SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0437-1) (Spectre)

High Nessus Plugin ID 106815

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed :

- CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka 'retpolines'.

- CVE-2017-18079: drivers/input/serio/i8042.c allowed attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated (bnc#1077922)

- CVE-2015-1142857: Prevent guests from sending ethernet flow control pause frames via the PF (bnc#1077355)

- CVE-2017-17741: KVM allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read (bnc#1073311)

- CVE-2017-13215: Prevent elevation of privilege (bnc#1075908)

- CVE-2018-1000004: Prevent race condition in the sound system, this could have lead a deadlock and denial of service condition (bnc#1076017)

- CVE-2017-17806: The HMAC implementation did not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack-based buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization (bnc#1073874)

- CVE-2017-17805: The Salsa20 encryption algorithm did not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable (bnc#1073792)

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch SUSE-SLE-SERVER-12-2018-301=1

SUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-301=1

To bring your system up-to-date, use 'zypper patch'.

See Also

https://bugzilla.suse.com/show_bug.cgi?id=1012382

https://bugzilla.suse.com/show_bug.cgi?id=1047626

https://bugzilla.suse.com/show_bug.cgi?id=1068032

https://bugzilla.suse.com/show_bug.cgi?id=1070623

https://bugzilla.suse.com/show_bug.cgi?id=1073311

https://bugzilla.suse.com/show_bug.cgi?id=1073792

https://bugzilla.suse.com/show_bug.cgi?id=1073874

https://bugzilla.suse.com/show_bug.cgi?id=1075091

https://bugzilla.suse.com/show_bug.cgi?id=1075908

https://bugzilla.suse.com/show_bug.cgi?id=1075994

https://bugzilla.suse.com/show_bug.cgi?id=1076017

https://bugzilla.suse.com/show_bug.cgi?id=1076110

https://bugzilla.suse.com/show_bug.cgi?id=1076154

https://bugzilla.suse.com/show_bug.cgi?id=1076278

https://bugzilla.suse.com/show_bug.cgi?id=1077355

https://bugzilla.suse.com/show_bug.cgi?id=1077560

https://bugzilla.suse.com/show_bug.cgi?id=1077922

https://bugzilla.suse.com/show_bug.cgi?id=893777

https://bugzilla.suse.com/show_bug.cgi?id=893949

https://bugzilla.suse.com/show_bug.cgi?id=902893

https://bugzilla.suse.com/show_bug.cgi?id=951638

https://www.suse.com/security/cve/CVE-2015-1142857/

https://www.suse.com/security/cve/CVE-2017-13215/

https://www.suse.com/security/cve/CVE-2017-17741/

https://www.suse.com/security/cve/CVE-2017-17805/

https://www.suse.com/security/cve/CVE-2017-17806/

https://www.suse.com/security/cve/CVE-2017-18079/

https://www.suse.com/security/cve/CVE-2017-5715/

https://www.suse.com/security/cve/CVE-2018-1000004/

http://www.nessus.org/u?09339c08

Plugin Details

Severity: High

ID: 106815

File Name: suse_SU-2018-0437-1.nasl

Version: 3.5

Type: local

Agent: unix

Published: 2018/02/14

Modified: 2018/12/01

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 8.6

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debugsource, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-xen, p-cpe:/a:novell:suse_linux:kernel-xen-base, p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo, p-cpe:/a:novell:suse_linux:kernel-xen-debugsource, p-cpe:/a:novell:suse_linux:kernel-xen-devel, p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_119-default, p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_119-xen, cpe:/o:novell:suse_linux:12

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2018/02/13

Reference Information

CVE: CVE-2015-1142857, CVE-2017-13215, CVE-2017-17741, CVE-2017-17805, CVE-2017-17806, CVE-2017-18079, CVE-2017-5715, CVE-2018-1000004

IAVA: 2018-A-0020