_ADMIN capability for new, get, and del operations, which allowed local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces (bnc#1071693).

- CVE-2017-17449: The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, did not restrict observations of Netlink messages to a single net namespace, which allowed local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system (bnc#1071694).

- CVE-2017-17450: net/netfilter/xt_osf.c in the Linux kernel did not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allowed local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces (bnc#1071695).

- CVE-2017-7482: Fixed an overflow when decoding a krb5 principal. (bnc#1046107).

- CVE-2017-8824: The dccp_disconnect function in net/dccp/proto.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state (bnc#1070771).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch SUSE-SLE-WE-12-SP2-2017-2141=1

SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-2141=1

SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-2141=1

SUSE Linux Enterprise Server 12-SP2:zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-2141=1

SUSE Linux Enterprise Live Patching 12:zypper in -t patch SUSE-SLE-Live-Patching-12-2017-2141=1

SUSE Linux Enterprise High Availability 12-SP2:zypper in -t patch SUSE-SLE-HA-12-SP2-2017-2141=1

SUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-2141=1

OpenStack Cloud Magnum Orchestration 7:zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-2141=1

To bring your system up-to-date, use 'zypper patch'.

See Also

https://bugzilla.suse.com/show_bug.cgi?id=1010201

https://bugzilla.suse.com/show_bug.cgi?id=1012382

https://bugzilla.suse.com/show_bug.cgi?id=1012829

https://bugzilla.suse.com/show_bug.cgi?id=1017461

https://bugzilla.suse.com/show_bug.cgi?id=1020645

https://bugzilla.suse.com/show_bug.cgi?id=1021424

https://bugzilla.suse.com/show_bug.cgi?id=1022595

https://bugzilla.suse.com/show_bug.cgi?id=1022600

https://bugzilla.suse.com/show_bug.cgi?id=1022914

https://bugzilla.suse.com/show_bug.cgi?id=1024412

https://bugzilla.suse.com/show_bug.cgi?id=1025461

https://bugzilla.suse.com/show_bug.cgi?id=1027301

https://bugzilla.suse.com/show_bug.cgi?id=1028971

https://bugzilla.suse.com/show_bug.cgi?id=1030061

https://bugzilla.suse.com/show_bug.cgi?id=1031717

https://bugzilla.suse.com/show_bug.cgi?id=1034048

https://bugzilla.suse.com/show_bug.cgi?id=1037890

https://bugzilla.suse.com/show_bug.cgi?id=1046107

https://bugzilla.suse.com/show_bug.cgi?id=1050060

https://bugzilla.suse.com/show_bug.cgi?id=1050231

https://bugzilla.suse.com/show_bug.cgi?id=1053919

https://bugzilla.suse.com/show_bug.cgi?id=1055567

https://bugzilla.suse.com/show_bug.cgi?id=1056003

https://bugzilla.suse.com/show_bug.cgi?id=1056365

https://bugzilla.suse.com/show_bug.cgi?id=1056427

https://bugzilla.suse.com/show_bug.cgi?id=1056979

https://bugzilla.suse.com/show_bug.cgi?id=1057199

https://bugzilla.suse.com/show_bug.cgi?id=1058135

https://bugzilla.suse.com/show_bug.cgi?id=1059863

https://bugzilla.suse.com/show_bug.cgi?id=1060333

https://bugzilla.suse.com/show_bug.cgi?id=1060682

https://bugzilla.suse.com/show_bug.cgi?id=1060985

https://bugzilla.suse.com/show_bug.cgi?id=1061451

https://bugzilla.suse.com/show_bug.cgi?id=1061756

https://bugzilla.suse.com/show_bug.cgi?id=1062520

https://bugzilla.suse.com/show_bug.cgi?id=1062941

https://bugzilla.suse.com/show_bug.cgi?id=1062962

https://bugzilla.suse.com/show_bug.cgi?id=1063026

https://bugzilla.suse.com/show_bug.cgi?id=1063460

https://bugzilla.suse.com/show_bug.cgi?id=1063475

https://bugzilla.suse.com/show_bug.cgi?id=1063501

https://bugzilla.suse.com/show_bug.cgi?id=1063509

https://bugzilla.suse.com/show_bug.cgi?id=1063516

https://bugzilla.suse.com/show_bug.cgi?id=1063520

https://bugzilla.suse.com/show_bug.cgi?id=1063695

https://bugzilla.suse.com/show_bug.cgi?id=1064206

https://bugzilla.suse.com/show_bug.cgi?id=1064701

https://bugzilla.suse.com/show_bug.cgi?id=1064926

https://bugzilla.suse.com/show_bug.cgi?id=1065180

https://bugzilla.suse.com/show_bug.cgi?id=1065600

https://bugzilla.suse.com/show_bug.cgi?id=1065639

https://bugzilla.suse.com/show_bug.cgi?id=1065692

https://bugzilla.suse.com/show_bug.cgi?id=1065717

https://bugzilla.suse.com/show_bug.cgi?id=1065866

https://bugzilla.suse.com/show_bug.cgi?id=1066045

https://bugzilla.suse.com/show_bug.cgi?id=1066192

https://bugzilla.suse.com/show_bug.cgi?id=1066213

https://bugzilla.suse.com/show_bug.cgi?id=1066223

https://bugzilla.suse.com/show_bug.cgi?id=1066285

https://bugzilla.suse.com/show_bug.cgi?id=1066382

https://bugzilla.suse.com/show_bug.cgi?id=1066470

https://bugzilla.suse.com/show_bug.cgi?id=1066471

https://bugzilla.suse.com/show_bug.cgi?id=1066472

https://bugzilla.suse.com/show_bug.cgi?id=1066573

https://bugzilla.suse.com/show_bug.cgi?id=1066606

https://bugzilla.suse.com/show_bug.cgi?id=1066629

https://bugzilla.suse.com/show_bug.cgi?id=1067105

https://bugzilla.suse.com/show_bug.cgi?id=1067132

https://bugzilla.suse.com/show_bug.cgi?id=1067494

https://bugzilla.suse.com/show_bug.cgi?id=1067888

https://bugzilla.suse.com/show_bug.cgi?id=1068671

https://bugzilla.suse.com/show_bug.cgi?id=1068978

https://bugzilla.suse.com/show_bug.cgi?id=1068980

https://bugzilla.suse.com/show_bug.cgi?id=1068982

https://bugzilla.suse.com/show_bug.cgi?id=1069270

https://bugzilla.suse.com/show_bug.cgi?id=1069793

https://bugzilla.suse.com/show_bug.cgi?id=1069942

https://bugzilla.suse.com/show_bug.cgi?id=1069996

https://bugzilla.suse.com/show_bug.cgi?id=1070006

https://bugzilla.suse.com/show_bug.cgi?id=1070145

https://bugzilla.suse.com/show_bug.cgi?id=1070535

https://bugzilla.suse.com/show_bug.cgi?id=1070767

https://bugzilla.suse.com/show_bug.cgi?id=1070771

https://bugzilla.suse.com/show_bug.cgi?id=1070805

https://bugzilla.suse.com/show_bug.cgi?id=1070825

https://bugzilla.suse.com/show_bug.cgi?id=1070964

https://bugzilla.suse.com/show_bug.cgi?id=1071231

https://bugzilla.suse.com/show_bug.cgi?id=1071693

https://bugzilla.suse.com/show_bug.cgi?id=1071694

https://bugzilla.suse.com/show_bug.cgi?id=1071695

https://bugzilla.suse.com/show_bug.cgi?id=1071833

https://bugzilla.suse.com/show_bug.cgi?id=963575

https://bugzilla.suse.com/show_bug.cgi?id=964944

https://bugzilla.suse.com/show_bug.cgi?id=966170

https://bugzilla.suse.com/show_bug.cgi?id=966172

https://bugzilla.suse.com/show_bug.cgi?id=966186

https://bugzilla.suse.com/show_bug.cgi?id=966191

https://bugzilla.suse.com/show_bug.cgi?id=966316

https://bugzilla.suse.com/show_bug.cgi?id=966318

https://bugzilla.suse.com/show_bug.cgi?id=969474

https://bugzilla.suse.com/show_bug.cgi?id=969475

https://bugzilla.suse.com/show_bug.cgi?id=969476

https://bugzilla.suse.com/show_bug.cgi?id=969477

https://bugzilla.suse.com/show_bug.cgi?id=971975

https://bugzilla.suse.com/show_bug.cgi?id=974590

https://bugzilla.suse.com/show_bug.cgi?id=979928

https://bugzilla.suse.com/show_bug.cgi?id=989261

https://bugzilla.suse.com/show_bug.cgi?id=996376

https://www.suse.com/security/cve/CVE-2017-1000410/

https://www.suse.com/security/cve/CVE-2017-11600/

https://www.suse.com/security/cve/CVE-2017-12193/

https://www.suse.com/security/cve/CVE-2017-15115/

https://www.suse.com/security/cve/CVE-2017-15265/

https://www.suse.com/security/cve/CVE-2017-16528/

https://www.suse.com/security/cve/CVE-2017-16536/

https://www.suse.com/security/cve/CVE-2017-16537/

https://www.suse.com/security/cve/CVE-2017-16645/

https://www.suse.com/security/cve/CVE-2017-16646/

https://www.suse.com/security/cve/CVE-2017-16994/

https://www.suse.com/security/cve/CVE-2017-17448/

https://www.suse.com/security/cve/CVE-2017-17449/

https://www.suse.com/security/cve/CVE-2017-17450/

https://www.suse.com/security/cve/CVE-2017-7482/

https://www.suse.com/security/cve/CVE-2017-8824/

http://www.nessus.org/u?3a4b7625

Plugin Details

Severity: High

ID: 105461

File Name: suse_SU-2017-3410-1.nasl

Version: 3.4

Type: local

Agent: unix

Published: 2017/12/26

Updated: 2018/11/30

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debugsource, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-extra, p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-syms, cpe:/o:novell:suse_linux:12

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2017/12/21

Reference Information

CVE: CVE-2017-1000410, CVE-2017-11600, CVE-2017-12193, CVE-2017-15115, CVE-2017-15265, CVE-2017-16528, CVE-2017-16536, CVE-2017-16537, CVE-2017-16645, CVE-2017-16646, CVE-2017-16994, CVE-2017-17448, CVE-2017-17449, CVE-2017-17450, CVE-2017-7482, CVE-2017-8824