SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0525-1) (Spectre)

High Nessus Plugin ID 106967

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed :

- CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka 'retpolines'.

- CVE-2017-18079: drivers/input/serio/i8042.c allowed attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated (bnc#1077922).

- CVE-2015-1142857: Prevent guests from sending ethernet flow control pause frames via the PF (bnc#1077355).

- CVE-2017-17741: KVM allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read (bnc#1073311).

- CVE-2017-13215: Prevent elevation of privilege (bnc#1075908).

- CVE-2018-1000004: Prevent race condition in the sound system, this could have lead a deadlock and denial of service condition (bnc#1076017).

- CVE-2017-17806: The HMAC implementation did not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack-based buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization (bnc#1073874).

- CVE-2017-17805: The Salsa20 encryption algorithm did not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable (bnc#1073792).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE OpenStack Cloud 6:zypper in -t patch SUSE-OpenStack-Cloud-6-2018-348=1

SUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-348=1

SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-348=1

SUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-348=1

To bring your system up-to-date, use 'zypper patch'.

See Also

https://bugzilla.suse.com/1012382

https://bugzilla.suse.com/1047118

https://bugzilla.suse.com/1047626

https://bugzilla.suse.com/1068032

https://bugzilla.suse.com/1070623

https://bugzilla.suse.com/1073246

https://bugzilla.suse.com/1073311

https://bugzilla.suse.com/1073792

https://bugzilla.suse.com/1073874

https://bugzilla.suse.com/1074709

https://bugzilla.suse.com/1075091

https://bugzilla.suse.com/1075411

https://bugzilla.suse.com/1075908

https://bugzilla.suse.com/1075994

https://bugzilla.suse.com/1076017

https://bugzilla.suse.com/1076110

https://bugzilla.suse.com/1076154

https://bugzilla.suse.com/1076278

https://bugzilla.suse.com/1077182

https://bugzilla.suse.com/1077355

https://bugzilla.suse.com/1077560

https://bugzilla.suse.com/1077922

https://bugzilla.suse.com/1081317

https://bugzilla.suse.com/893777

https://bugzilla.suse.com/893949

https://bugzilla.suse.com/902893

https://bugzilla.suse.com/951638

https://www.suse.com/security/cve/CVE-2015-1142857.html

https://www.suse.com/security/cve/CVE-2017-13215.html

https://www.suse.com/security/cve/CVE-2017-17741.html

https://www.suse.com/security/cve/CVE-2017-17805.html

https://www.suse.com/security/cve/CVE-2017-17806.html

https://www.suse.com/security/cve/CVE-2017-18079.html

https://www.suse.com/security/cve/CVE-2017-5715.html

https://www.suse.com/security/cve/CVE-2018-1000004.html

http://www.nessus.org/u?2fb082d3

Plugin Details

Severity: High

ID: 106967

File Name: suse_SU-2018-0525-1.nasl

Version: $Revision: 3.2 $

Type: local

Agent: unix

Published: 2018/02/23

Modified: 2018/02/26

Dependencies: 12634

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.2

Temporal Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:U/RC:ND

CVSSv3

Base Score: 8.6

Temporal Score: 8.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:F/RL:U/RC:X

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debugsource, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-xen, p-cpe:/a:novell:suse_linux:kernel-xen-base, p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo, p-cpe:/a:novell:suse_linux:kernel-xen-debugsource, p-cpe:/a:novell:suse_linux:kernel-xen-devel, p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_82-default, p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_82-xen, cpe:/o:novell:suse_linux:12

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2018/02/22

Reference Information

CVE: CVE-2015-1142857, CVE-2017-13215, CVE-2017-17741, CVE-2017-17805, CVE-2017-17806, CVE-2017-18079, CVE-2017-5715, CVE-2018-1000004

IAVA: 2018-A-0020