SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:0785-1)

High Nessus Plugin ID 108648

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.120 to receive various security and bugfixes. The following security bugs were fixed :

- CVE-2017-13166: An elevation of privilege vulnerability in the v4l2 video driver was fixed. (bnc#1072865).

- CVE-2017-15951: The KEYS subsystem did not correctly synchronize the actions of updating versus finding a key in the 'negative' state to avoid a race condition, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls (bnc#1062840 bnc#1065615).

- CVE-2017-16644: The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c allowed local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067118).

- CVE-2017-16912: The 'get_pipe()' function (drivers/usb/usbip/stub_rx.c) allowed attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet (bnc#1078673).

- CVE-2017-16913: The 'stub_recv_cmd_submit()' function (drivers/usb/usbip/stub_rx.c) when handling CMD_SUBMIT packets allowed attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet (bnc#1078672).

- CVE-2017-17975: Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c allowed attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label's code attempts to both access and free this data structure (bnc#1074426).

- CVE-2017-18208: The madvise_willneed function in mm/madvise.c allowed local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping (bnc#1083494).

- CVE-2018-8087: Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c allowed local users to cause a denial of service (memory consumption) by triggering an out-of-array error case (bnc#1085053).

- CVE-2018-1000026: A insufficient input validation vulnerability in the bnx2x network card driver could result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM. (bnc#1079384).

- CVE-2018-1068: Insufficient user provided offset checking in the ebtables compat code allowed local attackers to overwrite kernel memory and potentially execute code. (bsc#1085107)

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch SUSE-SLE-WE-12-SP2-2018-535=1

SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-535=1

SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-535=1

SUSE Linux Enterprise Server 12-SP2:zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-535=1

SUSE Linux Enterprise Live Patching 12:zypper in -t patch SUSE-SLE-Live-Patching-12-2018-535=1

SUSE Linux Enterprise High Availability 12-SP2:zypper in -t patch SUSE-SLE-HA-12-SP2-2018-535=1

SUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-535=1

OpenStack Cloud Magnum Orchestration 7:zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-535=1

See Also

https://bugzilla.suse.com/show_bug.cgi?id=1005776

https://bugzilla.suse.com/show_bug.cgi?id=1006867

https://bugzilla.suse.com/show_bug.cgi?id=1012382

https://bugzilla.suse.com/show_bug.cgi?id=1012829

https://bugzilla.suse.com/show_bug.cgi?id=1027054

https://bugzilla.suse.com/show_bug.cgi?id=1031717

https://bugzilla.suse.com/show_bug.cgi?id=1034503

https://bugzilla.suse.com/show_bug.cgi?id=1035432

https://bugzilla.suse.com/show_bug.cgi?id=1042286

https://bugzilla.suse.com/show_bug.cgi?id=1043441

https://bugzilla.suse.com/show_bug.cgi?id=1045330

https://bugzilla.suse.com/show_bug.cgi?id=1062840

https://bugzilla.suse.com/show_bug.cgi?id=1065600

https://bugzilla.suse.com/show_bug.cgi?id=1065615

https://bugzilla.suse.com/show_bug.cgi?id=1066223

https://bugzilla.suse.com/show_bug.cgi?id=1067118

https://bugzilla.suse.com/show_bug.cgi?id=1068032

https://bugzilla.suse.com/show_bug.cgi?id=1068569

https://bugzilla.suse.com/show_bug.cgi?id=1069135

https://bugzilla.suse.com/show_bug.cgi?id=1071306

https://bugzilla.suse.com/show_bug.cgi?id=1071892

https://bugzilla.suse.com/show_bug.cgi?id=1072363

https://bugzilla.suse.com/show_bug.cgi?id=1072689

https://bugzilla.suse.com/show_bug.cgi?id=1072739

https://bugzilla.suse.com/show_bug.cgi?id=1072865

https://bugzilla.suse.com/show_bug.cgi?id=1073401

https://bugzilla.suse.com/show_bug.cgi?id=1074198

https://bugzilla.suse.com/show_bug.cgi?id=1074426

https://bugzilla.suse.com/show_bug.cgi?id=1075087

https://bugzilla.suse.com/show_bug.cgi?id=1076282

https://bugzilla.suse.com/show_bug.cgi?id=1077285

https://bugzilla.suse.com/show_bug.cgi?id=1077513

https://bugzilla.suse.com/show_bug.cgi?id=1077560

https://bugzilla.suse.com/show_bug.cgi?id=1077779

https://bugzilla.suse.com/show_bug.cgi?id=1078583

https://bugzilla.suse.com/show_bug.cgi?id=1078609

https://bugzilla.suse.com/show_bug.cgi?id=1078672

https://bugzilla.suse.com/show_bug.cgi?id=1078673

https://bugzilla.suse.com/show_bug.cgi?id=1078787

https://bugzilla.suse.com/show_bug.cgi?id=1079029

https://bugzilla.suse.com/show_bug.cgi?id=1079038

https://bugzilla.suse.com/show_bug.cgi?id=1079384

https://bugzilla.suse.com/show_bug.cgi?id=1079989

https://bugzilla.suse.com/show_bug.cgi?id=1080014

https://bugzilla.suse.com/show_bug.cgi?id=1080263

https://bugzilla.suse.com/show_bug.cgi?id=1080344

https://bugzilla.suse.com/show_bug.cgi?id=1080360

https://bugzilla.suse.com/show_bug.cgi?id=1080364

https://bugzilla.suse.com/show_bug.cgi?id=1080384

https://bugzilla.suse.com/show_bug.cgi?id=1080464

https://bugzilla.suse.com/show_bug.cgi?id=1080774

https://bugzilla.suse.com/show_bug.cgi?id=1080809

https://bugzilla.suse.com/show_bug.cgi?id=1080813

https://bugzilla.suse.com/show_bug.cgi?id=1080851

https://bugzilla.suse.com/show_bug.cgi?id=1081134

https://bugzilla.suse.com/show_bug.cgi?id=1081431

https://bugzilla.suse.com/show_bug.cgi?id=1081491

https://bugzilla.suse.com/show_bug.cgi?id=1081498

https://bugzilla.suse.com/show_bug.cgi?id=1081500

https://bugzilla.suse.com/show_bug.cgi?id=1081512

https://bugzilla.suse.com/show_bug.cgi?id=1081671

https://bugzilla.suse.com/show_bug.cgi?id=1082223

https://bugzilla.suse.com/show_bug.cgi?id=1082299

https://bugzilla.suse.com/show_bug.cgi?id=1082478

https://bugzilla.suse.com/show_bug.cgi?id=1082795

https://bugzilla.suse.com/show_bug.cgi?id=1082864

https://bugzilla.suse.com/show_bug.cgi?id=1082897

https://bugzilla.suse.com/show_bug.cgi?id=1082979

https://bugzilla.suse.com/show_bug.cgi?id=1082993

https://bugzilla.suse.com/show_bug.cgi?id=1083494

https://bugzilla.suse.com/show_bug.cgi?id=1083548

https://bugzilla.suse.com/show_bug.cgi?id=1084610

https://bugzilla.suse.com/show_bug.cgi?id=1085053

https://bugzilla.suse.com/show_bug.cgi?id=1085107

https://bugzilla.suse.com/show_bug.cgi?id=1085224

https://bugzilla.suse.com/show_bug.cgi?id=1085239

https://bugzilla.suse.com/show_bug.cgi?id=863764

https://bugzilla.suse.com/show_bug.cgi?id=966328

https://bugzilla.suse.com/show_bug.cgi?id=975772

https://bugzilla.suse.com/show_bug.cgi?id=983145

https://www.suse.com/security/cve/CVE-2017-13166/

https://www.suse.com/security/cve/CVE-2017-15951/

https://www.suse.com/security/cve/CVE-2017-16644/

https://www.suse.com/security/cve/CVE-2017-16912/

https://www.suse.com/security/cve/CVE-2017-16913/

https://www.suse.com/security/cve/CVE-2017-17975/

https://www.suse.com/security/cve/CVE-2017-18208/

https://www.suse.com/security/cve/CVE-2018-1000026/

https://www.suse.com/security/cve/CVE-2018-1068/

https://www.suse.com/security/cve/CVE-2018-8087/

http://www.nessus.org/u?ad41d0d5

Plugin Details

Severity: High

ID: 108648

File Name: suse_SU-2018-0785-1.nasl

Version: 1.4

Type: local

Agent: unix

Published: 2018/03/27

Updated: 2019/09/10

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debugsource, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-extra, p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-syms, cpe:/o:novell:suse_linux:12

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2018/03/23

Vulnerability Publication Date: 2017/10/28

Reference Information

CVE: CVE-2017-13166, CVE-2017-15951, CVE-2017-16644, CVE-2017-16912, CVE-2017-16913, CVE-2017-17975, CVE-2017-18208, CVE-2018-1000026, CVE-2018-1068, CVE-2018-8087