openSUSE Security Update : kernel (openSUSE-SU-2014:0204-1)

High Nessus Plugin ID 75251

Synopsis

The remote openSUSE host is missing a security update.

Description

The Linux kernel was updated to fix various bugs and security issues :

- mm/page-writeback.c: do not count anon pages as dirtyable memory (reclaim stalls).

- mm/page-writeback.c: fix dirty_balance_reserve subtraction from dirtyable memory (reclaim stalls).

- compat_sys_recvmmsg X32 fix (bnc#860993 CVE-2014-0038).

- hwmon: (coretemp) Fix truncated name of alarm attributes

- net: fib: fib6_add: fix potential NULL pointer dereference (bnc#854173 CVE-2013-6431).

- keys: fix race with concurrent install_user_keyrings() (bnc#808358)(CVE-2013-1792).

- KVM: x86: Convert vapic synchronization to _cached functions (CVE-2013-6368) (bnc#853052 CVE-2013-6368).

- wireless: radiotap: fix parsing buffer overrun (bnc#854634 CVE-2013-7027).

- KVM: x86: fix guest-initiated crash with x2apic (CVE-2013-6376) (bnc#853053 CVE-2013-6376).

- KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367) (bnc#853051 CVE-2013-6367).

- KVM: Improve create VCPU parameter (CVE-2013-4587) (bnc#853050 CVE-2013-4587).

- staging: ozwpan: prevent overflow in oz_cdev_write() (bnc#849023 CVE-2013-4513).

- perf/x86: Fix offcore_rsp valid mask for SNB/IVB (bnc#825006).

- perf/x86: Add Intel IvyBridge event scheduling constraints (bnc#825006).

- libertas: potential oops in debugfs (bnc#852559 CVE-2013-6378).

- aacraid: prevent invalid pointer dereference (bnc#852373 CVE-2013-6380).

- staging: wlags49_h2: buffer overflow setting station name (bnc#849029 CVE-2013-4514).

- net: flow_dissector: fail on evil iph->ihl (bnc#848079 CVE-2013-4348).

- Staging: bcm: info leak in ioctl (bnc#849034 CVE-2013-4515).

- Refresh patches.fixes/net-rework-recvmsg-handler-msg_name-and-ms g_namelen-logic.patch.

- ipv6: remove max_addresses check from ipv6_create_tempaddr (bnc#805226, CVE-2013-0343).

- net: rework recvmsg handler msg_name and msg_namelen logic (bnc#854722).

- crypto: ansi_cprng - Fix off by one error in non-block size request (bnc#840226).

- x6: Fix reserve_initrd so that acpi_initrd_override is reached (bnc#831836).

- Refresh other Xen patches.

- aacraid: missing capable() check in compat ioctl (bnc#852558).

- patches.fixes/gpio-ich-fix-ichx_gpio_check_available-ret urn.patch: Update upstream reference

- perf/ftrace: Fix paranoid level for enabling function tracer (bnc#849362).

- xhci: fix NULL pointer dereference on ring_doorbell_for_active_rings (bnc#848255).

- xhci: Fix oops happening after address device timeout (bnc#848255).

- xhci: Ensure a command structure points to the correct trb on the command ring (bnc#848255).

- patches.arch/iommu-vt-d-remove-stack-trace-from-broken-i rq-remapping-warning.patch: Update upstream reference.

- Allow NFSv4 username mapping to work properly (bnc#838024).

- Refresh btrfs attribute publishing patchset to match openSUSE-13.1 No user-visible changes, but uses kobj_sysfs_ops and better kobject lifetime management.

- Fix a few incorrectly checked [io_]remap_pfn_range() calls (bnc#849021, CVE-2013-4511).

- drm/radeon: don't set hpd, afmt interrupts when interrupts are disabled.

- patches.fixes/cifs-fill-TRANS2_QUERY_FILE_INFO-ByteCount
-fields.patch: Fix TRANS2_QUERY_FILE_INFO ByteCount fields (bnc#804950).

- iommu: Remove stack trace from broken irq remapping warning (bnc#844513).

- Disable patches related to bnc#840656 patches.suse/btrfs-cleanup-don-t-check-the-same-thing-tw ice patches.suse/btrfs-0220-fix-for-patch-cleanup-don-t-chec k-the-same-thi.patch

- btrfs: use feature attribute names to print better error messages.

- btrfs: add ability to change features via sysfs.

- btrfs: add publishing of unknown features in sysfs.

- btrfs: publish per-super features to sysfs.

- btrfs: add per-super attributes to sysfs.

- btrfs: export supported featured to sysfs.

- kobject: introduce kobj_completion.

- btrfs: add ioctls to query/change feature bits online.

- btrfs: use btrfs_commit_transaction when setting fslabel.

- x86/iommu/vt-d: Expand interrupt remapping quirk to cover x58 chipset (bnc#844513).

- NFSv4: Fix issues in nfs4_discover_server_trunking (bnc#811746).

- iommu/vt-d: add quirk for broken interrupt remapping on 55XX chipsets (bnc#844513).

Solution

Update the affected kernel packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=804950

https://bugzilla.novell.com/show_bug.cgi?id=805226

https://bugzilla.novell.com/show_bug.cgi?id=808358

https://bugzilla.novell.com/show_bug.cgi?id=811746

https://bugzilla.novell.com/show_bug.cgi?id=825006

https://bugzilla.novell.com/show_bug.cgi?id=831836

https://bugzilla.novell.com/show_bug.cgi?id=838024

https://bugzilla.novell.com/show_bug.cgi?id=840226

https://bugzilla.novell.com/show_bug.cgi?id=840656

https://bugzilla.novell.com/show_bug.cgi?id=844513

https://bugzilla.novell.com/show_bug.cgi?id=848079

https://bugzilla.novell.com/show_bug.cgi?id=848255

https://bugzilla.novell.com/show_bug.cgi?id=849021

https://bugzilla.novell.com/show_bug.cgi?id=849023

https://bugzilla.novell.com/show_bug.cgi?id=849029

https://bugzilla.novell.com/show_bug.cgi?id=849034

https://bugzilla.novell.com/show_bug.cgi?id=849362

https://bugzilla.novell.com/show_bug.cgi?id=852373

https://bugzilla.novell.com/show_bug.cgi?id=852558

https://bugzilla.novell.com/show_bug.cgi?id=852559

https://bugzilla.novell.com/show_bug.cgi?id=853050

https://bugzilla.novell.com/show_bug.cgi?id=853051

https://bugzilla.novell.com/show_bug.cgi?id=853052

https://bugzilla.novell.com/show_bug.cgi?id=853053

https://bugzilla.novell.com/show_bug.cgi?id=854173

https://bugzilla.novell.com/show_bug.cgi?id=854634

https://bugzilla.novell.com/show_bug.cgi?id=854722

https://bugzilla.novell.com/show_bug.cgi?id=860993

https://lists.opensuse.org/opensuse-updates/2014-02/msg00021.html

Plugin Details

Severity: High

ID: 75251

File Name: openSUSE-2014-113.nasl

Version: 1.9

Type: local

Agent: unix

Published: 2014/06/13

Updated: 2018/11/10

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debugsource, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debugsource, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop, p-cpe:/a:novell:opensuse:kernel-desktop-base, p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop-debugsource, p-cpe:/a:novell:opensuse:kernel-desktop-devel, p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:kernel-ec2, p-cpe:/a:novell:opensuse:kernel-ec2-base, p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-debugsource, p-cpe:/a:novell:opensuse:kernel-ec2-devel, p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae, p-cpe:/a:novell:opensuse:kernel-pae-base, p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debugsource, p-cpe:/a:novell:opensuse:kernel-pae-devel, p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-trace, p-cpe:/a:novell:opensuse:kernel-trace-base, p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-trace-debuginfo, p-cpe:/a:novell:opensuse:kernel-trace-debugsource, p-cpe:/a:novell:opensuse:kernel-trace-devel, p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen, p-cpe:/a:novell:opensuse:kernel-xen-base, p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-debugsource, p-cpe:/a:novell:opensuse:kernel-xen-devel, p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo, cpe:/o:novell:opensuse:12.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/02/04

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Linux Kernel recvmmsg Privilege Escalation)

Reference Information

CVE: CVE-2013-0343, CVE-2013-1792, CVE-2013-4348, CVE-2013-4511, CVE-2013-4513, CVE-2013-4514, CVE-2013-4515, CVE-2013-4587, CVE-2013-6367, CVE-2013-6368, CVE-2013-6376, CVE-2013-6378, CVE-2013-6380, CVE-2013-6431, CVE-2013-7027, CVE-2014-0038