SUSE SLES11 Security Update : kernel (SUSE-SU-2015:0652-1)

High Nessus Plugin ID 83708

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 11 Service Pack 1 LTSS kernel was updated to fix security issues on kernels on the x86_64 architecture.

The following security bugs have been fixed :

- CVE-2013-4299: Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allowed remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device (bnc#846404).

- CVE-2014-8160: SCTP firewalling failed until the SCTP module was loaded (bnc#913059).

- CVE-2014-9584: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 did not validate a length value in the Extensions Reference (ER) System Use Field, which allowed local users to obtain sensitive information from kernel memory via a crafted iso9660 image (bnc#912654).

- CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 did not properly choose memory locations for the vDSO area, which made it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD (bnc#912705).

- CVE-2014-9420: The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 did not restrict the number of Rock Ridge continuation entries, which allowed local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image (bnc#911325).

- CVE-2014-0181: The Netlink implementation in the Linux kernel through 3.14.1 did not provide a mechanism for authorizing socket operations based on the opener of a socket, which allowed local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program (bnc#875051).

- CVE-2010-5313: Race condition in arch/x86/kvm/x86.c in the Linux kernel before 2.6.38 allowed L2 guest OS users to cause a denial of service (L1 guest OS crash) via a crafted instruction that triggers an L2 emulation failure report, a similar issue to CVE-2014-7842 (bnc#907822).

- CVE-2014-7842: Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application that performs an MMIO transaction or a PIO transaction to trigger a guest userspace emulation error report, a similar issue to CVE-2010-5313 (bnc#905312).

- CVE-2014-3688: The SCTP implementation in the Linux kernel before 3.17.4 allowed remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an associations output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c (bnc#902351).

- CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter (bnc#902349).

- CVE-2014-3673: The SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (bnc#902346).

- CVE-2014-7841: The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk (bnc#905100).

- CVE-2014-8709: The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 did not properly maintain a certain tail pointer, which allowed remote attackers to obtain sensitive cleartext information by reading packets (bnc#904700).

- CVE-2013-7263: The Linux kernel before 3.12.4 updated certain length values before ensuring that associated data structures have been initialized, which allowed local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c (bnc#857643).

- CVE-2012-6657: The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5.7 did not ensure that a keepalive action is associated with a stream socket, which allowed local users to cause a denial of service (system crash) by leveraging the ability to create a raw socket (bnc#896779).

- CVE-2014-3185: Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allowed physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response (bnc#896391).

- CVE-2014-3184: The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c (bnc#896390).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 11 SP1 LTSS :

zypper in -t patch slessp1-kernel=10315 slessp1-kernel=10316 slessp1-kernel=10317

To bring your system up-to-date, use 'zypper patch'.

See Also

https://bugzilla.suse.com/show_bug.cgi?id=771619

https://bugzilla.suse.com/show_bug.cgi?id=833820

https://bugzilla.suse.com/show_bug.cgi?id=846404

https://bugzilla.suse.com/show_bug.cgi?id=857643

https://bugzilla.suse.com/show_bug.cgi?id=875051

https://bugzilla.suse.com/show_bug.cgi?id=885077

https://bugzilla.suse.com/show_bug.cgi?id=891211

https://bugzilla.suse.com/show_bug.cgi?id=892235

https://bugzilla.suse.com/show_bug.cgi?id=896390

https://bugzilla.suse.com/show_bug.cgi?id=896391

https://bugzilla.suse.com/show_bug.cgi?id=896779

https://bugzilla.suse.com/show_bug.cgi?id=899338

https://bugzilla.suse.com/show_bug.cgi?id=902346

https://bugzilla.suse.com/show_bug.cgi?id=902349

https://bugzilla.suse.com/show_bug.cgi?id=902351

https://bugzilla.suse.com/show_bug.cgi?id=904700

https://bugzilla.suse.com/show_bug.cgi?id=905100

https://bugzilla.suse.com/show_bug.cgi?id=905312

https://bugzilla.suse.com/show_bug.cgi?id=907822

https://bugzilla.suse.com/show_bug.cgi?id=908870

https://bugzilla.suse.com/show_bug.cgi?id=911325

https://bugzilla.suse.com/show_bug.cgi?id=912654

https://bugzilla.suse.com/show_bug.cgi?id=912705

https://bugzilla.suse.com/show_bug.cgi?id=912916

https://bugzilla.suse.com/show_bug.cgi?id=913059

https://bugzilla.suse.com/show_bug.cgi?id=915335

https://bugzilla.suse.com/show_bug.cgi?id=915826

http://www.nessus.org/u?859a6bb5

http://www.nessus.org/u?c8b31cc6

http://www.nessus.org/u?7c8f1473

http://www.nessus.org/u?0d3e3539

http://www.nessus.org/u?958976ab

http://www.nessus.org/u?5151205f

https://www.suse.com/security/cve/CVE-2010-5313/

https://www.suse.com/security/cve/CVE-2012-6657/

https://www.suse.com/security/cve/CVE-2013-4299/

https://www.suse.com/security/cve/CVE-2013-7263/

https://www.suse.com/security/cve/CVE-2014-0181/

https://www.suse.com/security/cve/CVE-2014-3184/

https://www.suse.com/security/cve/CVE-2014-3185/

https://www.suse.com/security/cve/CVE-2014-3673/

https://www.suse.com/security/cve/CVE-2014-3687/

https://www.suse.com/security/cve/CVE-2014-3688/

https://www.suse.com/security/cve/CVE-2014-7841/

https://www.suse.com/security/cve/CVE-2014-7842/

https://www.suse.com/security/cve/CVE-2014-8160/

https://www.suse.com/security/cve/CVE-2014-8709/

https://www.suse.com/security/cve/CVE-2014-9420/

https://www.suse.com/security/cve/CVE-2014-9584/

https://www.suse.com/security/cve/CVE-2014-9585/

http://www.nessus.org/u?25324753

Plugin Details

Severity: High

ID: 83708

File Name: suse_SU-2015-0652-1.nasl

Version: 2.13

Type: local

Agent: unix

Published: 2015/05/20

Updated: 2019/09/11

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-ec2, p-cpe:/a:novell:suse_linux:kernel-ec2-base, p-cpe:/a:novell:suse_linux:kernel-ec2-devel, p-cpe:/a:novell:suse_linux:kernel-pae, p-cpe:/a:novell:suse_linux:kernel-pae-base, p-cpe:/a:novell:suse_linux:kernel-pae-devel, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-trace, p-cpe:/a:novell:suse_linux:kernel-trace-base, p-cpe:/a:novell:suse_linux:kernel-trace-devel, p-cpe:/a:novell:suse_linux:kernel-xen, p-cpe:/a:novell:suse_linux:kernel-xen-base, p-cpe:/a:novell:suse_linux:kernel-xen-devel, p-cpe:/a:novell:suse_linux:xen-kmp-default, p-cpe:/a:novell:suse_linux:xen-kmp-pae, p-cpe:/a:novell:suse_linux:xen-kmp-trace, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2015/04/01

Vulnerability Publication Date: 2013/10/24

Reference Information

CVE: CVE-2010-5313, CVE-2012-6657, CVE-2013-4299, CVE-2013-7263, CVE-2014-0181, CVE-2014-3184, CVE-2014-3185, CVE-2014-3673, CVE-2014-3687, CVE-2014-3688, CVE-2014-7841, CVE-2014-7842, CVE-2014-8160, CVE-2014-8709, CVE-2014-9420, CVE-2014-9584, CVE-2014-9585

BID: 63183, 64686, 67034, 69768, 69781, 69803, 70766, 70768, 70883, 70965, 71078, 71081, 71363, 71717, 71883, 71990, 72061