SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 7811 / 7813 / 7814)

Medium Nessus Plugin ID 66912

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 5.9

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

The SUSE Linux Enterprise 11 Service Pack 2 kernel has been updated to Linux kernel 3.0.80 which fixes various bugs and security issues.

The following security issues have been fixed :

- Timing side channel on attacks were possible on /dev/ptmx that could allow local attackers to predict keypresses like e.g. passwords. This has been fixed again by updating accessed/modified time on the pty devices in resolution of 8 seconds, so that idle time detection can still work. (CVE-2013-0160)

- The vcc_recvmsg function in net/atm/common.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3222)

- The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3223)

- The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel did not properly initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3224)

- The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3225)

- The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3227)

- The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3228)

- The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3229)

- The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3231)

- The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3232)

- The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3234)

- net/tipc/socket.c in the Linux kernel did not initialize a certain data structure and a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3235)

- The crypto API in the Linux kernel did not initialize certain length variables, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c. (CVE-2013-3076)

- The scm_set_cred function in include/net/scm.h in the Linux kernel used incorrect uid and gid values during credentials passing, which allowed local users to gain privileges via a crafted application. (CVE-2013-1979)

- A kernel information leak via tkill/tgkill was fixed.
The following bugs have been fixed :

- reiserfs: fix spurious multiple-fill in reiserfs_readdir_dentry. (bnc#822722)

- libfc: do not exch_done() on invalid sequence ptr.
(bnc#810722)

- netfilter: ip6t_LOG: fix logging of packet mark.
(bnc#821930)

- hyperv: use 3.4 as LIC version string. (bnc#822431)

- virtio_net: introduce VIRTIO_NET_HDR_F_DATA_VALID.
(bnc#819655)

- xen/netback: do not disconnect frontend when seeing oversize packet.

- xen/netfront: reduce gso_max_size to account for max TCP header.

- xen/netfront: fix kABI after 'reduce gso_max_size to account for max TCP header'.

- xfs: Fix kABI due to change in xfs_buf. (bnc#815356)

- xfs: fix race while discarding buffers [V4] (bnc#815356 (comment 36)).

- xfs: Serialize file-extending direct IO. (bnc#818371)

- xhci: Do not switch webcams in some HP ProBooks to XHCI.
(bnc#805804)

- bluetooth: Do not switch BT on HP ProBook 4340.
(bnc#812281)

- s390/ftrace: fix mcount adjustment. (bnc#809895)

- mm: memory_dev_init make sure nmi watchdog does not trigger while registering memory sections. (bnc#804609, bnc#820434)

- patches.fixes/xfs-backward-alloc-fix.diff: xfs: Avoid pathological backwards allocation. (bnc#805945)

- mm: compaction: Restart compaction from near where it left off

- mm: compaction: cache if a pageblock was scanned and no pages were isolated

- mm: compaction: clear PG_migrate_skip based on compaction and reclaim activity

- mm: compaction: Scan PFN caching KABI workaround

- mm: page_allocator: Remove first_pass guard

- mm: vmscan: do not stall on writeback during memory compaction Cache compaction restart points for faster compaction cycles. (bnc#816451)

- qlge: fix dma map leak when the last chunk is not allocated. (bnc#819519)

- SUNRPC: Get rid of the redundant xprt->shutdown bit field. (bnc#800907)

- SUNRPC: Ensure that we grab the XPRT_LOCK before calling xprt_alloc_slot. (bnc#800907)

- SUNRPC: Fix a UDP transport regression. (bnc#800907)

- SUNRPC: Allow caller of rpc_sleep_on() to select priority levels. (bnc#800907)

- SUNRPC: Replace xprt->resend and xprt->sending with a priority queue. (bnc#800907)

- SUNRPC: Fix potential races in xprt_lock_write_next().
(bnc#800907)

- md: cannot re-add disks after recovery. (bnc#808647)

- fs/xattr.c:getxattr(): improve handling of allocation failures. (bnc#818053)

- fs/xattr.c:listxattr(): fall back to vmalloc() if kmalloc() failed. (bnc#818053)

- fs/xattr.c:setxattr(): improve handling of allocation failures. (bnc#818053)

- fs/xattr.c: suppress page allocation failure warnings from sys_listxattr(). (bnc#818053)

- virtio-blk: Call revalidate_disk() upon online disk resize. (bnc#817339)

- usb-storage: CY7C68300A chips do not support Cypress ATACB. (bnc#819295)

- patches.kernel.org/patch-3.0.60-61: Update references (add bnc#810580).

- usb: Using correct way to clear usb3.0 devices remote wakeup feature. (bnc#818516)

- xhci: Fix TD size for isochronous URBs. (bnc#818514)

- ALSA: hda - fixup D3 pin and right channel mute on Haswell HDMI audio. (bnc#818798)

- ALSA: hda - Apply pin-enablement workaround to all Haswell HDMI codecs. (bnc#818798)

- xfs: fallback to vmalloc for large buffers in xfs_attrmulti_attr_get. (bnc#818053)

- xfs: fallback to vmalloc for large buffers in xfs_attrlist_by_handle. (bnc#818053)

- xfs: xfs: fallback to vmalloc for large buffers in xfs_compat_attrlist_by_handle. (bnc#818053)

- xHCI: store rings type.

- xhci: Fix hang on back-to-back Set TR Deq Ptr commands.

- xHCI: check enqueue pointer advance into dequeue seg.

- xHCI: store rings last segment and segment numbers.

- xHCI: Allocate 2 segments for transfer ring.

- xHCI: count free TRBs on transfer ring.

- xHCI: factor out segments allocation and free function.

- xHCI: update sg tablesize.

- xHCI: set cycle state when allocate rings.

- xhci: Reserve one command for USB3 LPM disable.

- xHCI: dynamic ring expansion.

- xhci: Do not warn on empty ring for suspended devices.

- md/raid1: Do not release reference to device while handling read error. (bnc#809122, bnc#814719)

- rpm/mkspec: Stop generating the get_release_number.sh file.

- rpm/kernel-spec-macros: Properly handle KOTD release numbers with .g suffix.

- rpm/kernel-spec-macros: Drop the %release_num macro We no longer put the -rcX tag into the release string.

- rpm/kernel-*.spec.in, rpm/mkspec: Do not force the '<RELEASE>' string in specfiles.

- mm/mmap: check for RLIMIT_AS before unmapping.
(bnc#818327)

- mm: Fix add_page_wait_queue() to work for PG_Locked bit waiters. (bnc#792584)

- mm: Fix add_page_wait_queue() to work for PG_Locked bit waiters. (bnc#792584)

- bonding: only use primary address for ARP. (bnc#815444)

- bonding: remove entries for master_ip and vlan_ip and query devices instead. (bnc#815444)

- mm: speedup in __early_pfn_to_nid. (bnc#810624)

- TTY: fix atime/mtime regression. (bnc#815745)

- sd_dif: problem with verify of type 1 protection information (PI). (bnc#817010)

- sched: harden rq rt usage accounting. (bnc#769685, bnc#788590)

- rcu: Avoid spurious RCU CPU stall warnings. (bnc#816586)

- rcu: Dump local stack if cannot dump all CPUs stacks.
(bnc#816586)

- rcu: Fix detection of abruptly-ending stall.
(bnc#816586)

- rcu: Suppress NMI backtraces when stall ends before dump. (bnc#816586)

- Update Xen patches to 3.0.74.

- btrfs: do not re-enter when allocating a chunk.

- btrfs: save us a read_lock.

- btrfs: Check CAP_DAC_READ_SEARCH for BTRFS_IOC_INO_PATHS.

- btrfs: remove unused fs_info from btrfs_decode_error().

- btrfs: handle null fs_info in btrfs_panic().

- btrfs: fix varargs in __btrfs_std_error.

- btrfs: fix the race between bio and btrfs_stop_workers.

- btrfs: fix NULL pointer after aborting a transaction.

- btrfs: fix infinite loop when we abort on mount.

- xfs: Do not allocate new buffers on every call to
_xfs_buf_find. (bnc#763968)

- xfs: fix buffer lookup race on allocation failure.
(bnc#763968)

Solution

Apply SAT patch number 7811 / 7813 / 7814 as appropriate.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=763968

https://bugzilla.novell.com/show_bug.cgi?id=764209

https://bugzilla.novell.com/show_bug.cgi?id=768052

https://bugzilla.novell.com/show_bug.cgi?id=769685

https://bugzilla.novell.com/show_bug.cgi?id=788590

https://bugzilla.novell.com/show_bug.cgi?id=792584

https://bugzilla.novell.com/show_bug.cgi?id=793139

https://bugzilla.novell.com/show_bug.cgi?id=797042

https://bugzilla.novell.com/show_bug.cgi?id=797175

https://bugzilla.novell.com/show_bug.cgi?id=800907

https://bugzilla.novell.com/show_bug.cgi?id=802153

https://bugzilla.novell.com/show_bug.cgi?id=804154

https://bugzilla.novell.com/show_bug.cgi?id=804609

https://bugzilla.novell.com/show_bug.cgi?id=805804

https://bugzilla.novell.com/show_bug.cgi?id=805945

https://bugzilla.novell.com/show_bug.cgi?id=806431

https://bugzilla.novell.com/show_bug.cgi?id=806980

https://bugzilla.novell.com/show_bug.cgi?id=808647

https://bugzilla.novell.com/show_bug.cgi?id=809122

https://bugzilla.novell.com/show_bug.cgi?id=809155

https://bugzilla.novell.com/show_bug.cgi?id=809748

https://bugzilla.novell.com/show_bug.cgi?id=809895

https://bugzilla.novell.com/show_bug.cgi?id=810580

https://bugzilla.novell.com/show_bug.cgi?id=810624

https://bugzilla.novell.com/show_bug.cgi?id=810722

https://bugzilla.novell.com/show_bug.cgi?id=812281

https://bugzilla.novell.com/show_bug.cgi?id=814719

https://bugzilla.novell.com/show_bug.cgi?id=815356

https://bugzilla.novell.com/show_bug.cgi?id=815444

https://bugzilla.novell.com/show_bug.cgi?id=815745

https://bugzilla.novell.com/show_bug.cgi?id=816443

https://bugzilla.novell.com/show_bug.cgi?id=816451

https://bugzilla.novell.com/show_bug.cgi?id=816586

https://bugzilla.novell.com/show_bug.cgi?id=816668

https://bugzilla.novell.com/show_bug.cgi?id=816708

https://bugzilla.novell.com/show_bug.cgi?id=817010

https://bugzilla.novell.com/show_bug.cgi?id=817339

https://bugzilla.novell.com/show_bug.cgi?id=818053

https://bugzilla.novell.com/show_bug.cgi?id=818327

https://bugzilla.novell.com/show_bug.cgi?id=818371

https://bugzilla.novell.com/show_bug.cgi?id=818514

https://bugzilla.novell.com/show_bug.cgi?id=818516

https://bugzilla.novell.com/show_bug.cgi?id=818798

https://bugzilla.novell.com/show_bug.cgi?id=819295

https://bugzilla.novell.com/show_bug.cgi?id=819519

https://bugzilla.novell.com/show_bug.cgi?id=819655

https://bugzilla.novell.com/show_bug.cgi?id=819789

https://bugzilla.novell.com/show_bug.cgi?id=820434

https://bugzilla.novell.com/show_bug.cgi?id=821560

https://bugzilla.novell.com/show_bug.cgi?id=821930

https://bugzilla.novell.com/show_bug.cgi?id=822431

https://bugzilla.novell.com/show_bug.cgi?id=822722

http://support.novell.com/security/cve/CVE-2013-0160.html

http://support.novell.com/security/cve/CVE-2013-1979.html

http://support.novell.com/security/cve/CVE-2013-3076.html

http://support.novell.com/security/cve/CVE-2013-3222.html

http://support.novell.com/security/cve/CVE-2013-3223.html

http://support.novell.com/security/cve/CVE-2013-3224.html

http://support.novell.com/security/cve/CVE-2013-3225.html

http://support.novell.com/security/cve/CVE-2013-3227.html

http://support.novell.com/security/cve/CVE-2013-3228.html

http://support.novell.com/security/cve/CVE-2013-3229.html

http://support.novell.com/security/cve/CVE-2013-3231.html

http://support.novell.com/security/cve/CVE-2013-3232.html

http://support.novell.com/security/cve/CVE-2013-3234.html

http://support.novell.com/security/cve/CVE-2013-3235.html

Plugin Details

Severity: Medium

ID: 66912

File Name: suse_11_kernel-130604.nasl

Version: 1.3

Type: local

Agent: unix

Published: 2013/06/18

Updated: 2020/06/04

Dependencies: 12634

Risk Information

Risk Factor: Medium

VPR Score: 5.9

CVSS v2.0

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:kernel-default, p-cpe:/a:novell:suse_linux:11:kernel-default-base, p-cpe:/a:novell:suse_linux:11:kernel-default-devel, p-cpe:/a:novell:suse_linux:11:kernel-default-extra, p-cpe:/a:novell:suse_linux:11:kernel-default-man, p-cpe:/a:novell:suse_linux:11:kernel-ec2, p-cpe:/a:novell:suse_linux:11:kernel-ec2-base, p-cpe:/a:novell:suse_linux:11:kernel-ec2-devel, p-cpe:/a:novell:suse_linux:11:kernel-pae, p-cpe:/a:novell:suse_linux:11:kernel-pae-base, p-cpe:/a:novell:suse_linux:11:kernel-pae-devel, p-cpe:/a:novell:suse_linux:11:kernel-pae-extra, p-cpe:/a:novell:suse_linux:11:kernel-source, p-cpe:/a:novell:suse_linux:11:kernel-syms, p-cpe:/a:novell:suse_linux:11:kernel-trace, p-cpe:/a:novell:suse_linux:11:kernel-trace-base, p-cpe:/a:novell:suse_linux:11:kernel-trace-devel, p-cpe:/a:novell:suse_linux:11:kernel-trace-extra, p-cpe:/a:novell:suse_linux:11:kernel-xen, p-cpe:/a:novell:suse_linux:11:kernel-xen-base, p-cpe:/a:novell:suse_linux:11:kernel-xen-devel, p-cpe:/a:novell:suse_linux:11:kernel-xen-extra, p-cpe:/a:novell:suse_linux:11:xen-kmp-default, p-cpe:/a:novell:suse_linux:11:xen-kmp-trace, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2013/06/04

Reference Information

CVE: CVE-2013-0160, CVE-2013-1979, CVE-2013-3076, CVE-2013-3222, CVE-2013-3223, CVE-2013-3224, CVE-2013-3225, CVE-2013-3227, CVE-2013-3228, CVE-2013-3229, CVE-2013-3231, CVE-2013-3232, CVE-2013-3234, CVE-2013-3235