openSUSE Security Update : kernel (openSUSE-SU-2013:1619-1)

High Nessus Plugin ID 75184

Synopsis

The remote openSUSE host is missing a security update.

Description

The Linux kernel was updated to 3.4.63, fixing various bugs and security issues.

- Linux 3.4.59 (CVE-2013-2237 bnc#828119).

- Linux 3.4.57 (CVE-2013-2148 bnc#823517).

- Linux 3.4.55 (CVE-2013-2232 CVE-2013-2234 CVE-2013-4162 CVE-2013-4163 bnc#827749 bnc#827750 bnc#831055 bnc#831058).

- Drivers: hv: util: Fix a bug in util version negotiation code (bnc#838346).

- vmxnet3: prevent div-by-zero panic when ring resizing uninitialized dev (bnc#833321).

- bnx2x: protect different statistics flows (bnc#814336).

- bnx2x: Avoid sending multiple statistics queries (bnc#814336).

- Drivers: hv: util: Fix a bug in version negotiation code for util services (bnc#828714).

- Update Xen patches to 3.4.53.

- netfront: fix kABI after 'reduce gso_max_size to account for max TCP header'.

- netback: don't disconnect frontend when seeing oversize packet (bnc#823342).

- netfront: reduce gso_max_size to account for max TCP header.

- backends: Check for insane amounts of requests on the ring.

- reiserfs: Fixed double unlock in reiserfs_setattr failure path.

- reiserfs: locking, release lock around quota operations (bnc#815320).

- reiserfs: locking, handle nested locks properly (bnc#815320).

- reiserfs: locking, push write lock out of xattr code (bnc#815320).

- ipv6: ip6_append_data_mtu did not care about pmtudisc and frag_size (bnc#831055, CVE-2013-4163).

- af_key: fix info leaks in notify messages (bnc#827749 CVE-2013-2234).

- af_key: initialize satype in key_notify_policy_flush() (bnc#828119 CVE-2013-2237).

- ipv6: call udp_push_pending_frames when uncorking a socket with (bnc#831058, CVE-2013-4162).

- ipv6: ip6_sk_dst_check() must not assume ipv6 dst.

- xfs: fix _xfs_buf_find oops on blocks beyond the filesystem end (CVE-2013-1819 bnc#807471).

- brcmsmac: don't start device when RfKill is engaged (bnc#787649).

- CIFS: Protect i_nlink from being negative (bnc#785542 bnc#789598).

- cifs: don't compare uniqueids in cifs_prime_dcache unless server inode numbers are in use (bnc#794988).

- xfs: xfs: fallback to vmalloc for large buffers in xfs_compat_attrlist_by_handle (bnc#818053 bnc#807153).

- xfs: fallback to vmalloc for large buffers in xfs_attrlist_by_handle (bnc#818053 bnc#807153).

- Linux 3.4.53 (CVE-2013-2164 CVE-2013-2851 bnc#822575 bnc#824295).

- drivers/cdrom/cdrom.c: use kzalloc() for failing hardware (bnc#824295, CVE-2013-2164).

- fanotify: info leak in copy_event_to_user() (CVE-2013-2148 bnc#823517).

- block: do not pass disk names as format strings (bnc#822575 CVE-2013-2851).

- ext4: avoid hang when mounting non-journal filesystems with orphan list (bnc#817377).

- Linux 3.4.49 (CVE-2013-0231 XSA-43 bnc#801178).

- Linux 3.4.48 (CVE-2013-1774 CVE-2013-2850 bnc#806976 bnc#821560).

- Always include the git commit in KOTD builds This allows us not to set it explicitly in builds submitted to the official distribution (bnc#821612, bnc#824171).

- Bluetooth: Really fix registering hci with duplicate name (bnc#783858).

- Bluetooth: Fix registering hci with duplicate name (bnc#783858).

Solution

Update the affected kernel packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=783858

https://bugzilla.novell.com/show_bug.cgi?id=785542

https://bugzilla.novell.com/show_bug.cgi?id=787649

https://bugzilla.novell.com/show_bug.cgi?id=789598

https://bugzilla.novell.com/show_bug.cgi?id=794988

https://bugzilla.novell.com/show_bug.cgi?id=801178

https://bugzilla.novell.com/show_bug.cgi?id=806976

https://bugzilla.novell.com/show_bug.cgi?id=807153

https://bugzilla.novell.com/show_bug.cgi?id=807471

https://bugzilla.novell.com/show_bug.cgi?id=814336

https://bugzilla.novell.com/show_bug.cgi?id=815320

https://bugzilla.novell.com/show_bug.cgi?id=817377

https://bugzilla.novell.com/show_bug.cgi?id=818053

https://bugzilla.novell.com/show_bug.cgi?id=821560

https://bugzilla.novell.com/show_bug.cgi?id=821612

https://bugzilla.novell.com/show_bug.cgi?id=822575

https://bugzilla.novell.com/show_bug.cgi?id=823342

https://bugzilla.novell.com/show_bug.cgi?id=823517

https://bugzilla.novell.com/show_bug.cgi?id=824171

https://bugzilla.novell.com/show_bug.cgi?id=824295

https://bugzilla.novell.com/show_bug.cgi?id=827749

https://bugzilla.novell.com/show_bug.cgi?id=827750

https://bugzilla.novell.com/show_bug.cgi?id=828119

https://bugzilla.novell.com/show_bug.cgi?id=828714

https://bugzilla.novell.com/show_bug.cgi?id=831055

https://bugzilla.novell.com/show_bug.cgi?id=831058

https://bugzilla.novell.com/show_bug.cgi?id=833321

https://bugzilla.novell.com/show_bug.cgi?id=835414

https://bugzilla.novell.com/show_bug.cgi?id=838346

https://lists.opensuse.org/opensuse-updates/2013-10/msg00063.html

Plugin Details

Severity: High

ID: 75184

File Name: openSUSE-2013-813.nasl

Version: 1.3

Type: local

Agent: unix

Published: 2014/06/13

Updated: 2018/11/10

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.9

Temporal Score: 5.8

Vector: CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debugsource, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debugsource, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop, p-cpe:/a:novell:opensuse:kernel-desktop-base, p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop-debugsource, p-cpe:/a:novell:opensuse:kernel-desktop-devel, p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:kernel-ec2, p-cpe:/a:novell:opensuse:kernel-ec2-base, p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-debugsource, p-cpe:/a:novell:opensuse:kernel-ec2-devel, p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-extra, p-cpe:/a:novell:opensuse:kernel-ec2-extra-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae, p-cpe:/a:novell:opensuse:kernel-pae-base, p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debugsource, p-cpe:/a:novell:opensuse:kernel-pae-devel, p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-trace, p-cpe:/a:novell:opensuse:kernel-trace-base, p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-trace-debuginfo, p-cpe:/a:novell:opensuse:kernel-trace-debugsource, p-cpe:/a:novell:opensuse:kernel-trace-devel, p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen, p-cpe:/a:novell:opensuse:kernel-xen-base, p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-debugsource, p-cpe:/a:novell:opensuse:kernel-xen-devel, p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo, cpe:/o:novell:opensuse:12.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2013/10/04

Reference Information

CVE: CVE-2013-0231, CVE-2013-1774, CVE-2013-1819, CVE-2013-2148, CVE-2013-2164, CVE-2013-2232, CVE-2013-2234, CVE-2013-2237, CVE-2013-2850, CVE-2013-2851, CVE-2013-4162, CVE-2013-4163

BID: 57740, 58202, 58301, 60243, 60341, 60375, 60409, 60874, 60893, 60953, 61411, 61412