SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:0786-1)

critical Nessus Plugin ID 108649

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.120 to receive various security and bugfixes. The following security bugs were fixed :

- CVE-2017-13166: An elevation of privilege vulnerability in the v4l2 video driver. (bnc#1072865).

- CVE-2017-15951: The KEYS subsystem did not correctly synchronize the actions of updating versus finding a key in the 'negative' state to avoid a race condition, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls (bnc#1062840 bnc#1065615).

- CVE-2017-16644: The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c allowed local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067118).

- CVE-2017-16912: The 'get_pipe()' function (drivers/usb/usbip/stub_rx.c) allowed attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet (bnc#1078673).

- CVE-2017-16913: The 'stub_recv_cmd_submit()' function (drivers/usb/usbip/stub_rx.c) when handling CMD_SUBMIT packets allowed attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet (bnc#1078672).

- CVE-2017-17975: Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c allowed attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label's code attempts to both access and free this data structure (bnc#1074426).

- CVE-2017-18174: The amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function, leading to a double free (bnc#1080533).

- CVE-2017-18208: The madvise_willneed function in mm/madvise.c allowed local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping (bnc#1083494).

- CVE-2018-1000026: A insufficient input validation vulnerability in bnx2x network card driver could result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM. (bnc#1079384).

- CVE-2018-8087: Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c allowed local users to cause a denial of service (memory consumption) by triggering an out-of-array error case (bnc#1085053).

- CVE-2018-1068: Insufficient user provided offset checking in the ebtables compat code allowed local attackers to overwrite kernel memory and potentially execute code. (bsc#1085107)

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch SUSE-SLE-WE-12-SP3-2018-534=1

SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-534=1

SUSE Linux Enterprise Server 12-SP3:zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-534=1

SUSE Linux Enterprise Live Patching 12-SP3:zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-534=1

SUSE Linux Enterprise High Availability 12-SP3:zypper in -t patch SUSE-SLE-HA-12-SP3-2018-534=1

SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-534=1

SUSE CaaS Platform ALL :

To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way.

See Also

https://bugzilla.suse.com/show_bug.cgi?id=1006867

https://bugzilla.suse.com/show_bug.cgi?id=1012382

https://bugzilla.suse.com/show_bug.cgi?id=1015342

https://bugzilla.suse.com/show_bug.cgi?id=1015343

https://bugzilla.suse.com/show_bug.cgi?id=1020645

https://bugzilla.suse.com/show_bug.cgi?id=1022607

https://bugzilla.suse.com/show_bug.cgi?id=1024376

https://bugzilla.suse.com/show_bug.cgi?id=1027054

https://bugzilla.suse.com/show_bug.cgi?id=1031717

https://bugzilla.suse.com/show_bug.cgi?id=1033587

https://bugzilla.suse.com/show_bug.cgi?id=1034503

https://bugzilla.suse.com/show_bug.cgi?id=1042286

https://bugzilla.suse.com/show_bug.cgi?id=1043441

https://bugzilla.suse.com/show_bug.cgi?id=1043725

https://bugzilla.suse.com/show_bug.cgi?id=1043726

https://bugzilla.suse.com/show_bug.cgi?id=1062840

https://bugzilla.suse.com/show_bug.cgi?id=1065600

https://bugzilla.suse.com/show_bug.cgi?id=1065615

https://bugzilla.suse.com/show_bug.cgi?id=1066223

https://bugzilla.suse.com/show_bug.cgi?id=1067118

https://bugzilla.suse.com/show_bug.cgi?id=1068032

https://bugzilla.suse.com/show_bug.cgi?id=1068569

https://bugzilla.suse.com/show_bug.cgi?id=1069135

https://bugzilla.suse.com/show_bug.cgi?id=1070404

https://bugzilla.suse.com/show_bug.cgi?id=1071306

https://bugzilla.suse.com/show_bug.cgi?id=1071892

https://bugzilla.suse.com/show_bug.cgi?id=1072363

https://bugzilla.suse.com/show_bug.cgi?id=1072689

https://bugzilla.suse.com/show_bug.cgi?id=1072739

https://bugzilla.suse.com/show_bug.cgi?id=1072865

https://bugzilla.suse.com/show_bug.cgi?id=1073401

https://bugzilla.suse.com/show_bug.cgi?id=1073407

https://bugzilla.suse.com/show_bug.cgi?id=1074198

https://bugzilla.suse.com/show_bug.cgi?id=1074426

https://bugzilla.suse.com/show_bug.cgi?id=1075087

https://bugzilla.suse.com/show_bug.cgi?id=1076282

https://bugzilla.suse.com/show_bug.cgi?id=1076693

https://bugzilla.suse.com/show_bug.cgi?id=1076760

https://bugzilla.suse.com/show_bug.cgi?id=1076982

https://bugzilla.suse.com/show_bug.cgi?id=1077241

https://bugzilla.suse.com/show_bug.cgi?id=1077285

https://bugzilla.suse.com/show_bug.cgi?id=1077513

https://bugzilla.suse.com/show_bug.cgi?id=1077560

https://bugzilla.suse.com/show_bug.cgi?id=1077779

https://bugzilla.suse.com/show_bug.cgi?id=1078583

https://bugzilla.suse.com/show_bug.cgi?id=1078672

https://bugzilla.suse.com/show_bug.cgi?id=1078673

https://bugzilla.suse.com/show_bug.cgi?id=1078787

https://bugzilla.suse.com/show_bug.cgi?id=1079029

https://bugzilla.suse.com/show_bug.cgi?id=1079038

https://bugzilla.suse.com/show_bug.cgi?id=1079195

https://bugzilla.suse.com/show_bug.cgi?id=1079313

https://bugzilla.suse.com/show_bug.cgi?id=1079384

https://bugzilla.suse.com/show_bug.cgi?id=1079609

https://bugzilla.suse.com/show_bug.cgi?id=1079886

https://bugzilla.suse.com/show_bug.cgi?id=1079989

https://bugzilla.suse.com/show_bug.cgi?id=1080014

https://bugzilla.suse.com/show_bug.cgi?id=1080263

https://bugzilla.suse.com/show_bug.cgi?id=1080321

https://bugzilla.suse.com/show_bug.cgi?id=1080344

https://bugzilla.suse.com/show_bug.cgi?id=1080364

https://bugzilla.suse.com/show_bug.cgi?id=1080384

https://bugzilla.suse.com/show_bug.cgi?id=1080464

https://bugzilla.suse.com/show_bug.cgi?id=1080533

https://bugzilla.suse.com/show_bug.cgi?id=1080656

https://bugzilla.suse.com/show_bug.cgi?id=1080774

https://bugzilla.suse.com/show_bug.cgi?id=1080813

https://bugzilla.suse.com/show_bug.cgi?id=1080851

https://bugzilla.suse.com/show_bug.cgi?id=1081134

https://bugzilla.suse.com/show_bug.cgi?id=1081431

https://bugzilla.suse.com/show_bug.cgi?id=1081436

https://bugzilla.suse.com/show_bug.cgi?id=1081437

https://bugzilla.suse.com/show_bug.cgi?id=1081491

https://bugzilla.suse.com/show_bug.cgi?id=1081498

https://bugzilla.suse.com/show_bug.cgi?id=1081500

https://bugzilla.suse.com/show_bug.cgi?id=1081512

https://bugzilla.suse.com/show_bug.cgi?id=1081514

https://bugzilla.suse.com/show_bug.cgi?id=1081681

https://bugzilla.suse.com/show_bug.cgi?id=1081735

https://bugzilla.suse.com/show_bug.cgi?id=1082089

https://bugzilla.suse.com/show_bug.cgi?id=1082223

https://bugzilla.suse.com/show_bug.cgi?id=1082299

https://bugzilla.suse.com/show_bug.cgi?id=1082373

https://bugzilla.suse.com/show_bug.cgi?id=1082478

https://bugzilla.suse.com/show_bug.cgi?id=1082632

https://bugzilla.suse.com/show_bug.cgi?id=1082795

https://bugzilla.suse.com/show_bug.cgi?id=1082864

https://bugzilla.suse.com/show_bug.cgi?id=1082897

https://bugzilla.suse.com/show_bug.cgi?id=1082979

https://bugzilla.suse.com/show_bug.cgi?id=1082993

https://bugzilla.suse.com/show_bug.cgi?id=1083048

https://bugzilla.suse.com/show_bug.cgi?id=1083086

https://bugzilla.suse.com/show_bug.cgi?id=1083223

https://bugzilla.suse.com/show_bug.cgi?id=1083387

https://bugzilla.suse.com/show_bug.cgi?id=1083409

https://bugzilla.suse.com/show_bug.cgi?id=1083494

https://bugzilla.suse.com/show_bug.cgi?id=1083548

https://bugzilla.suse.com/show_bug.cgi?id=1083750

https://bugzilla.suse.com/show_bug.cgi?id=1083770

https://bugzilla.suse.com/show_bug.cgi?id=1084041

https://bugzilla.suse.com/show_bug.cgi?id=1084397

https://bugzilla.suse.com/show_bug.cgi?id=1084427

https://bugzilla.suse.com/show_bug.cgi?id=1084610

https://bugzilla.suse.com/show_bug.cgi?id=1084772

https://bugzilla.suse.com/show_bug.cgi?id=1084888

https://bugzilla.suse.com/show_bug.cgi?id=1084926

https://bugzilla.suse.com/show_bug.cgi?id=1084928

https://bugzilla.suse.com/show_bug.cgi?id=1084967

https://bugzilla.suse.com/show_bug.cgi?id=1085011

https://bugzilla.suse.com/show_bug.cgi?id=1085015

https://bugzilla.suse.com/show_bug.cgi?id=1085045

https://bugzilla.suse.com/show_bug.cgi?id=1085047

https://bugzilla.suse.com/show_bug.cgi?id=1085050

https://bugzilla.suse.com/show_bug.cgi?id=1085053

https://bugzilla.suse.com/show_bug.cgi?id=1085054

https://bugzilla.suse.com/show_bug.cgi?id=1085056

https://bugzilla.suse.com/show_bug.cgi?id=1085107

https://bugzilla.suse.com/show_bug.cgi?id=1085224

https://bugzilla.suse.com/show_bug.cgi?id=1085239

https://bugzilla.suse.com/show_bug.cgi?id=863764

https://bugzilla.suse.com/show_bug.cgi?id=966170

https://bugzilla.suse.com/show_bug.cgi?id=966172

https://bugzilla.suse.com/show_bug.cgi?id=966328

https://bugzilla.suse.com/show_bug.cgi?id=969476

https://bugzilla.suse.com/show_bug.cgi?id=969477

https://bugzilla.suse.com/show_bug.cgi?id=975772

https://bugzilla.suse.com/show_bug.cgi?id=983145

https://www.suse.com/security/cve/CVE-2017-13166/

https://www.suse.com/security/cve/CVE-2017-15951/

https://www.suse.com/security/cve/CVE-2017-16644/

https://www.suse.com/security/cve/CVE-2017-16912/

https://www.suse.com/security/cve/CVE-2017-16913/

https://www.suse.com/security/cve/CVE-2017-17975/

https://www.suse.com/security/cve/CVE-2017-18174/

https://www.suse.com/security/cve/CVE-2017-18208/

https://www.suse.com/security/cve/CVE-2018-1000026/

https://www.suse.com/security/cve/CVE-2018-1068/

https://www.suse.com/security/cve/CVE-2018-8087/

http://www.nessus.org/u?4c0c8a30

Plugin Details

Severity: Critical

ID: 108649

File Name: suse_SU-2018-0786-1.nasl

Version: 1.5

Type: local

Agent: unix

Published: 3/27/2018

Updated: 9/10/2019

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debugsource, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-extra, p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-syms, cpe:/o:novell:suse_linux:12

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 3/23/2018

Vulnerability Publication Date: 10/28/2017

Reference Information

CVE: CVE-2017-13166, CVE-2017-15951, CVE-2017-16644, CVE-2017-16912, CVE-2017-16913, CVE-2017-17975, CVE-2017-18174, CVE-2017-18208, CVE-2018-1000026, CVE-2018-1068, CVE-2018-8087