openSUSE Security Update : Kernel (openSUSE-SU-2012:0812-1)

High Nessus Plugin ID 74661

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 5.9

Synopsis

The remote openSUSE host is missing a security update.

Description

This kernel update of the openSUSE 12.1 kernel brings various bug and security fixes.

Following issues were fixed :

- tcp: drop SYN+FIN messages (bnc#765102, CVE-2012-2663).

- net: sock: validate data_len before allocating skb in sock_alloc_send_pskb() (bnc#765320, CVE-2012-2136).

- thp: avoid atomic64_read in pmd_read_atomic for 32bit PAE (bnc#762991).

- be2net: non-member vlan pkts not received in promiscous mode (bnc#732006 CVE-2011-3347).

- fcaps: clear the same personality flags as suid when fcaps are used (bnc#758260 CVE-2012-2123).

- macvtap: zerocopy: validate vectors before building skb (bnc#758243 CVE-2012-2119).

- macvtap: zerocopy: set SKBTX_DEV_ZEROCOPY only when skb is built successfully (bnc#758243 CVE-2012-2119).

- macvtap: zerocopy: put page when fail to get all requested user pages (bnc#758243 CVE-2012-2119).

- macvtap: zerocopy: fix offset calculation when building skb (bnc#758243 CVE-2012-2119).

- Avoid reading past buffer when calling GETACL (bnc#762992).

- Avoid beyond bounds copy while caching ACL (bnc#762992).

- Fix length of buffer copied in __nfs4_get_acl_uncached (bnc#762992).

- hfsplus: Fix potential buffer overflows (bnc#760902 CVE-2009-4020).

- usb/net: rndis: merge command codes. only net/hyperv part

- usb/net: rndis: remove ambiguous status codes. only net/hyperv part

- usb/net: rndis: break out <linux/rndis.h> defines. only net/hyperv part

- net/hyperv: Add flow control based on hi/low watermark.

- hv: fix return type of hv_post_message().

- Drivers: hv: util: Properly handle version negotiations.

- Drivers: hv: Get rid of an unnecessary check in vmbus_prep_negotiate_resp().

- HID: hyperv: Set the hid drvdata correctly.

- HID: hid-hyperv: Do not use hid_parse_report() directly.

- [SCSI] storvsc: Properly handle errors from the host (bnc#747404).

- Delete patches.suse/suse-hv-storvsc-ignore-ata_16.patch.

- patches.suse/suse-hv-pata_piix-ignore-disks.patch replace our version of this patch with upstream variant:
ata_piix: defer disks to the Hyper-V drivers by default libata: add a host flag to ignore detected ATA devices.

- mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP race condition (bnc#762991 CVE-2012-2373).

- xfrm: take net hdr len into account for esp payload size calculation (bnc#759545).

- net/hyperv: Adding cancellation to ensure rndis filter is closed.

- xfs: Fix oops on IO error during xlog_recover_process_iunlinks() (bnc#761681).

- thp: reduce khugepaged freezing latency (bnc#760860).

- igb: fix rtnl race in PM resume path (bnc#748859).

- ixgbe: add missing rtnl_lock in PM resume path (bnc#748859).

- cdc_ether: Ignore bogus union descriptor for RNDIS devices (bnc#735362). Taking the fix from net-next

- Fix kABI breakage due to including proc_fs.h in kernel/fork.c modversion changed because of changes in struct proc_dir_entry (became defined) Refresh patches.fixes/procfs-namespace-pid_ns-fix-leakage-on-for k-failure.

- Disabled MMC_TEST (bnc#760077).

- Input: ALPS - add semi-MT support for v3 protocol (bnc#716996).

- Input: ALPS - add support for protocol versions 3 and 4 (bnc#716996).

- Input: ALPS - remove assumptions about packet size (bnc#716996).

- Input: ALPS - add protocol version field in alps_model_info (bnc#716996).

- Input: ALPS - move protocol information to Documentation (bnc#716996).

- sysctl/defaults: kernel.hung_task_timeout -> kernel.hung_task_timeout_secs (bnc#700174)

- btrfs: partial revert of truncation improvements (FATE#306586 bnc#748463 bnc#760279).

- libata: skip old error history when counting probe trials.

- procfs, namespace, pid_ns: fix leakage upon fork() failure (bnc#757783).

- cdc-wdm: fix race leading leading to memory corruption (bnc#759554). This patch fixes a race whereby a pointer to a buffer would be overwritten while the buffer was in use leading to a double free and a memory leak. This causes crashes. This bug was introduced in 2.6.34

- netfront: delay gARP until backend switches to Connected.

- xenbus: Reject replies with payload > XENSTORE_PAYLOAD_MAX.

- xenbus: check availability of XS_RESET_WATCHES command.

- xenbus_dev: add missing error checks to watch handling.

- drivers/xen/: use strlcpy() instead of strncpy().

- blkfront: properly fail packet requests (bnc#745929).

- Linux 3.1.10.

- Update Xen config files.

- Refresh other Xen patches.

- tlan: add cast needed for proper 64 bit operation (bnc#756840).

- dl2k: Tighten ioctl permissions (bnc#758813).

- mqueue: fix a vfsmount longterm reference leak (bnc#757783).

- cciss: Add IRQF_SHARED back in for the non-MSI(X) interrupt handler (bnc#757789).

- procfs: fix a vfsmount longterm reference leak (bnc#757783).

- uwb: fix error handling (bnc#731720). This fixes a kernel error on unplugging an uwb dongle

- uwb: fix use of del_timer_sync() in interrupt (bnc#731720). This fixes a kernel warning on plugging in an uwb dongle

- acer-wmi: Detect communication hot key number.

- acer-wmi: replaced the hard coded bitmap by the communication devices bitmap from SMBIOS.

- acer-wmi: add ACER_WMID_v2 interface flag to represent new notebooks.

- acer-wmi: No wifi rfkill on Sony machines.

- acer-wmi: No wifi rfkill on Lenovo machines.

- [media] cx22702: Fix signal strength.

- fs: cachefiles: Add support for large files in filesystem caching (bnc#747038).

- Drivers: scsi: storvsc: Account for in-transit packets in the RESET path.

- CPU hotplug, cpusets, suspend: Don't touch cpusets during suspend/resume (bnc#752460).

- net: fix a potential rcu_read_lock() imbalance in rt6_fill_node() (bnc#754186, bnc#736268).

- This commit fixes suspend to ram breakage reported in bnc#764864. Remove dud patch. The problem it addressed is being respun upstream, is in tip, but not yet mainlined. See bnc#752460 for details regarding the problem the now removed patch fixed while breaking S2R.
Delete patches.fixes/cpusets-Dont-touch-cpusets-during-suspend- or-resume.patch.

- Remove dud patch. The problem it addressed is being respun upstream, is in tip, but not yet mainlined.
Delete patches.fixes/cpusets-Dont-touch-cpusets-during-suspend- or-resume.patch.

- fix VM_FOREIGN users after c/s 878:eba6fe6d8d53 (bnc#760974).

- gntdev: fix multi-page slot allocation (bnc#760974).

- mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populateSMP race condition (bnc#762991 CVE-2012-2373).

- thp: avoid atomic64_read in pmd_read_atomic for 32bit PAE (bnc#762991).

- sym53c8xx: Fix NULL pointer dereference in slave_destroy (bnc#767786).

- sky2: fix regression on Yukon Optima (bnc#731537).

Solution

Update the affected Kernel packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=700174

https://bugzilla.novell.com/show_bug.cgi?id=716996

https://bugzilla.novell.com/show_bug.cgi?id=731537

https://bugzilla.novell.com/show_bug.cgi?id=731720

https://bugzilla.novell.com/show_bug.cgi?id=732006

https://bugzilla.novell.com/show_bug.cgi?id=735362

https://bugzilla.novell.com/show_bug.cgi?id=736268

https://bugzilla.novell.com/show_bug.cgi?id=745929

https://bugzilla.novell.com/show_bug.cgi?id=747038

https://bugzilla.novell.com/show_bug.cgi?id=747404

https://bugzilla.novell.com/show_bug.cgi?id=748463

https://bugzilla.novell.com/show_bug.cgi?id=748859

https://bugzilla.novell.com/show_bug.cgi?id=752460

https://bugzilla.novell.com/show_bug.cgi?id=754186

https://bugzilla.novell.com/show_bug.cgi?id=756840

https://bugzilla.novell.com/show_bug.cgi?id=757783

https://bugzilla.novell.com/show_bug.cgi?id=757789

https://bugzilla.novell.com/show_bug.cgi?id=758243

https://bugzilla.novell.com/show_bug.cgi?id=758260

https://bugzilla.novell.com/show_bug.cgi?id=758813

https://bugzilla.novell.com/show_bug.cgi?id=759545

https://bugzilla.novell.com/show_bug.cgi?id=759554

https://bugzilla.novell.com/show_bug.cgi?id=760077

https://bugzilla.novell.com/show_bug.cgi?id=760279

https://bugzilla.novell.com/show_bug.cgi?id=760860

https://bugzilla.novell.com/show_bug.cgi?id=760902

https://bugzilla.novell.com/show_bug.cgi?id=760974

https://bugzilla.novell.com/show_bug.cgi?id=761681

https://bugzilla.novell.com/show_bug.cgi?id=762991

https://bugzilla.novell.com/show_bug.cgi?id=762992

https://bugzilla.novell.com/show_bug.cgi?id=764864

https://bugzilla.novell.com/show_bug.cgi?id=765102

https://bugzilla.novell.com/show_bug.cgi?id=765320

https://bugzilla.novell.com/show_bug.cgi?id=767786

https://lists.opensuse.org/opensuse-updates/2012-07/msg00002.html

Plugin Details

Severity: High

ID: 74661

File Name: openSUSE-2012-357.nasl

Version: 1.10

Type: local

Agent: unix

Published: 2014/06/13

Updated: 2020/06/04

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 5.9

CVSS v2.0

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debugsource, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debugsource, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop, p-cpe:/a:novell:opensuse:kernel-desktop-base, p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop-debugsource, p-cpe:/a:novell:opensuse:kernel-desktop-devel, p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:kernel-ec2, p-cpe:/a:novell:opensuse:kernel-ec2-base, p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-debugsource, p-cpe:/a:novell:opensuse:kernel-ec2-devel, p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-extra, p-cpe:/a:novell:opensuse:kernel-ec2-extra-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae, p-cpe:/a:novell:opensuse:kernel-pae-base, p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debugsource, p-cpe:/a:novell:opensuse:kernel-pae-devel, p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-trace, p-cpe:/a:novell:opensuse:kernel-trace-base, p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-trace-debuginfo, p-cpe:/a:novell:opensuse:kernel-trace-debugsource, p-cpe:/a:novell:opensuse:kernel-trace-devel, p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-vanilla-base, p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen, p-cpe:/a:novell:opensuse:kernel-xen-base, p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-debugsource, p-cpe:/a:novell:opensuse:kernel-xen-devel, p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo, cpe:/o:novell:opensuse:12.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2012/06/27

Reference Information

CVE: CVE-2009-4020, CVE-2011-3347, CVE-2012-2119, CVE-2012-2123, CVE-2012-2136, CVE-2012-2373, CVE-2012-2663

CWE: 119