openSUSE Security Update : kernel (openSUSE-SU-2014:0205-1)

High Nessus Plugin ID 75252

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 9

Synopsis

The remote openSUSE host is missing a security update.

Description

The Linux Kernel was updated to version 3.11.10, fixing security issues and bugs :

- floppy: bail out in open() if drive is not responding to block0 read (bnc#773058).

- compat_sys_recvmmsg X32 fix (bnc#860993 CVE-2014-0038).

- HID: usbhid: fix sis quirk (bnc#859804).

- hwmon: (coretemp) Fix truncated name of alarm attributes

- HID: usbhid: quirk for Synaptics Quad HD touchscreen (bnc#859804).

- HID: usbhid: quirk for Synaptics HD touchscreen (bnc#859804).

- HID: usbhid: merge the sis quirk (bnc#859804).

- HID: hid-multitouch: add support for SiS panels (bnc#859804).

- HID: usbhid: quirk for SiS Touchscreen (bnc#859804).

- HID: usbhid: quirk for Synaptics Large Touchccreen (bnc#859804).

- drivers: net: cpsw: fix dt probe for one port ethernet.

- drivers: net: cpsw: fix for cpsw crash when build as modules.

- dma: edma: Remove limits on number of slots.

- dma: edma: Leave linked to Null slot instead of DUMMY slot.

- dma: edma: Find missed events and issue them.

- dma: edma: Write out and handle MAX_NR_SG at a given time.

- dma: edma: Setup parameters to DMA MAX_NR_SG at a time.

- ARM: edma: Add function to manually trigger an EDMA channel.

- ARM: edma: Fix clearing of unused list for DT DMA resources.

- ACPI: Add Toshiba NB100 to Vista _OSI blacklist.

- ACPI: add missing win8 OSI comment to blacklist (bnc#856294).

- ACPI: update win8 OSI blacklist.

- ACPI: blacklist win8 OSI for buggy laptops.

- ACPI: blacklist win8 OSI for ASUS Zenbook Prime UX31A (bnc#856294).

- ACPI: Blacklist Win8 OSI for some HP laptop 2013 models (bnc#856294).

- floppy: bail out in open() if drive is not responding to block0 read (bnc#773058).

- ping: prevent NULL pointer dereference on write to msg_name (bnc#854175 CVE-2013-6432).

- x86/dumpstack: Fix printk_address for direct addresses (bnc#845621).

- Refresh patches.suse/stack-unwind.

- Refresh patches.xen/xen-x86_64-dump-user-pgt.

- KVM: x86: Convert vapic synchronization to _cached functions (CVE-2013-6368) (bnc#853052 CVE-2013-6368).

- KVM: x86: fix guest-initiated crash with x2apic (CVE-2013-6376) (bnc#853053 CVE-2013-6376).

- Build the KOTD against openSUSE:13.1:Update

- xencons: generalize use of add_preferred_console() (bnc#733022, bnc#852652).

- Update Xen patches to 3.11.10.

- Rename patches.xen/xen-pcpu-hotplug to patches.xen/xen-pcpu.

- KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367) (bnc#853051 CVE-2013-6367).

- KVM: Improve create VCPU parameter (CVE-2013-4587) (bnc#853050 CVE-2013-4587).

- ipv6: fix headroom calculation in udp6_ufo_fragment (bnc#848042 CVE-2013-4563).

- net: rework recvmsg handler msg_name and msg_namelen logic (bnc#854722).

- patches.drivers/gpio-ucb1400-add-module_alias.patch:
Update upstream reference

- patches.drivers/gpio-ucb1400-can-be-built-as-a-module.pa tch: Update upstream reference

- Delete patches.suse/ida-remove-warning-dump-stack.patch.
Already included in kernel 3.11 (WARN calls dump_stack.)

- xhci: Limit the spurious wakeup fix only to HP machines (bnc#852931).

- iscsi_target: race condition on shutdown (bnc#850072).

- Linux 3.11.10.

- Refresh patches.xen/xen3-patch-2.6.29.

- Delete patches.suse/btrfs-relocate-csums-properly-with-prealloc
-extents.patch.

- patches.drivers/xhci-Fix-spurious-wakeups-after-S5-on-Ha swell.patch: (bnc#852931).

- Build mei and mei_me as modules (bnc#852656)

- Linux 3.11.9.

- Linux 3.11.8 (CVE-2013-4511 bnc#846529 bnc#849021).

- Delete patches.drivers/ALSA-hda-Add-a-fixup-for-ASUS-N76VZ.

- Delete patches.fixes/Fix-a-few-incorrectly-checked-io_-remap_pf n_range-ca.patch.

- Add USB PHY support (needed to get USB and Ethernet working on beagle and panda boards) Add CONFIG_PINCTRL_SINGLE=y to be able to use Device tree (at least for beagle and panda boards) Add ARM SoC sound support Add SPI bus support Add user-space access to I2C and SPI

- patches.arch/iommu-vt-d-remove-stack-trace-from-broken-i rq-remapping-warning.patch: Fix forward porting, sorry.

- iommu: Remove stack trace from broken irq remapping warning (bnc#844513).

- gpio: ucb1400: Add MODULE_ALIAS.

- Allow NFSv4 username mapping to work properly (bnc#838024).

- nfs: check if gssd is running before attempting to use krb5i auth in SETCLIENTID call.

- sunrpc: replace sunrpc_net->gssd_running flag with a more reliable check.

- sunrpc: create a new dummy pipe for gssd to hold open.

- Set CONFIG_GPIO_TWL4030 as built-in (instead of module) as a requirement to boot on SD card on beagleboard xM

- armv6hl, armv7hl: Update config files. Set CONFIG_BATMAN_ADV_BLA=y as all other kernel configuration files have.

- Update config files :

- CONFIG_BATMAN_ADV_NC=y, because other BATMAN_ADV options are all enabled so why not this one.

- CONFIG_GPIO_SCH=m, CONFIG_GPIO_PCH=m, because we support all other features of these pieces of hardware.

- CONFIG_INTEL_POWERCLAMP=m, because this small driver might be useful in specific cases, and there's no obvious reason not to include it.

- Fix a few incorrectly checked [io_]remap_pfn_range() calls (bnc#849021, CVE-2013-4511).

- Linux 3.11.7.

Solution

Update the affected kernel packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=733022

https://bugzilla.novell.com/show_bug.cgi?id=773058

https://bugzilla.novell.com/show_bug.cgi?id=838024

https://bugzilla.novell.com/show_bug.cgi?id=844513

https://bugzilla.novell.com/show_bug.cgi?id=845621

https://bugzilla.novell.com/show_bug.cgi?id=846529

https://bugzilla.novell.com/show_bug.cgi?id=848042

https://bugzilla.novell.com/show_bug.cgi?id=849021

https://bugzilla.novell.com/show_bug.cgi?id=850072

https://bugzilla.novell.com/show_bug.cgi?id=852652

https://bugzilla.novell.com/show_bug.cgi?id=852656

https://bugzilla.novell.com/show_bug.cgi?id=852931

https://bugzilla.novell.com/show_bug.cgi?id=853050

https://bugzilla.novell.com/show_bug.cgi?id=853051

https://bugzilla.novell.com/show_bug.cgi?id=853052

https://bugzilla.novell.com/show_bug.cgi?id=853053

https://bugzilla.novell.com/show_bug.cgi?id=854175

https://bugzilla.novell.com/show_bug.cgi?id=854722

https://bugzilla.novell.com/show_bug.cgi?id=856294

https://bugzilla.novell.com/show_bug.cgi?id=859804

https://bugzilla.novell.com/show_bug.cgi?id=860993

https://lists.opensuse.org/opensuse-updates/2014-02/msg00022.html

Plugin Details

Severity: High

ID: 75252

File Name: openSUSE-2014-114.nasl

Version: 1.9

Type: local

Agent: unix

Published: 2014/06/13

Updated: 2020/06/04

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 9

CVSS v2.0

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debugsource, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debugsource, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop, p-cpe:/a:novell:opensuse:kernel-desktop-base, p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop-debugsource, p-cpe:/a:novell:opensuse:kernel-desktop-devel, p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:kernel-ec2, p-cpe:/a:novell:opensuse:kernel-ec2-base, p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-debugsource, p-cpe:/a:novell:opensuse:kernel-ec2-devel, p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae, p-cpe:/a:novell:opensuse:kernel-pae-base, p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debugsource, p-cpe:/a:novell:opensuse:kernel-pae-devel, p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-trace, p-cpe:/a:novell:opensuse:kernel-trace-base, p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-trace-debuginfo, p-cpe:/a:novell:opensuse:kernel-trace-debugsource, p-cpe:/a:novell:opensuse:kernel-trace-devel, p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen, p-cpe:/a:novell:opensuse:kernel-xen-base, p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-debugsource, p-cpe:/a:novell:opensuse:kernel-xen-devel, p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo, cpe:/o:novell:opensuse:13.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/02/04

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Linux Kernel recvmmsg Privilege Escalation)

Reference Information

CVE: CVE-2013-4511, CVE-2013-4563, CVE-2013-4587, CVE-2013-6367, CVE-2013-6368, CVE-2013-6376, CVE-2013-6432, CVE-2014-0038

BID: 63512, 63702, 64135, 64270, 64291, 64319, 64328, 65255