openSUSE Security Update : kernel (openSUSE-2012-65)

High Nessus Plugin ID 74767

Synopsis

The remote openSUSE host is missing a security update.

Description

The openSUSE 12.1 kernel was updated to 3.1.9 to fix bugs and security
issues. The full list of changes in 3.1.9 is available here :

http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.9
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.8
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.7
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.6
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.5
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.4
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.3
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.2
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.2

Following security issues have been fixed :

CVE-2011-2203: Missing NULL pointer check in hfs filesystem code

CVE-2011-4604: Fix possible kernel memory corruption if B.A.T.M.A.N.
mesh protocol is being used.

CVE-2012-0056: Local root vulnerability via writing to /proc/pid/mem

CVE-2012-0207: Remote DoS vulnerability via crafted IGMP packages.

Following non-security bug fixes have been added :

 - BTRFS support has been improved with many bug fixes.

Solution

Update the affected kernel packages.

See Also

https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.2

https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.3

https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.4

https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.5

https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.6

https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.7

https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.8

https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.9

https://bugzilla.novell.com/show_bug.cgi?id=672923

https://bugzilla.novell.com/show_bug.cgi?id=679059

https://bugzilla.novell.com/show_bug.cgi?id=689860

https://bugzilla.novell.com/show_bug.cgi?id=691052

https://bugzilla.novell.com/show_bug.cgi?id=698540

https://bugzilla.novell.com/show_bug.cgi?id=699709

https://bugzilla.novell.com/show_bug.cgi?id=724616

https://bugzilla.novell.com/show_bug.cgi?id=724620

https://bugzilla.novell.com/show_bug.cgi?id=724734

https://bugzilla.novell.com/show_bug.cgi?id=726296

https://bugzilla.novell.com/show_bug.cgi?id=727348

https://bugzilla.novell.com/show_bug.cgi?id=730103

https://bugzilla.novell.com/show_bug.cgi?id=730731

https://bugzilla.novell.com/show_bug.cgi?id=731261

https://bugzilla.novell.com/show_bug.cgi?id=736149

https://bugzilla.novell.com/show_bug.cgi?id=737624

https://bugzilla.novell.com/show_bug.cgi?id=740118

https://bugzilla.novell.com/show_bug.cgi?id=742279

https://bugzilla.novell.com/show_bug.cgi?id=742322

https://bugzilla.novell.com/show_bug.cgi?id=743608

Plugin Details

Severity: High

ID: 74767

File Name: openSUSE-2012-65.nasl

Version: 1.3

Type: local

Agent: unix

Published: 2014/06/13

Modified: 2018/12/18

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debugsource, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debugsource, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop, p-cpe:/a:novell:opensuse:kernel-desktop-base, p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop-debugsource, p-cpe:/a:novell:opensuse:kernel-desktop-devel, p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:kernel-ec2, p-cpe:/a:novell:opensuse:kernel-ec2-base, p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-debugsource, p-cpe:/a:novell:opensuse:kernel-ec2-devel, p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-extra, p-cpe:/a:novell:opensuse:kernel-ec2-extra-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae, p-cpe:/a:novell:opensuse:kernel-pae-base, p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debugsource, p-cpe:/a:novell:opensuse:kernel-pae-devel, p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-trace, p-cpe:/a:novell:opensuse:kernel-trace-base, p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-trace-debuginfo, p-cpe:/a:novell:opensuse:kernel-trace-debugsource, p-cpe:/a:novell:opensuse:kernel-trace-devel, p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-vanilla-base, p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen, p-cpe:/a:novell:opensuse:kernel-xen-base, p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-debugsource, p-cpe:/a:novell:opensuse:kernel-xen-devel, p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo, cpe:/o:novell:opensuse:12.1

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2012/01/27

Exploitable With

CANVAS (CANVAS)

Core Impact

Reference Information

CVE: CVE-2011-2203, CVE-2011-4604, CVE-2012-0056, CVE-2012-0207