SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0828-1)

high Nessus Plugin ID 123635

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes.

The following security bugs were fixed :

CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179).

CVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166).

CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. (bnc#1107829).

CVE-2019-7221: The KVM implementation in the Linux kernel had a Use-after-Free (bnc#1124732).

CVE-2019-7222: The KVM implementation in the Linux kernel had an Information Leak (bnc#1124735).

CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, which led to a use-after-free (bnc#1124728).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE OpenStack Cloud 7:zypper in -t patch SUSE-OpenStack-Cloud-7-2019-828=1

SUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-828=1

SUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-828=1

SUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-828=1

SUSE Linux Enterprise High Availability 12-SP2:zypper in -t patch SUSE-SLE-HA-12-SP2-2019-828=1

SUSE Enterprise Storage 4:zypper in -t patch SUSE-Storage-4-2019-828=1

OpenStack Cloud Magnum Orchestration 7:zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-828=1

See Also

https://bugzilla.suse.com/show_bug.cgi?id=1129179

https://www.suse.com/security/cve/CVE-2018-14633/

https://www.suse.com/security/cve/CVE-2019-2024/

https://www.suse.com/security/cve/CVE-2019-6974/

https://www.suse.com/security/cve/CVE-2019-7221/

https://www.suse.com/security/cve/CVE-2019-7222/

https://www.suse.com/security/cve/CVE-2019-9213/

http://www.nessus.org/u?9b6ab111

https://bugzilla.suse.com/show_bug.cgi?id=1012382

https://bugzilla.suse.com/show_bug.cgi?id=1075697

https://bugzilla.suse.com/show_bug.cgi?id=1082943

https://bugzilla.suse.com/show_bug.cgi?id=1098599

https://bugzilla.suse.com/show_bug.cgi?id=1102959

https://bugzilla.suse.com/show_bug.cgi?id=1105402

https://bugzilla.suse.com/show_bug.cgi?id=1107829

https://bugzilla.suse.com/show_bug.cgi?id=1108145

https://bugzilla.suse.com/show_bug.cgi?id=1109137

https://bugzilla.suse.com/show_bug.cgi?id=1109330

https://bugzilla.suse.com/show_bug.cgi?id=1110286

https://bugzilla.suse.com/show_bug.cgi?id=1117645

https://bugzilla.suse.com/show_bug.cgi?id=1119019

https://bugzilla.suse.com/show_bug.cgi?id=1120691

https://bugzilla.suse.com/show_bug.cgi?id=1121698

https://bugzilla.suse.com/show_bug.cgi?id=1121805

https://bugzilla.suse.com/show_bug.cgi?id=1122821

https://bugzilla.suse.com/show_bug.cgi?id=1124728

https://bugzilla.suse.com/show_bug.cgi?id=1124732

https://bugzilla.suse.com/show_bug.cgi?id=1124735

https://bugzilla.suse.com/show_bug.cgi?id=1125315

https://bugzilla.suse.com/show_bug.cgi?id=1127155

https://bugzilla.suse.com/show_bug.cgi?id=1127758

https://bugzilla.suse.com/show_bug.cgi?id=1127961

https://bugzilla.suse.com/show_bug.cgi?id=1128166

https://bugzilla.suse.com/show_bug.cgi?id=1129080

Plugin Details

Severity: High

ID: 123635

File Name: suse_SU-2019-0828-1.nasl

Version: 1.7

Type: local

Agent: unix

Published: 4/2/2019

Updated: 5/20/2022

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 8.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C

CVSS Score Source: CVE-2018-14633

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

CVSS Score Source: CVE-2019-6974

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debugsource, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_104-default, cpe:/o:novell:suse_linux:12

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/1/2019

Vulnerability Publication Date: 9/25/2018

Exploitable With

Metasploit (Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation)

Reference Information

CVE: CVE-2018-14633, CVE-2019-2024, CVE-2019-6974, CVE-2019-7221, CVE-2019-7222, CVE-2019-9213