SUSE SLES11 Security Update : kernel (SUSE-SU-2018:2366-1) (Foreshadow)

high Nessus Plugin ID 111833

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed :

- CVE-2016-8405: An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. (bnc#1099942).

- CVE-2017-13305: A information disclosure vulnerability existed in the encrypted-keys handling. (bnc#1094353).

- CVE-2018-1000204: A malformed SG_IO ioctl issued for a SCSI device could lead to a local kernel information leak manifesting in up to approximately 1000 memory pages copied to the userspace. The problem has limited scope as non-privileged users usually have no permissions to access SCSI device files. (bnc#1096728).

- CVE-2018-1068: A flaw was found in the implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bnc#1085107).

- CVE-2018-1130: A NULL pointer dereference in dccp_write_xmit() function in net/dccp/output.c allowed a local user to cause a denial of service by a number of certain crafted system calls (bnc#1092904).

- CVE-2018-12233: In the ea_get function in fs/jfs/xattr.c a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr (bnc#1097234).

- CVE-2018-13053: The alarm_timer_nsleep function in kernel/time/alarmtimer.c had an integer overflow via a large relative timeout because ktime_add_safe is not used (bnc#1099924).

- CVE-2018-13406: An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c kernel could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used (bnc#1098016 1100418).

- CVE-2018-3620: Local attackers on baremetal systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data. (bnc#1087081).

- CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system.
(bnc#1089343).

- CVE-2018-5803: An error in the '_sctp_make_chunk()' function (net/sctp/sm_make_chunk.c) when handling SCTP packets length could be exploited to cause a kernel crash (bnc#1083900).

- CVE-2018-5814: Multiple race condition errors when handling probe, disconnect, and rebind operations could be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets (bnc#1096480).

- CVE-2018-7492: A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST (bnc#1082962).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch slessp3-kernel-20180809-13731=1

SUSE Linux Enterprise Server 11-EXTRA:zypper in -t patch slexsp3-kernel-20180809-13731=1

SUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch sleposp3-kernel-20180809-13731=1

SUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch dbgsp3-kernel-20180809-13731=1

See Also

https://bugzilla.suse.com/show_bug.cgi?id=1082962

https://bugzilla.suse.com/show_bug.cgi?id=1083900

https://bugzilla.suse.com/show_bug.cgi?id=1085107

https://bugzilla.suse.com/show_bug.cgi?id=1087081

https://bugzilla.suse.com/show_bug.cgi?id=1089343

https://bugzilla.suse.com/show_bug.cgi?id=1092904

https://bugzilla.suse.com/show_bug.cgi?id=1094353

https://bugzilla.suse.com/show_bug.cgi?id=1096480

https://bugzilla.suse.com/show_bug.cgi?id=1096728

https://bugzilla.suse.com/show_bug.cgi?id=1097234

https://bugzilla.suse.com/show_bug.cgi?id=1098016

https://bugzilla.suse.com/show_bug.cgi?id=1099924

https://bugzilla.suse.com/show_bug.cgi?id=1099942

https://bugzilla.suse.com/show_bug.cgi?id=1100418

https://bugzilla.suse.com/show_bug.cgi?id=1104475

https://bugzilla.suse.com/show_bug.cgi?id=1104684

https://bugzilla.suse.com/show_bug.cgi?id=909361

https://www.suse.com/security/cve/CVE-2016-8405/

https://www.suse.com/security/cve/CVE-2017-13305/

https://www.suse.com/security/cve/CVE-2018-1000204/

https://www.suse.com/security/cve/CVE-2018-1068/

https://www.suse.com/security/cve/CVE-2018-1130/

https://www.suse.com/security/cve/CVE-2018-12233/

https://www.suse.com/security/cve/CVE-2018-13053/

https://www.suse.com/security/cve/CVE-2018-13406/

https://www.suse.com/security/cve/CVE-2018-3620/

https://www.suse.com/security/cve/CVE-2018-3646/

https://www.suse.com/security/cve/CVE-2018-5803/

https://www.suse.com/security/cve/CVE-2018-5814/

https://www.suse.com/security/cve/CVE-2018-7492/

http://www.nessus.org/u?0df0d679

Plugin Details

Severity: High

ID: 111833

File Name: suse_SU-2018-2366-1.nasl

Version: 1.7

Type: local

Agent: unix

Published: 8/17/2018

Updated: 8/16/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2018-13406

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-bigsmp-devel, p-cpe:/a:novell:suse_linux:kernel-pae, p-cpe:/a:novell:suse_linux:kernel-ec2, p-cpe:/a:novell:suse_linux:kernel-xen-devel, p-cpe:/a:novell:suse_linux:kernel-xen-base, p-cpe:/a:novell:suse_linux:kernel-pae-base, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-bigsmp-base, p-cpe:/a:novell:suse_linux:kernel-trace-base, cpe:/o:novell:suse_linux:11, p-cpe:/a:novell:suse_linux:kernel-ec2-base, p-cpe:/a:novell:suse_linux:kernel-ec2-devel, p-cpe:/a:novell:suse_linux:kernel-bigsmp, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-trace, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-xen, p-cpe:/a:novell:suse_linux:kernel-trace-devel, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-pae-devel

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/16/2018

Vulnerability Publication Date: 1/12/2017

Reference Information

CVE: CVE-2016-8405, CVE-2017-13305, CVE-2018-1000204, CVE-2018-1068, CVE-2018-1130, CVE-2018-12233, CVE-2018-13053, CVE-2018-13406, CVE-2018-3620, CVE-2018-3646, CVE-2018-5803, CVE-2018-5814, CVE-2018-7492