openSUSE Security Update : kernel (openSUSE-SU-2013:1619-1)

High Nessus Plugin ID 75184

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 5.9

Synopsis

The remote openSUSE host is missing a security update.

Description

The Linux kernel was updated to 3.4.63, fixing various bugs and security issues.

- Linux 3.4.59 (CVE-2013-2237 bnc#828119).

- Linux 3.4.57 (CVE-2013-2148 bnc#823517).

- Linux 3.4.55 (CVE-2013-2232 CVE-2013-2234 CVE-2013-4162 CVE-2013-4163 bnc#827749 bnc#827750 bnc#831055 bnc#831058).

- Drivers: hv: util: Fix a bug in util version negotiation code (bnc#838346).

- vmxnet3: prevent div-by-zero panic when ring resizing uninitialized dev (bnc#833321).

- bnx2x: protect different statistics flows (bnc#814336).

- bnx2x: Avoid sending multiple statistics queries (bnc#814336).

- Drivers: hv: util: Fix a bug in version negotiation code for util services (bnc#828714).

- Update Xen patches to 3.4.53.

- netfront: fix kABI after 'reduce gso_max_size to account for max TCP header'.

- netback: don't disconnect frontend when seeing oversize packet (bnc#823342).

- netfront: reduce gso_max_size to account for max TCP header.

- backends: Check for insane amounts of requests on the ring.

- reiserfs: Fixed double unlock in reiserfs_setattr failure path.

- reiserfs: locking, release lock around quota operations (bnc#815320).

- reiserfs: locking, handle nested locks properly (bnc#815320).

- reiserfs: locking, push write lock out of xattr code (bnc#815320).

- ipv6: ip6_append_data_mtu did not care about pmtudisc and frag_size (bnc#831055, CVE-2013-4163).

- af_key: fix info leaks in notify messages (bnc#827749 CVE-2013-2234).

- af_key: initialize satype in key_notify_policy_flush() (bnc#828119 CVE-2013-2237).

- ipv6: call udp_push_pending_frames when uncorking a socket with (bnc#831058, CVE-2013-4162).

- ipv6: ip6_sk_dst_check() must not assume ipv6 dst.

- xfs: fix _xfs_buf_find oops on blocks beyond the filesystem end (CVE-2013-1819 bnc#807471).

- brcmsmac: don't start device when RfKill is engaged (bnc#787649).

- CIFS: Protect i_nlink from being negative (bnc#785542 bnc#789598).

- cifs: don't compare uniqueids in cifs_prime_dcache unless server inode numbers are in use (bnc#794988).

- xfs: xfs: fallback to vmalloc for large buffers in xfs_compat_attrlist_by_handle (bnc#818053 bnc#807153).

- xfs: fallback to vmalloc for large buffers in xfs_attrlist_by_handle (bnc#818053 bnc#807153).

- Linux 3.4.53 (CVE-2013-2164 CVE-2013-2851 bnc#822575 bnc#824295).

- drivers/cdrom/cdrom.c: use kzalloc() for failing hardware (bnc#824295, CVE-2013-2164).

- fanotify: info leak in copy_event_to_user() (CVE-2013-2148 bnc#823517).

- block: do not pass disk names as format strings (bnc#822575 CVE-2013-2851).

- ext4: avoid hang when mounting non-journal filesystems with orphan list (bnc#817377).

- Linux 3.4.49 (CVE-2013-0231 XSA-43 bnc#801178).

- Linux 3.4.48 (CVE-2013-1774 CVE-2013-2850 bnc#806976 bnc#821560).

- Always include the git commit in KOTD builds This allows us not to set it explicitly in builds submitted to the official distribution (bnc#821612, bnc#824171).

- Bluetooth: Really fix registering hci with duplicate name (bnc#783858).

- Bluetooth: Fix registering hci with duplicate name (bnc#783858).

Solution

Update the affected kernel packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=783858

https://bugzilla.novell.com/show_bug.cgi?id=785542

https://bugzilla.novell.com/show_bug.cgi?id=787649

https://bugzilla.novell.com/show_bug.cgi?id=789598

https://bugzilla.novell.com/show_bug.cgi?id=794988

https://bugzilla.novell.com/show_bug.cgi?id=801178

https://bugzilla.novell.com/show_bug.cgi?id=806976

https://bugzilla.novell.com/show_bug.cgi?id=807153

https://bugzilla.novell.com/show_bug.cgi?id=807471

https://bugzilla.novell.com/show_bug.cgi?id=814336

https://bugzilla.novell.com/show_bug.cgi?id=815320

https://bugzilla.novell.com/show_bug.cgi?id=817377

https://bugzilla.novell.com/show_bug.cgi?id=818053

https://bugzilla.novell.com/show_bug.cgi?id=821560

https://bugzilla.novell.com/show_bug.cgi?id=821612

https://bugzilla.novell.com/show_bug.cgi?id=822575

https://bugzilla.novell.com/show_bug.cgi?id=823342

https://bugzilla.novell.com/show_bug.cgi?id=823517

https://bugzilla.novell.com/show_bug.cgi?id=824171

https://bugzilla.novell.com/show_bug.cgi?id=824295

https://bugzilla.novell.com/show_bug.cgi?id=827749

https://bugzilla.novell.com/show_bug.cgi?id=827750

https://bugzilla.novell.com/show_bug.cgi?id=828119

https://bugzilla.novell.com/show_bug.cgi?id=828714

https://bugzilla.novell.com/show_bug.cgi?id=831055

https://bugzilla.novell.com/show_bug.cgi?id=831058

https://bugzilla.novell.com/show_bug.cgi?id=833321

https://bugzilla.novell.com/show_bug.cgi?id=835414

https://bugzilla.novell.com/show_bug.cgi?id=838346

https://lists.opensuse.org/opensuse-updates/2013-10/msg00063.html

Plugin Details

Severity: High

ID: 75184

File Name: openSUSE-2013-813.nasl

Version: 1.4

Type: local

Agent: unix

Published: 2014/06/13

Updated: 2020/06/04

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 5.9

CVSS v2.0

Base Score: 7.9

Temporal Score: 5.8

Vector: CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debugsource, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debugsource, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop, p-cpe:/a:novell:opensuse:kernel-desktop-base, p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop-debugsource, p-cpe:/a:novell:opensuse:kernel-desktop-devel, p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:kernel-ec2, p-cpe:/a:novell:opensuse:kernel-ec2-base, p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-debugsource, p-cpe:/a:novell:opensuse:kernel-ec2-devel, p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-extra, p-cpe:/a:novell:opensuse:kernel-ec2-extra-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae, p-cpe:/a:novell:opensuse:kernel-pae-base, p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debugsource, p-cpe:/a:novell:opensuse:kernel-pae-devel, p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-trace, p-cpe:/a:novell:opensuse:kernel-trace-base, p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-trace-debuginfo, p-cpe:/a:novell:opensuse:kernel-trace-debugsource, p-cpe:/a:novell:opensuse:kernel-trace-devel, p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen, p-cpe:/a:novell:opensuse:kernel-xen-base, p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-debugsource, p-cpe:/a:novell:opensuse:kernel-xen-devel, p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo, cpe:/o:novell:opensuse:12.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2013/10/04

Reference Information

CVE: CVE-2013-0231, CVE-2013-1774, CVE-2013-1819, CVE-2013-2148, CVE-2013-2164, CVE-2013-2232, CVE-2013-2234, CVE-2013-2237, CVE-2013-2850, CVE-2013-2851, CVE-2013-4162, CVE-2013-4163

BID: 57740, 58202, 58301, 60243, 60341, 60375, 60409, 60874, 60893, 60953, 61411, 61412