SUSE SLES11 Security Update : kernel (SUSE-SU-2018:3746-1)

High Nessus Plugin ID 118952

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 11 SP4 kernel was updated to 3.0.101-108.81 to receive various security and bugfixes.

The following security bugs were fixed :

CVE-2018-18281: An issue was discovered in the Linux kernel, the mremap() syscall performs TLB flushes after dropping pagetable locks.
If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused (bnc#1113769).

CVE-2018-18710: An issue was discovered in the Linux kernel, an information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751).

CVE-2018-18386: drivers/tty/n_tty.c in the Linux kernel allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825).

CVE-2017-7273: The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux kernel 4.x allowed physically proximate attackers to cause a denial of service (integer underflow) or possibly have unspecified other impact via a crafted HID report (bnc#1031240).

CVE-2017-16533: The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066674).

CVE-2017-1000407: An denial of service issue was discovered in the Linux kernel, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic (bnc#1071021).

CVE-2018-9516: An issue was discovered in the Linux kernel, the copy_to_user() inside the HID code does not correctly check the length before executing (bsc#1108498).

CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host.
Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely (bnc#1107829).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t patch sdksp4-kernel-source-13863=1

SUSE Linux Enterprise Server 11-SP4:zypper in -t patch slessp4-kernel-source-13863=1

SUSE Linux Enterprise Server 11-EXTRA:zypper in -t patch slexsp3-kernel-source-13863=1

SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch dbgsp4-kernel-source-13863=1

See Also

https://bugzilla.suse.com/show_bug.cgi?id=1031240

https://bugzilla.suse.com/show_bug.cgi?id=1047027

https://bugzilla.suse.com/show_bug.cgi?id=1049128

https://bugzilla.suse.com/show_bug.cgi?id=1050431

https://bugzilla.suse.com/show_bug.cgi?id=1064861

https://bugzilla.suse.com/show_bug.cgi?id=1065600

https://bugzilla.suse.com/show_bug.cgi?id=1066674

https://bugzilla.suse.com/show_bug.cgi?id=1071021

https://bugzilla.suse.com/show_bug.cgi?id=1081680

https://bugzilla.suse.com/show_bug.cgi?id=1094244

https://bugzilla.suse.com/show_bug.cgi?id=1094825

https://bugzilla.suse.com/show_bug.cgi?id=1103145

https://bugzilla.suse.com/show_bug.cgi?id=1105799

https://bugzilla.suse.com/show_bug.cgi?id=1106139

https://bugzilla.suse.com/show_bug.cgi?id=1106240

https://bugzilla.suse.com/show_bug.cgi?id=1107371

https://bugzilla.suse.com/show_bug.cgi?id=1107829

https://bugzilla.suse.com/show_bug.cgi?id=1107849

https://bugzilla.suse.com/show_bug.cgi?id=1108314

https://bugzilla.suse.com/show_bug.cgi?id=1108498

https://bugzilla.suse.com/show_bug.cgi?id=1109806

https://bugzilla.suse.com/show_bug.cgi?id=1109818

https://bugzilla.suse.com/show_bug.cgi?id=1110006

https://bugzilla.suse.com/show_bug.cgi?id=1110247

https://bugzilla.suse.com/show_bug.cgi?id=1113337

https://bugzilla.suse.com/show_bug.cgi?id=1113751

https://bugzilla.suse.com/show_bug.cgi?id=1113769

https://bugzilla.suse.com/show_bug.cgi?id=1114460

https://bugzilla.suse.com/show_bug.cgi?id=923775

https://www.suse.com/security/cve/CVE-2017-1000407/

https://www.suse.com/security/cve/CVE-2017-16533/

https://www.suse.com/security/cve/CVE-2017-7273/

https://www.suse.com/security/cve/CVE-2018-14633/

https://www.suse.com/security/cve/CVE-2018-18281/

https://www.suse.com/security/cve/CVE-2018-18386/

https://www.suse.com/security/cve/CVE-2018-18710/

https://www.suse.com/security/cve/CVE-2018-9516/

http://www.nessus.org/u?9fe20c1d

Plugin Details

Severity: High

ID: 118952

File Name: suse_SU-2018-3746-1.nasl

Version: 1.4

Type: local

Agent: unix

Published: 2018/11/14

Updated: 2019/04/05

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 8.3

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-ec2, p-cpe:/a:novell:suse_linux:kernel-ec2-base, p-cpe:/a:novell:suse_linux:kernel-ec2-devel, p-cpe:/a:novell:suse_linux:kernel-pae, p-cpe:/a:novell:suse_linux:kernel-pae-base, p-cpe:/a:novell:suse_linux:kernel-pae-devel, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-trace, p-cpe:/a:novell:suse_linux:kernel-trace-base, p-cpe:/a:novell:suse_linux:kernel-trace-devel, p-cpe:/a:novell:suse_linux:kernel-xen, p-cpe:/a:novell:suse_linux:kernel-xen-base, p-cpe:/a:novell:suse_linux:kernel-xen-devel, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2018/11/13

Reference Information

CVE: CVE-2017-1000407, CVE-2017-16533, CVE-2017-7273, CVE-2018-10940, CVE-2018-14633, CVE-2018-16658, CVE-2018-18281, CVE-2018-18386, CVE-2018-18710, CVE-2018-9516