openSUSE Security Update : Kernel (openSUSE-SU-2012:0799-1)

Critical Nessus Plugin ID 74658

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 5.9

Synopsis

The remote openSUSE host is missing a security update.

Description

This kernel update of the openSUSE 12.1 kernel fixes lots of bugs and security issues.

Following issues were fixed :

- tcp: drop SYN+FIN messages (bnc#765102).

- net: sock: validate data_len before allocating skb in sock_alloc_send_pskb() (bnc#765320, CVE-2012-2136).

- fcaps: clear the same personality flags as suid when fcaps are used (bnc#758260 CVE-2012-2123).

- macvtap: zerocopy: validate vectors before building skb (bnc#758243 CVE-2012-2119).

- hfsplus: Fix potential buffer overflows (bnc#760902 CVE-2009-4020).

- xfrm: take net hdr len into account for esp payload size calculation (bnc#759545).

- ext4: fix undefined behavior in ext4_fill_flex_info() (bnc#757278).

- igb: fix rtnl race in PM resume path (bnc#748859).

- ixgbe: add missing rtnl_lock in PM resume path (bnc#748859).

- b43: allocate receive buffers big enough for max frame len + offset (bnc#717749).

- xenbus: Reject replies with payload > XENSTORE_PAYLOAD_MAX.

- xenbus_dev: add missing error checks to watch handling.

- hwmon: (coretemp-xen) Fix TjMax detection for older CPUs.

- hwmon: (coretemp-xen) Relax target temperature range check.

- Refresh other Xen patches.

- tlan: add cast needed for proper 64 bit operation (bnc#756840).

- dl2k: Tighten ioctl permissions (bnc#758813).

- [media] cx22702: Fix signal strength.

- fs: cachefiles: Add support for large files in filesystem caching (bnc#747038).

- bridge: correct IPv6 checksum after pull (bnc#738644).

- bridge: fix a possible use after free (bnc#738644).

- bridge: Pseudo-header required for the checksum of ICMPv6 (bnc#738644).

- bridge: mcast snooping, fix length check of snooped MLDv1/2 (bnc#738644).

- PCI/ACPI: Report ASPM support to BIOS if not disabled from command line (bnc#714455).

- ipc/sem.c: fix race with concurrent semtimedop() timeouts and IPC_RMID (bnc#756203).

- drm/i915/crt: Remove 0xa0 probe for VGA.

- tty_audit: fix tty_audit_add_data live lock on audit disabled (bnc#721366).

- drm/i915: suspend fbdev device around suspend/hibernate (bnc#732908).

- dlm: Do not allocate a fd for peeloff (bnc#729247).

- sctp: Export sctp_do_peeloff (bnc#729247).

- i2c-algo-bit: Fix spurious SCL timeouts under heavy load.

- patches.fixes/epoll-dont-limit-non-nested.patch: Don't limit non-nested epoll paths (bnc#676204).

- Update patches.suse/sd_init.mark_majors_busy.patch (bnc#744658).

- igb: Fix for Alt MAC Address feature on 82580 and later devices (bnc#746980).

- mark busy sd majors as allocated (bug#744658).

- regset: Return -EFAULT, not -EIO, on host-side memory fault (bnc# 750079 CVE-2012-1097).

- regset: Prevent NULL pointer reference on readonly regsets (bnc#750079 CVE-2012-1097).

- mm: memcg: Correct unregistring of events attached to the same eventfd (CVE-2012-1146 bnc#750959).

- befs: Validate length of long symbolic links (CVE-2011-2928 bnc#713430).

- si4713-i2c: avoid potential buffer overflow on si4713 (CVE-2011-2700 bnc#707332).

- staging: comedi: fix infoleak to userspace (CVE-2011-2909 bnc#711941).

- hfs: add sanity check for file name length (CVE-2011-4330 bnc#731673).

- cifs: fix dentry refcount leak when opening a FIFO on lookup (CVE-2012-1090 bnc#749569).

- drm: integer overflow in drm_mode_dirtyfb_ioctl() (CVE-2012-0044 bnc#740745).

- xfs: fix acl count validation in xfs_acl_from_disk() (CVE-2012-0038 bnc#740703).

- xfs: validate acl count (CVE-2012-0038 bnc#740703).

- patches.fixes/xfs-fix-possible-memory-corruption-in-xfs_ readlink: Work around missing xfs_alert().

- xfs: Fix missing xfs_iunlock() on error recovery path in xfs_readlink() (CVE-2011-4077 bnc#726600).

- xfs: Fix possible memory corruption in xfs_readlink (CVE-2011-4077 bnc#726600).

- ext4: make ext4_split_extent() handle error correctly.

- ext4: ext4_ext_convert_to_initialized bug found in extended FSX testing.

- ext4: add ext4_split_extent_at() and ext4_split_extent().

- ext4: reimplement convert and split_unwritten (CVE-2011-3638 bnc#726045).

- patches.fixes/epoll-limit-paths.patch: epoll: limit paths (bnc#676204 CVE-2011-1083).

- patches.kabi/epoll-kabi-fix.patch: epoll: hide kabi change in struct file (bnc#676204 CVE-2011-1083).

- NAT/FTP: Fix broken conntrack (bnc#681639 bnc#466279 bnc#747660).

- igmp: Avoid zero delay when receiving odd mixture of IGMP queries (bnc#740448 CVE-2012-0207).

- jbd2: clear BH_Delay & BH_Unwritten in journal_unmap_buffer (bnc#745832 CVE-2011-4086).

- AppArmor: fix oops in apparmor_setprocattr (bnc#717209 CVE-2011-3619).

- Refresh patches.suse/SoN-22-netvm.patch. Clean and
*working* patches.

- Refresh patches.suse/SoN-22-netvm.patch. (bnc#683671) Fix an rcu locking imbalance in the receive path triggered when using vlans.

- Fix mangled patch (invalid date) Although accepted by `patch`, this is rejected by `git apply`

- Fix mangled diff lines (leading space tab vs tab) Although accepted by `patch`, these are rejected by `git apply`

- jbd/jbd2: validate sb->s_first in journal_get_superblock() (bnc#730118).

- fsnotify: don't BUG in fsnotify_destroy_mark() (bnc#689860).

- Fix patches.fixes/x25-Handle-undersized-fragmented-skbs.patc h (CVE-2010-3873 bnc#651219).

- Fix patches.fixes/x25-Prevent-skb-overreads-when-checking-ca ll-user-da.patch (CVE-2010-3873 bnc#651219).

- Fix patches.fixes/x25-Validate-incoming-call-user-data-lengt hs.patch (CVE-2010-3873 bnc#651219).

- Fix patches.fixes/x25-possible-skb-leak-on-bad-facilities.pa tch (CVE-2010-3873 bnc#651219 CVE-2010-4164 bnc#653260).

- Update patches.fixes/econet-4-byte-infoleak-to-the-network.patc h (bnc#681186 CVE-2011-1173). Fix reference.

- hwmon: (w83627ehf) Properly report thermal diode sensors.

- nl80211: fix overflow in ssid_len (bnc#703410 CVE-2011-2517).

- nl80211: fix check for valid SSID size in scan operations (bnc#703410 CVE-2011-2517).

- x25: Prevent skb overreads when checking call user data (CVE-2010-3873 bnc#737624).

- x25: Handle undersized/fragmented skbs (CVE-2010-3873 bnc#737624).

- x25: Validate incoming call user data lengths (CVE-2010-3873 bnc#737624).

- x25: possible skb leak on bad facilities (CVE-2010-3873 bnc#737624).

- net: Add a flow_cache_flush_deferred function (bnc#737624).

- xfrm: avoid possible oopse in xfrm_alloc_dst (bnc#737624).

- scm: lower SCM_MAX_FD (bnc#655696 CVE-2010-4249).

Solution

Update the affected Kernel packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=466279

https://bugzilla.novell.com/show_bug.cgi?id=651219

https://bugzilla.novell.com/show_bug.cgi?id=653260

https://bugzilla.novell.com/show_bug.cgi?id=655696

https://bugzilla.novell.com/show_bug.cgi?id=676204

https://bugzilla.novell.com/show_bug.cgi?id=681186

https://bugzilla.novell.com/show_bug.cgi?id=681639

https://bugzilla.novell.com/show_bug.cgi?id=683671

https://bugzilla.novell.com/show_bug.cgi?id=689860

https://bugzilla.novell.com/show_bug.cgi?id=703410

https://bugzilla.novell.com/show_bug.cgi?id=707332

https://bugzilla.novell.com/show_bug.cgi?id=711941

https://bugzilla.novell.com/show_bug.cgi?id=713430

https://bugzilla.novell.com/show_bug.cgi?id=714455

https://bugzilla.novell.com/show_bug.cgi?id=717209

https://bugzilla.novell.com/show_bug.cgi?id=717749

https://bugzilla.novell.com/show_bug.cgi?id=721366

https://bugzilla.novell.com/show_bug.cgi?id=726045

https://bugzilla.novell.com/show_bug.cgi?id=726600

https://bugzilla.novell.com/show_bug.cgi?id=729247

https://bugzilla.novell.com/show_bug.cgi?id=730118

https://bugzilla.novell.com/show_bug.cgi?id=731673

https://bugzilla.novell.com/show_bug.cgi?id=732908

https://bugzilla.novell.com/show_bug.cgi?id=737624

https://bugzilla.novell.com/show_bug.cgi?id=738644

https://bugzilla.novell.com/show_bug.cgi?id=740448

https://bugzilla.novell.com/show_bug.cgi?id=740703

https://bugzilla.novell.com/show_bug.cgi?id=740745

https://bugzilla.novell.com/show_bug.cgi?id=744658

https://bugzilla.novell.com/show_bug.cgi?id=745832

https://bugzilla.novell.com/show_bug.cgi?id=746980

https://bugzilla.novell.com/show_bug.cgi?id=747038

https://bugzilla.novell.com/show_bug.cgi?id=747660

https://bugzilla.novell.com/show_bug.cgi?id=748859

https://bugzilla.novell.com/show_bug.cgi?id=749569

https://bugzilla.novell.com/show_bug.cgi?id=750079

https://bugzilla.novell.com/show_bug.cgi?id=750959

https://bugzilla.novell.com/show_bug.cgi?id=756203

https://bugzilla.novell.com/show_bug.cgi?id=756840

https://bugzilla.novell.com/show_bug.cgi?id=757278

https://bugzilla.novell.com/show_bug.cgi?id=758243

https://bugzilla.novell.com/show_bug.cgi?id=758260

https://bugzilla.novell.com/show_bug.cgi?id=758813

https://bugzilla.novell.com/show_bug.cgi?id=759545

https://bugzilla.novell.com/show_bug.cgi?id=760902

https://bugzilla.novell.com/show_bug.cgi?id=765102

https://bugzilla.novell.com/show_bug.cgi?id=765320

https://lists.opensuse.org/opensuse-updates/2012-06/msg00031.html

Plugin Details

Severity: Critical

ID: 74658

File Name: openSUSE-2012-342.nasl

Version: 1.8

Type: local

Agent: unix

Published: 2014/06/13

Updated: 2020/06/04

Dependencies: 12634

Risk Information

Risk Factor: Critical

VPR Score: 5.9

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debugsource, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debugsource, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop, p-cpe:/a:novell:opensuse:kernel-desktop-base, p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop-debugsource, p-cpe:/a:novell:opensuse:kernel-desktop-devel, p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:kernel-ec2, p-cpe:/a:novell:opensuse:kernel-ec2-base, p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-debugsource, p-cpe:/a:novell:opensuse:kernel-ec2-devel, p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-extra, p-cpe:/a:novell:opensuse:kernel-ec2-extra-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae, p-cpe:/a:novell:opensuse:kernel-pae-base, p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debugsource, p-cpe:/a:novell:opensuse:kernel-pae-devel, p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-trace, p-cpe:/a:novell:opensuse:kernel-trace-base, p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-trace-debuginfo, p-cpe:/a:novell:opensuse:kernel-trace-debugsource, p-cpe:/a:novell:opensuse:kernel-trace-devel, p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-vanilla-base, p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-vmi, p-cpe:/a:novell:opensuse:kernel-vmi-base, p-cpe:/a:novell:opensuse:kernel-vmi-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-vmi-debuginfo, p-cpe:/a:novell:opensuse:kernel-vmi-debugsource, p-cpe:/a:novell:opensuse:kernel-vmi-devel, p-cpe:/a:novell:opensuse:kernel-vmi-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen, p-cpe:/a:novell:opensuse:kernel-xen-base, p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-debugsource, p-cpe:/a:novell:opensuse:kernel-xen-devel, p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo, p-cpe:/a:novell:opensuse:preload, p-cpe:/a:novell:opensuse:preload-debuginfo, p-cpe:/a:novell:opensuse:preload-debugsource, p-cpe:/a:novell:opensuse:preload-kmp-default, p-cpe:/a:novell:opensuse:preload-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:preload-kmp-desktop, p-cpe:/a:novell:opensuse:preload-kmp-desktop-debuginfo, cpe:/o:novell:opensuse:11.4

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2012/06/19

Exploitable With

Core Impact

Reference Information

CVE: CVE-2009-4020, CVE-2010-3873, CVE-2010-4164, CVE-2010-4249, CVE-2011-1083, CVE-2011-1173, CVE-2011-2517, CVE-2011-2700, CVE-2011-2909, CVE-2011-2928, CVE-2011-3619, CVE-2011-3638, CVE-2011-4077, CVE-2011-4086, CVE-2011-4330, CVE-2012-0038, CVE-2012-0044, CVE-2012-0207, CVE-2012-1090, CVE-2012-1097, CVE-2012-1146, CVE-2012-2119, CVE-2012-2123, CVE-2012-2136, CVE-2012-2663

CWE: 119