SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2018:2223-1)

High Nessus Plugin ID 120071

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed:
CVE-2018-5390 aka SegmentSmack: A remote attacker even with relatively low bandwidth could have caused lots of CPU usage by triggering the worst case scenario during IP and/or TCP fragment reassembly (bsc#1102340)

- CVE-2017-18344: The timer_create syscall implementation didn't properly validate input, which could have lead to out-of-bounds access. This allowed userspace applications to read arbitrary kernel memory in some setups. (bsc#1102851)

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 15:zypper in -t patch SUSE-SLE-Product-WE-15-2018-1504=1

SUSE Linux Enterprise Module for Live Patching 15:zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2018-1504=1

SUSE Linux Enterprise Module for Legacy Software 15:zypper in -t patch SUSE-SLE-Module-Legacy-15-2018-1504=1

SUSE Linux Enterprise Module for Development Tools 15:zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-1504=1

SUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1504=1

SUSE Linux Enterprise High Availability 15:zypper in -t patch SUSE-SLE-Product-HA-15-2018-1504=1

See Also

https://bugzilla.suse.com/show_bug.cgi?id=1012382

https://bugzilla.suse.com/show_bug.cgi?id=1037697

https://bugzilla.suse.com/show_bug.cgi?id=1046299

https://bugzilla.suse.com/show_bug.cgi?id=1046300

https://bugzilla.suse.com/show_bug.cgi?id=1046302

https://bugzilla.suse.com/show_bug.cgi?id=1046303

https://bugzilla.suse.com/show_bug.cgi?id=1046305

https://bugzilla.suse.com/show_bug.cgi?id=1046306

https://bugzilla.suse.com/show_bug.cgi?id=1046307

https://bugzilla.suse.com/show_bug.cgi?id=1046533

https://bugzilla.suse.com/show_bug.cgi?id=1046543

https://bugzilla.suse.com/show_bug.cgi?id=1050242

https://bugzilla.suse.com/show_bug.cgi?id=1050536

https://bugzilla.suse.com/show_bug.cgi?id=1050538

https://bugzilla.suse.com/show_bug.cgi?id=1050540

https://bugzilla.suse.com/show_bug.cgi?id=1051510

https://bugzilla.suse.com/show_bug.cgi?id=1054245

https://bugzilla.suse.com/show_bug.cgi?id=1056651

https://bugzilla.suse.com/show_bug.cgi?id=1056787

https://bugzilla.suse.com/show_bug.cgi?id=1058169

https://bugzilla.suse.com/show_bug.cgi?id=1058659

https://bugzilla.suse.com/show_bug.cgi?id=1060463

https://bugzilla.suse.com/show_bug.cgi?id=1068032

https://bugzilla.suse.com/show_bug.cgi?id=1075087

https://bugzilla.suse.com/show_bug.cgi?id=1075360

https://bugzilla.suse.com/show_bug.cgi?id=1077338

https://bugzilla.suse.com/show_bug.cgi?id=1077761

https://bugzilla.suse.com/show_bug.cgi?id=1077989

https://bugzilla.suse.com/show_bug.cgi?id=1085042

https://bugzilla.suse.com/show_bug.cgi?id=1085536

https://bugzilla.suse.com/show_bug.cgi?id=1085539

https://bugzilla.suse.com/show_bug.cgi?id=1086301

https://bugzilla.suse.com/show_bug.cgi?id=1086313

https://bugzilla.suse.com/show_bug.cgi?id=1086314

https://bugzilla.suse.com/show_bug.cgi?id=1086324

https://bugzilla.suse.com/show_bug.cgi?id=1086457

https://bugzilla.suse.com/show_bug.cgi?id=1087092

https://bugzilla.suse.com/show_bug.cgi?id=1087202

https://bugzilla.suse.com/show_bug.cgi?id=1087217

https://bugzilla.suse.com/show_bug.cgi?id=1087233

https://bugzilla.suse.com/show_bug.cgi?id=1090098

https://bugzilla.suse.com/show_bug.cgi?id=1090888

https://bugzilla.suse.com/show_bug.cgi?id=1091041

https://bugzilla.suse.com/show_bug.cgi?id=1091171

https://bugzilla.suse.com/show_bug.cgi?id=1093148

https://bugzilla.suse.com/show_bug.cgi?id=1093666

https://bugzilla.suse.com/show_bug.cgi?id=1094119

https://bugzilla.suse.com/show_bug.cgi?id=1096330

https://bugzilla.suse.com/show_bug.cgi?id=1097583

https://bugzilla.suse.com/show_bug.cgi?id=1097584

https://bugzilla.suse.com/show_bug.cgi?id=1097585

https://bugzilla.suse.com/show_bug.cgi?id=1097586

https://bugzilla.suse.com/show_bug.cgi?id=1097587

https://bugzilla.suse.com/show_bug.cgi?id=1097588

https://bugzilla.suse.com/show_bug.cgi?id=1098633

https://bugzilla.suse.com/show_bug.cgi?id=1099193

https://bugzilla.suse.com/show_bug.cgi?id=1100132

https://bugzilla.suse.com/show_bug.cgi?id=1100884

https://bugzilla.suse.com/show_bug.cgi?id=1101143

https://bugzilla.suse.com/show_bug.cgi?id=1101337

https://bugzilla.suse.com/show_bug.cgi?id=1101352

https://bugzilla.suse.com/show_bug.cgi?id=1101564

https://bugzilla.suse.com/show_bug.cgi?id=1101669

https://bugzilla.suse.com/show_bug.cgi?id=1101674

https://bugzilla.suse.com/show_bug.cgi?id=1101789

https://bugzilla.suse.com/show_bug.cgi?id=1101813

https://bugzilla.suse.com/show_bug.cgi?id=1101816

https://bugzilla.suse.com/show_bug.cgi?id=1102088

https://bugzilla.suse.com/show_bug.cgi?id=1102097

https://bugzilla.suse.com/show_bug.cgi?id=1102147

https://bugzilla.suse.com/show_bug.cgi?id=1102340

https://bugzilla.suse.com/show_bug.cgi?id=1102512

https://bugzilla.suse.com/show_bug.cgi?id=1102851

https://bugzilla.suse.com/show_bug.cgi?id=1103216

https://bugzilla.suse.com/show_bug.cgi?id=1103220

https://bugzilla.suse.com/show_bug.cgi?id=1103230

https://bugzilla.suse.com/show_bug.cgi?id=1103421

https://www.suse.com/security/cve/CVE-2017-18344/

https://www.suse.com/security/cve/CVE-2018-5390/

http://www.nessus.org/u?a75d33bb

Plugin Details

Severity: High

ID: 120071

File Name: suse_SU-2018-2223-1.nasl

Version: 1.3

Type: local

Agent: unix

Published: 2019/01/02

Updated: 2019/04/04

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.8

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSS v3.0

Base Score: 7.5

Temporal Score: 6.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debugsource, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-obs-build, p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-vanilla-base, p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo, p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource, p-cpe:/a:novell:suse_linux:kernel-zfcpdump, p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo, p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2018/08/06

Vulnerability Publication Date: 2018/07/26

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2017-18344, CVE-2018-5390